Division Definition : Let a and b be integers. We say that a divides b , or a | b if ∃ d s.t. b = ad . If b � = 0 then | a | ≤ | b | . Division Theorem : For any integer a and any positive integer n , there are unique integers q and r such that 0 ≤ r < n and a = qn + r . The value r = a mod n is called the remainder or the residue of the division. Introduction to Number Theory 1 Theorem : If m | a and m | b then m | αa + βb for any integers α, β . Proof : a = rm ; b = sm for some r, s . Therefore, αa + βb = αrm + βsm = m ( αr + βs ), i.e., m divides this number. QED � Eli Biham - May 3, 2005 c 238 Introduction to Number Theory 1 (10) � Eli Biham - May 3, 2005 c 239 Introduction to Number Theory 1 (10) Division (cont.) Greatest Common Divisor If n | ( a − b ), i.e., a and b have the same residues modulo n : ( a mod n ) = Let a and b be integers. ( b mod n ), we write a ≡ b (mod n ) and say that a is congruent to b modulo n . 1. gcd( a, b ) (the greatest common divisor of a and b ) is The integers can be divided into n equivalence classes according to their residue gcd( a, b ) ∆ = max( d : d | a and d | b ) modulo n : [ a ] n = { a + kn : k ∈ Z } (for a � = 0 or b � = 0). Z n = { [ a ] n : 0 ≤ a ≤ n − 1 } Note: This definition satisfies gcd(0 , 1) = 1. or briefly 2. lcm( a, b ) (the least common multiplier of a and b ) is Z n = { 0 , 1 , . . . , n − 1 } lcm( a, b ) ∆ = min( d > 0 : a | d and b | d ) (for a � = 0 and b � = 0). 3. a and b are coprimes (or relatively prime ) iff gcd( a, b ) = 1. � Eli Biham - May 3, 2005 c 240 Introduction to Number Theory 1 (10) � Eli Biham - May 3, 2005 c 241 Introduction to Number Theory 1 (10)
Greatest Common Divisor (cont.) Greatest Common Divisor (cont.) Theorem : Let a, b be integers, not both zero, and let d be the smallest positive Corollary : For any a, b , and d , if d | a and d | b then d | gcd( a, b ). element of S = { ax + by : x, y ∈ Z } . Then, gcd( a, b ) = d . Proof : gcd( a, b ) is a linear combination of a and b . Proof : S contains a positive integer because | a | ∈ S . Lemma : For m � = 0 By definition, there exist x, y such that d = ax + by . d ≤ | a | , thus there exist q, r such that gcd( ma, mb ) = | m | gcd( a, b ) . a = qd + r, 0 ≤ r < d. Proof : If m � = 0 (WLG m > 0) then gcd( ma, mb ) is the smallest positive Thus, element in the set { amx + bmy } , which is m times the smallest positive element r = a − qd = a − q ( ax + by ) = a (1 − qx ) + b ( − qy ) ∈ S. in the set { ax + by } . r < d implies r = 0, thus d | a . By the same arguments we get d | b . d | a and d | b , thus d ≤ gcd( a, b ). On the other hand gcd( a, b ) | a and gcd( a, b ) | b , and thus gcd( a, b ) divides any linear combination of a, b , i.e., gcd( a, b ) divides all elements in S , including d , and thus gcd( a, b ) ≤ d . We conclude that d = gcd( a, b ). QED � Eli Biham - May 3, 2005 c 242 Introduction to Number Theory 1 (10) � Eli Biham - May 3, 2005 c 243 Introduction to Number Theory 1 (10) Greatest Common Divisor (cont.) The Fundamental Theorem of Arithmetic Corollary : a and b are coprimes iff The fundamental theorem of arithmetic : If c | ab and gcd( b, c ) = 1 then c | a . ∃ x, y such that xa + yb = 1 . Proof : We know that c | ab . Clearly, c | ac . Thus, c | gcd( ab, ac ) = a · gcd( b, c ) = a · 1 = a. Proof : QED ( ⇐ ) Let d = gcd ( a, b ), and xa + yb = 1. d | a and d | b and therefore, d | 1, and thus d = 1. ( ⇒ ) a and b are coprimes, i.e., gcd( a, b ) = 1. Using the previous theorem, 1 is the smallest positive integer in S = { ax + by : x, y ∈ Z } , i.e., ∃ x, y such that ax + by = 1. QED � Eli Biham - May 3, 2005 c 244 Introduction to Number Theory 1 (10) � Eli Biham - May 3, 2005 c 245 Introduction to Number Theory 1 (10) •
