ECEN 5022 Cryptography Elementary Algebra and Number Theory Peter - PowerPoint PPT Presentation

Primes Groups, Rings, Fields Ring of Integers Modulo n ECEN 5022 Cryptography Elementary Algebra and Number Theory Peter Mathys University of Colorado Spring 2008 Peter Mathys ECEN 5022 Cryptography

Primes Groups, Rings, Fields Ring of Integers Modulo n Divisibility, Primes ◮ Definition. N denotes the set { 1 , 2 , 3 , . . . } of natural numbers and Z denotes the set of integers { . . . , − 2 , − 1 , 0 , 1 , 2 , . . . } . R denotes the real numbers and C denotes the complex numbers. ◮ Definition. The integer n is divisible by the integer d , denoted by d | n , if a , d = n for some integer a . ◮ Definition. A positive integer p , p > 1, is called a prime if it is divisible only by ± p and ± 1. Any integer greater than 1 which is not prime is called composite . ◮ Theorem. (Euclid, 300 B.C.) There are infinitely many primes. ◮ Proof. Assume that the set of primes is finite, e.g., { p 1 , p 2 , . . . , p n } . Then the integer N = 1 + p 1 p 2 · · · p n is not divisible by any of the primes p 1 , . . . p n . Peter Mathys ECEN 5022 Cryptography

Primes Groups, Rings, Fields Ring of Integers Modulo n Prime Numbers ◮ Between any two primes there can be arbitrarily large gaps. For instance, the sequence n ! + 2 , n ! + 3 , . . . n ! + n contains n − 1 consecutive composite numbers. ◮ Definition. The prime counting function π ( x ) is defined by π ( x ) = |{ p prime | p ≤ x }| , i.e., π ( x ) is equal to the number of primes less than or equal to x . ◮ Example: π (50) = 15 since 2 , 3 , 5 , 7 , 11 , 13 , 17 , 19 , 23 , 29 , 31 , 37 , 41 , 43 , 47 are all primes p ≤ 50. ◮ Prime Number Theorem . (Hadamard, de la Vall´ ee Poussin, 1896) π ( x ) satisfies π ( x ) ln( x ) x lim = 1 = ⇒ π ( x ) ≈ ln x . x x →∞ Peter Mathys ECEN 5022 Cryptography

Primes Groups, Rings, Fields Ring of Integers Modulo n Example ◮ Using π ( x ) ≈ x / ln x , the number of primes with n decimal digits is n ( n − 1) 10 n − 1 log 10 e ≈ 10 n 9 n − 1 π (10 n ) − π (10 n − 1 ) ≈ 3 n . ◮ Approximate numerical values are π (10 n ) − π (10 n − 1 ) n bits ≈ 3 . 5 × 10 36 38 128 ≈ 5 . 9 × 10 74 77 256 ≈ 3 . 9 × 10 97 100 332 ≈ 3 . 4 × 10 151 154 512 ≈ 1 . 9 × 10 305 308 1024 ≈ 1 . 7 × 10 613 617 2048 ◮ As can be seen, there is no shortage for the number of primes with n digits. Peter Mathys ECEN 5022 Cryptography

Primes Groups, Rings, Fields Ring of Integers Modulo n Greatest Common Divisor ◮ Definition: The greatest common divisor of two integers n 1 and n 2 , denoted gcd ( n 1 , n 2 ), is the largest positive integer that divides both n 1 and n 2 . ◮ Definition: If gcd ( n 1 , n 2 ) = 1, then n 1 and n 2 are said to be relatively prime . ◮ Example: Fermat’s (little) theorem states that for p prime p | ( a p − 1 − 1) , if gcd ( a , p ) = 1 , e.g., 5 divides 3 4 − 1 = 80, or 7 divides 2 6 − 1 = 63. ◮ Definition: The least common multiple of two integers n 1 and n 2 , denoted lcm ( n 1 , n 2 ), is the smallest positive integer divisible by both n 1 and n 2 . Peter Mathys ECEN 5022 Cryptography

Primes Groups, Rings, Fields Ring of Integers Modulo n Division Algorithm ◮ Theorem: Division Algorithm . Given a pair of integers, c and d � = 0, there is a unique pair of integers q and r , called quotient and remainder , such that c = q · d + r , 0 ≤ r < | d | . ◮ Proof: Assume that there are two solutions, i.e., c = q 1 · d + r 1 = q 2 · d + r 2 , with 0 ≤ r 1 < | d | and 0 ≤ r 2 < | d | . Thus, ( q 1 − q 2 ) · d = r 2 − r 1 and −| d | < r 2 − r 1 < | d | . But since r 2 − r 1 must be a multiple of d , this implies that r 2 − r 1 = 0. Since d � = 0, this also implies that q 1 − q 2 = 0 and thus q and r are unique. QED Peter Mathys ECEN 5022 Cryptography

Primes Groups, Rings, Fields Ring of Integers Modulo n Remainders ◮ Definition: The notation r = R d ( c ) , means that r is the remainder of c when divided by d . ◮ Note: Another notation that is often used in connection with remainders is r ≡ c (mod d ) . This means that “ r is congruent to c modulo d ”. In this case 0 ≤ r < | d | is not guaranteed and thus r is not unique. For example, 9 ≡ 16 (mod 7) as well as 2 ≡ 16 (mod 7). ◮ Theorem: Computations with remainders satisfy � � (i) R d ( a + b ) = R d R d ( a ) + R d ( b ) . � � (ii) R d ( a · b ) = R d R d ( a ) · R d ( b ) . ◮ Proof: Left as an exercise. Peter Mathys ECEN 5022 Cryptography

