Presentation is loading. Please wait.

Presentation is loading. Please wait.

Algorithmic Number Theory and Cryptography (CS 303) Modular Arithmetic

Published byDevi Oesman Modified over 5 years ago

Similar presentations

Presentation on theme: "Algorithmic Number Theory and Cryptography (CS 303) Modular Arithmetic"— Presentation transcript:

1 Algorithmic Number Theory and Cryptography (CS 303) Modular Arithmetic
September 4, 1997 Algorithmic Number Theory and Cryptography (CS 303) Modular Arithmetic Jeremy R. Johnson

2 September 4, 1997 Introduction Objective: To become familiar with modular arithmetic and some key algorithmic constructions that are important for computer algebra algorithms. Modular Arithmetic Modular inverses and the extended Euclidean algorithm Fermat’s theorem Euler’s Identity Chinese Remainder Theorem References: Sec. 1.2, 1.3 and 2.8 of the text

3 Modular Arithmetic (Zn)
September 4, 1997 Modular Arithmetic (Zn) Definition: a  b (mod n)  n | (b - a) Alternatively, a = qn + b Properties (equivalence relation) a  a (mod n) [Reflexive] a  b (mod n)  b  a (mod n) [Symmetric] a  b (mod n) and b  c (mod n)  a  c (mod n) [Transitive] Definition: An equivalence class mod n [a] = { x: x  a (mod n)} = { a + qn | q  Z}

4 Example n = 5 [0] = … -10, -5, 0, 5, 10 … [1] = … -9, -4, 1, 6, 11 …
September 4, 1997 Example n = 5 [0] = … -10, -5, 0, 5, 10 … [1] = … -9, -4, 1, 6, 11 … [2] = … -8, -3, 2, 7, 12 … [3] = … -7, -2, 3, 8, 13 … [4] = … -6, -1, 4, 9, 14 … Equivalence classes partition the set Z

5 Modular Arithmetic (Zn)
September 4, 1997 Modular Arithmetic (Zn) It is possible to perform arithmetic with equivalence classes mod n. [a] + [b] = [a+b] [a] * [b] = [a*b] In order for this to make sense, you must get the same answer (equivalence) class independent of the choice of a and b. In other words, if you replace a and b by numbers equivalent to a or b mod n you end up with the sum/product being in the same equivalence class. a1  a2 (mod n) and b1  b2 (mod n)  a1+ b1  a2 + b2 (mod n) a1* b1  a2 * b2 (mod n) (a + q1n) + (b + q2n) = a + b + (q1 + q2)n (a + q1n) * (b + q2n) = a * b + (b*q1 + a*q2 + q1* q2)n

6 September 4, 1997 Representation of Zn The equivalence classes [a] mod n, are typically represented by the representatives a. Positive Representation: Choose the smallest positive integer in the class [a] then the representation is {0,1,…,n-1}. Symmetric Representation: Choose the integer with the smallest absolute value in the class [a]. The representation is {-(n-1)/2 ,…, n/2 }. When n is even, choose the positive representative with absolute value n/2. E.G. Z6 = {-2,-1,0,1,2,3}, Z5 = {-2,-1,0,1,2}

7 Example n = 5 Note multiplicative inverses. i.e. ab  1 (mod n)
September 4, 1997 Example n = 5 0 | 1 | 2 | 3 | 4 | * 0 | 1 | 2 | 3 | 4 | Note multiplicative inverses. i.e. ab  1 (mod n)

8 Example n = 6 Note zero divisors (product of non-zero elts equal to 0)
September 4, 1997 Example n = 6 0 | 1 | 2 | 3 | 4 | 5 | * 0 | 1 | 2 | 3 | 4 | 5 | Note zero divisors (product of non-zero elts equal to 0)

9 The Euclidean Algorithm
September 4, 1997 The Euclidean Algorithm Definition. Integer division with remainder a = qb+r 0  r < b b|a if a = qb Definition: Greatest Common Divisor g = gcd(a,b). g|a and g|b. If e|a and e|b then e|g The Euclidean Algorithm provides and efficient method for computing gcd(a,b) gcd(a,0) = a gcd(a,b) = gcd(b, a mod b)

10 Bezout’s Identity Definition. Bezout’s Identity Proof.
September 4, 1997 Bezout’s Identity Definition. Bezout’s Identity There exist integers x, y such that ax+by = gcd(a,b) Proof. Let  = {ax+by, x,y  Z} and let d  Z have smallest abs value. Claim d = gcd(a,b). Note that a,b   a+b and s Z, a   sa  a = qd + r, 0  r < d and r = a – qd    r = 0 and d|a. Similarly d|b. If e|a and e|b then e|(ax+by)  e|d.

