1 / 44

Discrete Mathematics 6 th edition, 2005 Chapter 5 Introduction to Number Theory

Discrete Mathematics 6 th edition, 2005 Chapter 5 Introduction to Number Theory. Divisors Representations of Integers and Integer Algorithms The Euclidean Algorithm The RSA Public-Key Cryptosystem. 5.1 Divisors. Definition Let n and d be integers, d 0. We say that d divides n

pascale-frank
Télécharger la présentation

Discrete Mathematics 6 th edition, 2005 Chapter 5 Introduction to Number Theory

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Discrete Mathematics 6th edition, 2005 Chapter 5 Introduction to Number Theory • Divisors • Representations of Integers and Integer Algorithms • The Euclidean Algorithm • The RSA Public-Key Cryptosystem

  2. 5.1 Divisors • Definition • Let n and d be integers, d0. • We say that ddividesn if there exists an integer q satisfying n=dq. • We call qthe quotient and da divisor orfactorof n. • If d divides n, we write d|n. • If d does not divide n, we write d∤n.

  3. Divisors Theorem 5.1.3 Let m, n, and d be integers • If d|m and d|n then d|(m+n) • If d|m and d|n then d|(m-n) • If d|m then d|mn Proof 1. d|m and d|n m= dq1and n= dq2 for some integer q1 and q2 (by definition) m+n= dq1 + dq2 =d ( q1+ q2 )  d|(m+n)

  4. Prime and Composite • Prime • An integer greater than 1 whose only positive divisors are itself and 1 is called prime(소수). • Composite • An integer greater than 1 that is not prime is called composite (합성수). Theorem 5.1.7 A positive integer n greater than 1 is composite if and only if n has a divisor d satisfying 2d n

  5. Testing Whether an Integer is Prime • This algorithm determines whether the integer n>1 is prime. • If n is prime, the algorithm returns 0. • If n is composite, the algorithm returns a divisor d satisfying 2dn. • Input: n • Output: d is_prime(n) { for d=2 to n if (n mod d ==0) return d return 0 } // algorithm 5.1.8

  6. Fundamental Theorem of Arithmetic Theorem 5.1.11 Any integer greater than 1 can be written as a product of primes. Moreover, if the primes are written in nondecreasing order, the factorization is unique. In symbols, if n = p1p2…pi, where the pk are primes and p1 p2 … pi, and n = p1’p2’…pj’, where the pk’ are primes and p1’ p2’  … pj’, then i=j and pk=pk’ for all k=1,…,i.

  7. Fundamental Theorem of Arithmetic Theorem 5.1.12 The number of primes is infinite. Proof • Let p1 ,p2 , … , pn denotes all of the distinct primes less than or equal to p. • Consider the integer m=p1p2…pn+1. • Notice that when m is divided by pi, the remainder is 1: m = piq + 1, q = p1p2…pi-1pi+1 …pn. • Therefore, for all i=1 to n, pi does not divide m. • Let p’ be a prime factor of m. Then p’ is not equal to any of pi. • Since p1 ,p2 , … , pn is a list of all of the primes less than or equal to p, we must have p’>p.

  8. Greatest Common Divisor • Common Divisor • m and n: integers, m0 and n0 • A common divisor (공약수) of m and n is an integer divides both m and n. • GCD (최대 공약수) • gcd(m,n): the greatest common divisor of m and n.

  9. Greatest Common Divisor • Example • 82320 = 24315173110 • 950796 = 22325074111 • gcd(82320, 950796) = 22315073110 = 4116 Theorem 5.1.17 Let m and n be integers, m>1, n>1, with prime factorization m = p1 p2 …pland n = p1 p2 …pl (If pi is not a factor of m(n), let ai(bi)=0) Then, gcd(m,n)=p1 p2 … pl a1 a2 al b1 b2 bl min(a1,b1) min(a2,b2)min(al,,bl)

  10. Least Common Multiple • Common Multiple • m and n: positive integers • A common multiple (공배수) of m and n is an integer divisible byboth m and n. • LCM (최소공배수) • lcm(m,n): the least common multiple of m and n.

  11. Least Common Multiple • Example • 82320 = 24315173110 • 950796 = 22325074111 • lcm(82320, 950796) = 24325174111 = 19015920 Theorem 5.1.22 Let m and n be integers, m>1, n>1, with prime factorization m = p1 p2 …pland n = p1 p2 …pl (If pi is not a factor of m(n), let ai(bi)=0) Then, lcm(m,n)=p1 p2 … pl a1 a2 al b1 b2 bl max(a1,b1) max(a2,b2)max(al,,bl)

  12. GCD and LCM Theorem 5.1.25 For any positive integers m and n, gcd(m,n)  lcm(m,n) = mn Proof • If m=1  gcd(m,n)=1 & lcm(m,n)=n gcd(m,n)lcm(m,n) =mn • If n=1  gcd(m,n)=1 & lcm(m,n)=m gcd(m,n) lcm(m,n) =mn • We assume m>1 & n>1. • min(x,y)+max(x,y) = x+y • m = p1 p2 …pl n = p1 p2 …pl • gcd(m,n)= p1 … pl lcm(m,n)= p1 … pl • gcd(m,n)  lcm(m,n) = p1 … pl = p1 … pl = [p1 … pl ] [p1 … pl ] =mn a1 a2 al b1 b2 bl min(a1,b1) min(al,,bl) max(a1,b1) max(al,,bl) min(a1,b1)+max(a1,b1) min(al,,bl)+max(al,,bl) a1+b1al+bl a1al b1bl

  13. mn gcd(m,n) GCD and LCM • Example • gcd(30, 105) = 15 • lcm(30, 105) = 210 • gcd(30, 105)  lcm(30, 105) = 15  210 = 3150 = 30  105 • Using theorem 5.1.25 • lcm(m,n) =