Primes Groups, Rings, Fields Ring of Integers Modulo n Euclid’s Algorithm ◮ Euclid’s Algorithm . The greatest common divisor, gcd ( n 1 , n 2 ), of two integers n 1 , n 2 , n 2 � = 0, is computed by repeated application of the division algorithm as follows: n 1 = q 2 n 2 + n 3 n 2 = q 3 n 3 + n 4 . . . 0 ≤ n i +1 < | n i | n m − 2 = q m − 1 n m − 1 + n m n m − 1 = q m n m + 0 . The process stops when a zero remainder is obtained. The last nonzero remainder is the desired result, i.e., gcd ( n 1 , n 2 ) = n m . ◮ Proof: Sketch. Use the fact that gcd ( n 1 , n 2 ) = gcd ( n 1 + kn 2 , n 2 ), for any integer k . Peter Mathys ECEN 5022 Cryptography

Primes Groups, Rings, Fields Ring of Integers Modulo n Euclid’s Extended Algorithm ◮ Corollary: For any integers n 1 and n 2 � = 0 there exist integers a and b such that gcd ( n 1 , n 2 ) = a n 1 + b n 2 . That is, gcd ( n 1 , n 2 ) can be expressed as a linear combination of n 1 and n 2 . ◮ Proof: Use Euclid’s algorithm, starting with the last equation and work backwards to the first equation, to compute n m − 2 − q m − 1 n m − 1 gcd ( n 1 , n 2 ) = n m = n m − 1 = n m − 3 − q m − 2 n m − 2 . . . n 1 − q 2 n 2 . n 3 = Then successively eliminate all the intermediate remainders n m − 1 , n m − 2 , . . . , n 3 , to obtain gcd ( n 1 , n 2 ) as a linear combination of n 1 and n 2 with integer coefficients. QED Peter Mathys ECEN 5022 Cryptography

Primes Groups, Rings, Fields Ring of Integers Modulo n Eu lid's Algorithm ST AR T for g d Initialize 2 i 1 ; 0 a b 1 1 0 ; 1 a b 2 2 Input n ; n 1 2 n � i � 1 � q n i n n q n i +1 i � 1 � i no y es = 0 ? n i +1 Output n ; a ; b i i i + 1 = g d ( n ) i i n ; n i 1 2 = + a n b n i 1 i 2 a a q a i i � 2 � i � 1 STOP b b q b i i � 2 � i � 1 Peter Mathys ECEN 5022 Cryptography

Primes Groups, Rings, Fields Ring of Integers Modulo n Groups, Rings, Fields ◮ Over the reals R (or rationals Q or complex number C ) one can add, subtract, multiply, and divide. ◮ Over the integers Z one can add, subtract, and multiply. ◮ Group: Set of mathematical objects for which “addition” and “subtraction” are defined. ◮ Ring: Set of mathematical objects for which “addition” , “subtraction” and “multiplication” are defined. ◮ Field: Set of mathematical objects for which “addition” , “subtraction” , “multiplication” and “division” are defined. ◮ Note: “addition” , “subtraction” , “multiplication” and “division” are not necessarily the usual ‘+’, ‘ − ’, ‘ × ’ and ‘ ÷ ’. Peter Mathys ECEN 5022 Cryptography

Primes Groups, Rings, Fields Ring of Integers Modulo n Some Definitions ◮ Definition: A set S is an arbitrary collection of elements, without any predefined operations between the set elements. ◮ Definition: The cardinality |S| of a set S is the number of objects in the set. |S| can be finite , countably infinite , or uncountably infinite . ◮ Examples: The set of tea cups in a kitchen cabinet is a finite set. The set Q of rational numbers is countably infinite. The set R of real numbers is uncountably infinite. Peter Mathys ECEN 5022 Cryptography

Primes Groups, Rings, Fields Ring of Integers Modulo n Axioms Let S denote a set of mathematical objects. For any a , b , c ∈ S define the following axioms: (A.1) a + b ∈ S Closure wrt + (A.2) a + ( b + c ) = ( a + b ) + c = a + b + c Associativity wrt + (A.3) a + 0 = 0 + a = a , 0 ∈ S Identity element wrt + (A.4) a + ( − a ) = ( − a ) + a = 0 , ( − a ) ∈ S Inverse element wrt + (A.5) a + b = b + a Commutativity wrt + (B.1) a · b ∈ S Closure wrt · (B.2) a · ( b · c ) = ( a · b ) · c = a · b · c Associativity wrt · (B.3) a · 1 = 1 · a = a , 1 ∈ S−{ 0 } Identity element wrt · (B.4) a · ( a − 1 )=( a − 1 ) · a = 1 , a , ( a − 1 ) ∈ S−{ 0 } Inverse element wrt · (B.5) a · b = b · a Commutativity wrt · (C.1) ( a + b ) · c = a · c + b · c Distributivity Peter Mathys ECEN 5022 Cryptography

Primes Groups, Rings, Fields Ring of Integers Modulo n Groups, Rings, Fields ◮ Depending on the subset of axioms that are satisfied the following arithmetic systems are defined: Axioms satisfied Name (A.1) . . . (A.4) Group (A.1) . . . (A.4),(A.5) Commutative Group (A.1) . . . (A.5),(B.1) . . . (B.3),(C.1) Ring with Identity (A.1) . . . (A.5),(B.1) . . . (B.3),(B.5),(C.1) Commutative Ring with Identity (A.1) . . . (A.5),(B.1) . . . (B.5),(C.1) Field ◮ Note: Commutative groups (rings, fields) are also called Abelian groups (rings, fields) in honor of Niels Henrik Abel (1802-1829). Peter Mathys ECEN 5022 Cryptography