11 Remainder Sequence Definition. Remainder Sequence
September 4, 1997 Remainder Sequence Definition. Remainder Sequence a1 = a, a2 = b, a3,…, an+1 with a  b > 0, a1 = a, a2 = b a1 = q1a2 + a3, 0  a3 < a2 ai = qiai+1 + ai+2, 0  ai+2 < ai+1 an-1 = qn-1an + an+1, 0  an+1 < an an = qnan+1, an+1 an+1 = gcd(a,b)

12 The Extended Euclidean Algorithm
September 4, 1997 The Extended Euclidean Algorithm Let a1 = a, a2 = b, a3,…, an+1 be a remainder sequence defined by ai = qiai+1 + ai+2, 0  ai+2 < ai+1 for i=3,…,with an+2 = 0 Definition. Cosequences x1 = 1, x2 = 0, xi+2 = xi - qi xi+1 y1 = 0, y2 = 1, yi+2 = yi - qi yi+1 Then axi + byi = ai and in particular axn+1 + byn+1 = an+1 = gcd(a,b) The proof is by induction.

13 Computing Time of Euclidean Alg
September 4, 1997 Computing Time of Euclidean Alg ai = qiai+1 + ai+2, 0  ai+2 < ai+1 ai/ai+2 = qiai+1/ai  ai/ai+2 > qi + 1  2 an/an+1  2 a1/a3  a2/a4  a3/a5  …  an-1/an+1  an/an+1= a1a2/(an+1an+1) a1/a3  a2/a4  a3/a5  …  an-1/an+1  2n  2n ≤ a1a2/(an+1an+1) ≤ (a/gcd(a,b))2 ≤ a2  n ≤ 2lg(a)

14 September 4, 1997 Modular Inverses Definition: x is the inverse of a mod n, if ax  1 (mod n) The equation ax  1 (mod n) has a solution iff gcd(a,n) = 1. By the Extended Euclidean Algorithm, there exist x and y such that ax + ny = gcd(a,n). When gcd(a,n) = 1, we get ax + ny = 1. Taking this equation mod n, we see that ax  1 (mod n). Conversely if a has an inverse mod n equal to x then ax = 1 + qn  ax + (-qn) = 1 which implies the gcd(a,n) =1. By taking the equation mod n, we mean applying the mod n homomorphism: m Z  Zm, which maps the integer a to the equivalence class [a]. This mapping preserves sums and products. I.E. m(a+b) = m(a) + m(b), m(a*b) = m(a) * m(b)

15 September 4, 1997 Fermat’s Theorem Theorem: If a  0  Zp, then ap-1  1 (mod p). More generally, if a  Zp, then ap  a (mod p). Proof: Assume that a  0  Zp. Then a * 2a * … (p-1)a = (p-1)! * ap-1 Also, since a*i  a*j (mod p)  i  j (mod p), the numbers a, 2a, …, (p-1)a are distinct elements of Zp. Therefore they are equal to 1,2,…,(p-1) and their product is equal to (p-1)! mod p. This implies that (p-1)! * ap-1  (p-1)! (mod p)  ap-1  1 (mod p).

16 Fast Powering Power(a,e,n) Computing time O(log e)
if e = 0 then return 1 else b := Power(a,e div 2,n) return b^2 * a^(e mod 2) (mod n) Computing time O(log e) Assuming arithmetic in Zn is O(1)

17 September 4, 1997 Euler phi function Definition: phi(n) = #{a: 0 < a < n and gcd(a,n) = 1} Properties: (p) = p-1, for prime p. (p^e) = (p-1)*p^(e-1)  (m*n) =  (m)* (n) for gcd(m,n) = 1. (p*q) = (p-1)*(q-1) Examples: (15) = (3)* (5) = 2*4 = 8. = #{1,2,4,7,8,11,13,14} (9) = (3-1)*3^(2-1) = 2*3 = 6 = #{1,2,4,5,7,8}

18 September 4, 1997 Euler’s Identity The number of elements in Zn that have multiplicative inverses is equal to phi(n). Theorem: Let (Zn)* be the elements of Zn with inverses (called units). If a  (Zn)*, then a(n)  1 (mod n). Proof. The same proof presented for Fermat’s theorem can be used to prove this theorem.

19 Chinese Remainder Theorem
September 4, 1997 Chinese Remainder Theorem Theorem: If gcd(m,n) = 1, then given a and b there exist an integer solution to the system: x  a (mod m) and x = b (mod n). Proof: Consider the map x  (x mod m, x mod n). This map is a 1-1 map from Zmn to Zm  Zn, since if x and y map to the same pair, then x  y (mod m) and x  y (mod n). Since gcd(m,n) = 1, this implies that x  y (mod mn). Since there are mn elements in both Zmn and Zm  Zn, the map is also onto. This means that for every pair (a,b) we can find the desired x.