Prime Numbers and Unique Factorization Prime Numbers and Unique Factorization (cont.) Definition : An integer p ≥ 2 is called prime if it is divisible only by 1 and Proof : Every number can be represented as a product of primes, since if one itself. element is not a prime, it can be further factored into smaller primes. Assume that some number can be represented in two distinct ways as products Theorem: Unique Factorization : Every positive number can be repre- of primes: sented as a product of primes in a unique way, up to a permutation of the order p 1 p 2 p 3 · · · p s = q 1 q 2 q 3 · · · q r of primes. where all the factors are prime, and no p i is equal to some q j (otherwise discard both from the product). Then, p 1 | q 1 q 2 q 3 · · · q r . But gcd( p 1 , q 1 ) = 1 and thus p 1 | q 2 q 3 · · · q r . Similarly we continue till p 1 | q r . Contradiction. QED � Eli Biham - May 3, 2005 c 246 Introduction to Number Theory 1 (10) � Eli Biham - May 3, 2005 c 247 Introduction to Number Theory 1 (10) Euclid’s Algorithm Extended Form of Euclid’s Algorithm Let a and b be two positive integers, a > b > 0. Then the following algorithm Example (cont.) : a = 53 and b = 39. computes gcd( a, b ): 53= 1 · 39 + 14 ⇒ 14= 53 − 39 r − 1 = a 39= 2 · 14 + 11 ⇒ 11= 39 − 2 · 14 = − 2 · 53 + 3 · 39 r 0 = b 14= 1 · 11 + 3 ⇒ 3= 14 − 1 · 11 = 3 · 53 − 4 · 39 for i from 1 until r i = 0 11= 3 · 3 + 2 ⇒ 2= 11 − 3 · 3 = − 11 · 53 + 15 · 39 ∃ q i , r i : r i − 2 = q i r i − 1 + r i and 0 ≤ r i < r i − 1 3= 1 · 2 + 1 ⇒ 1= 3 − 1 · 2 = 14 · 53 − 19 · 39 k=i-1 2= 2 · 1 + 0 Example : a = 53 and b = 39. Therefore, 14 · 53 − 19 · 39 = 1. 53= 1 · 39 + 14 39= 2 · 14 + 11 We will use this algorithm later as a modular inversion algorithm, in this case 14= 1 · 11 + 3 we get that ( − 19) · 39 ≡ 34 · 39 ≡ 1 (mod 53). 11= 3 · 3 + 2 Note that every r i is written as a linear combination of r i − 1 and r i − 2 , and 3= 1 · 2 + 1 ultimately, r i is written as a linear combination of a and b . 2= 2 · 1 + 0 Thus, gcd(53 , 39) = 1. � Eli Biham - May 3, 2005 c 248 Introduction to Number Theory 1 (10) � Eli Biham - May 3, 2005 c 249 Introduction to Number Theory 1 (10)
Proof of Euclid’s Algorithm Proof of Euclid’s Algorithm (cont.) Claim : The algorithm stops after at most O (log a ) steps. Claim : r k = gcd( a, b ). Proof : It suffices to show that in each step r i < r i − 2 / 2: Proof : For i = 1: r 1 < b < a and thus in a = q 1 b + r 1 , q 1 ≥ 1. Therefore, r k | gcd( a, b ): r k | r k − 1 because of the stop condition. r k | r k and r k | r k − 1 and a ≥ 1 b + r 1 > r 1 + r 1 , and thus a/ 2 > r 1 . therefore r k divides any linear combination of r k − 1 and r k , including r k − 2 . Since r k | r k − 1 and r k | r k 2 , it follows that r k | r k − 3 . Continuing this way, it follows For i > 1: r i < r i − 1 < r i − 2 and thus r i − 2 = q i r i − 1 + r i , q i ≥ 1. Therefore, that r k | a and that r k | b , thus r k | gcd( a, b ). r i − 2 ≥ 1 r i − 1 + r i > r i + r 1 , and thus r i − 2 / 2 > r i . gcd( a, b ) | r k : r k is a linear combination of a and b ; gcd( a, b ) | a and gcd( a, b ) | b , After at most 2 log a steps, r i reduces to zero. QED therefore, gcd( a, b ) | r k . We conclude that r k = gcd( a, b ). QED � Eli Biham - May 3, 2005 c 250 Introduction to Number Theory 1 (10) � Eli Biham - May 3, 2005 c 251 Introduction to Number Theory 1 (10) Groups Groups (cont.) A group ( S, ⊕ ) is a set S with a binary operation ⊕ defined on S for which Basic Properties : the following properties hold: Let: 1. Closure : a ⊕ b ∈ S For all a, b ∈ S . k a k = i =1 a = a ⊕ a ⊕ . . . ⊕ a � . � �� � 2. Identity : There is an element e ∈ S such that e ⊕ a = a ⊕ e = a for k all a ∈ S . a 0 = e 3. Associativity : ( a ⊕ b ) ⊕ c = a ⊕ ( b ⊕ c ) for all a, b, c ∈ S . 4. Inverses : For each a ∈ S there exists an unique element b ∈ S such 1. The identity element e in the group is unique. that a ⊕ b = b ⊕ a = e . 2. Every element a has a single inverse, denoted by a − 1 . We define a − k = If a group ( S, ⊕ ) satisfies the commutative law a ⊕ b = b ⊕ a for all a, b ∈ S � k i =1 a − 1 . then it is called an Abelian group . 3. a m ⊕ a n = a m + n . Definition : The order of a group, denoted by | S | , is the number of elements in S . If a group satisfies | S | < ∞ then it is called a finite group . 4. ( a m ) n = a nm . Lemma : ( Z n , + n ) is a finite Abelian additive group modulo n . � Eli Biham - May 3, 2005 c 252 Introduction to Number Theory 1 (10) † � Eli Biham - May 3, 2005 c 253 Introduction to Number Theory 1 (10)
Recommend
More recommend