20 Alternative Interpretation of CRT
September 4, 1997 Alternative Interpretation of CRT Let Zm  Zn denote the set of pairs (a,b) where a  Zm and b  Zn. We can perform arithmetic on Zm  Zn by performing componentwise modular arithmetic. (a,b) + (c,d) = (a+b,c+d) (a,b)*(c,d) = (a*c,b*d) Theorem: Zmn  Zm  Zn. I.E. There is a 1-1 mapping from Zmn onto Zm  Zn that preserves arithmetic. (a*c mod m, b*d mod n) = (a mod m, b mod n)*(c mod m, d mod n) (a+c mod m, b+d mod n) = (a mod m, b mod n)+(c mod m, d mod n) The CRT implies that the map is onto. I.E. for every pair (a,b) there is an integer x such that (x mod m, x mod n) = (a,b).

21 Constructive Chinese Remainder Theorem
September 4, 1997 Constructive Chinese Remainder Theorem Theorem: If gcd(m,n) = 1, then there exist em and en (orthogonal idempotents) em  1 (mod m) em  0 (mod n) en  0 (mod m) en  1 (mod n) It follows that a*em + b* en  a (mod m) and  b (mod n). Proof. Since gcd(m,n) = 1, by the Extended Euclidean Algorithm, there exist x and y with m*x + n*y = 1. Set em = n*y and en = m*x

Download ppt "Algorithmic Number Theory and Cryptography (CS 303) Modular Arithmetic"

Similar presentations

Euclidean Algorithm Applied Symbolic Computation CS 567 Jeremy Johnson.

Euclidean Algorithm Applied Symbolic Computation CS 567 Jeremy Johnson.
1 Lect. 12: Number Theory. Contents Prime and Relative Prime Numbers Modular Arithmetic Fermat’s and Euler’s Theorem Extended Euclid’s Algorithm.

1 Lect. 12: Number Theory. Contents Prime and Relative Prime Numbers Modular Arithmetic Fermat’s and Euler’s Theorem Extended Euclid’s Algorithm.
Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)

Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)
Number Theory and Cryptography

Number Theory and Cryptography
Elementary Number Theory and Methods of Proof. Basic Definitions An integer n is an even number if there exists an integer k such that n = 2k. An integer.

Elementary Number Theory and Methods of Proof. Basic Definitions An integer n is an even number if there exists an integer k such that n = 2k. An integer.
Complexity1 Pratt’s Theorem Proved. Complexity2 Introduction So far, we’ve reduced proving PRIMES  NP to proving a number theory claim. This is our next.

Complexity1 Pratt’s Theorem Proved. Complexity2 Introduction So far, we’ve reduced proving PRIMES  NP to proving a number theory claim. This is our next.
Theory of Computation Transparency No. 1-1 Chapter 2 Introduction to Number Theory and Its applications Cheng-Chia Chen October 2002.

Theory of Computation Transparency No. 1-1 Chapter 2 Introduction to Number Theory and Its applications Cheng-Chia Chen October 2002.
Chapter 4 – Finite Fields Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public.

Chapter 4 – Finite Fields Introduction  will now introduce finite fields  of increasing importance in cryptography AES, Elliptic Curve, IDEA, Public.
CS555Spring 2012/Topic 61 Cryptography CS 555 Topic 6: Number Theory Basics.

CS555Spring 2012/Topic 61 Cryptography CS 555 Topic 6: Number Theory Basics.
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
Fall 2002CMSC 203 - Discrete Structures1 Let us get into… Number Theory.

Fall 2002CMSC Discrete Structures1 Let us get into… Number Theory.
CS555Spring 2012/Topic 61 Cryptography CS 555 Topic 6: Number Theory Basics.

CS555Spring 2012/Topic 61 Cryptography CS 555 Topic 6: Number Theory Basics.
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
1 Properties of Integers Objectives At the end of this unit, students should be able to: State the division algorithm Apply the division algorithm Find.

1 Properties of Integers Objectives At the end of this unit, students should be able to: State the division algorithm Apply the division algorithm Find.
Introduction to Modular Arithmetic and Public Key Cryptography.

Introduction to Modular Arithmetic and Public Key Cryptography.
Module :MA3036NI Cryptography and Number Theory Lecture Week 7

Module :MA3036NI Cryptography and Number Theory Lecture Week 7
CPSC 3730 Cryptography and Network Security

CPSC 3730 Cryptography and Network Security
1 Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 4 – Finite Fields.

1 Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 4 – Finite Fields.
Information Security and Management 4. Finite Fields 8

Information Security and Management 4. Finite Fields 8
Chapter 4 – Finite Fields

Chapter 4 – Finite Fields

Similar presentations

Ads by Google