  14. 5.2 Representation of Integers and Integer Algorithms • Number System • Binary digits: 0 and 1, called bits. • In this section we study: binary, hexadecimal and octal number systems. Review of decimal system: • Example: 45,238 is equal to 8 ones 8 x 1 = 8 3 tens 3 x 10 = 30 2 hundreds 2 x 100 = 200 5 thousands 5 x 1000 = 5000 4 ten thousands 4 x 10000 = 40000

  15. Binary number system • From binary to decimal: • The number 1101001 is equivalent to • 1 one 1x20 = 1 • 1 two 0x21 = 0 • 0 four 0x22 = 0 • 1 eight 1x23 = 8 • 0 sixteen 0x24 = 0 • 1 thirty-two 1x25 = 32 • 1 sixty-four 1x26 = 64 105 in decimal base

  16. Computer Representation of Integers • Computer systems represent integers in binary • The number of bits necessary to represent a positive integer n • n = 1x2k + bk-1x2k-1 + … + b0x20, bi = 0 or 1  2k n k lg n • n = 1x2k + bk-1x2k-1 + … + b0x20  1x2k + 1x2k-1 + … + 1x20 = 2k+1 -1 < 2k+1 lg n < k+1 k+1  1+ lg n < k+2  k+1 = 1 + lg n : the number of bits required to represent n

  17. The worst case time of Algo. 5.1.8 (slide p5) • The worst-case time : (n) • The size s (=k+1) of the input n • s  1 + lg n  2 lg n  lg n  s/2 for all n2 (1/2) lg n  s/4 for all n2 lg n1/2  s/4 for all n2 n  cs for all n2, where c=21/4 • The worst-case time is at least Cn  Ccs  exponential time in the input size s

  18. Binary to Decimal • This algorithm returns the decimal value of the base b integer cncn-1…c1c0 • Input: c, n, b • Output: dec_val base_b_to_dec(c, n, b) { dec_val = 0 power = 1 for i=0 to n { dec_val = dec_val + ci*power power = power*b } return dec_val } c4 c3 c2 c1 c0 (b) = c0*1 c1*b c2*b2 c3*b3 + c4*b4 ------------------------- dec_val

  19. Decimal to Binary • The number 7510 is equivalent to • 75 = 2 x 37 + remainder 1 • 37 = 2 x 18 + remainder 1 • 18 = 2 x 9 + remainder 0 • 9 = 2 x 4 + remainder 1 • 4 = 2 x 2 + remainder 0 • 2 = 2 x 1 + remainder 0 • 1 = 2 x 0 + remainder 1  7510 = 10010112 (write the remainders in reverse order preceded by the quotient) quotient

  20. Decimal to Binary • Algorithm to convert a positive integer m to the base b integer cncn-1…c1c0 • Input: m, b • Output: c, n dec_to_base_b(m, b, c, n) { n = -1 while (m > 0) { n = n+1 // LSB first cn= m mod b // remainder m =m/b // quotient } }

  21. Hexadecimal number System • Decimal vs Hexadecimal • Addition • Add 23A16 + 8F16 23A16 + 8F16 2C916

  22. Hexadecimal from/to Decimal • Hexadecimal → Decimal • The hexadecimal number 3A0B16 is 11 x 160 = 11 0 x 161 = 0 10 x 162 = 2560 3 x 163 = 12288 1485910 • Decimal → Hexadecimal • Given the number 234510 • 2345 = 146 x 16 + remainder 9 146 = 9 x 16 + remainder 2 • 234510 is equivalent to the hexadecimal number 92916

  23. Binary addition • Binary addition table • Adding binary numbers • Example: add 1001012 + 1100112 1 1 1 carry ones 1001012 + 1100112 10110002

  24. Binary Addition • This algorithm adds the binary numbers anan-1…a1a0 andbnbn-1…b1b0 and stores the sum insn+1snsn-1…s1s0 • Input: a, b, n • Output: s binary_additon(a, b, n, s) { carry = 0 for i=0 to n { si = (ai + bi + carry) mod 2 carry = (ai + bi + carry)/2 } sn+1 = carry }

  25. Hexadecimal addition • Adding hexadecimal numbers • Example: add 84F16 + 42EA16 • 84F16 + 42EA16 = 2127 + 17130 = 19257 1 1 carry ones 84F16 + 42EA16 4B3916

  26. 0 2 1 1 111 Exponentiation • Algorithm to compute a power an • Using repeated multiplication • an = a·a···a • n-1 multiplication • Using repeated squaring • For example, a29 • a2 = a·a1 multiplication a4 = a2·a21 additional multiplication a8 = a4·a41 additional multiplication a16 = a8·a81 additional multiplication • 29 = 1 + 4 + 8 + 16 • a29 = a1 · a4 · a8 · a16 na’s ++++++= 7 multiplications

  27. Exponentiation • Using repeated squaring • Decimal to binary • successive division by 2 • binary representation is the sequence of remainders • Binary representation of the exponent • for example, a29 = a111012 = a16 · a8 · a4 · a1 current value of n 29 14 7 3 1 Quotient When n divided by 2 14 7 3 1 0 n mod 2 1 0 1 1 1 x a a2 a4 a8 a16 result a Unchanged a·a4 = a5 a5·a8 = a13 a13·a16 = a29

  28. Exponentiation • Algorithm computes an using repeated squaring. • Input: a, n • Output: an exp_via_repeated_squaring(a, n) { result = 1 x = a while (n > 0) { if (n mod 2 == 1) result = result * x x = x * x n =n/2 } return result }

  29. Exponentiation Mod z Theorem 5.2.17 If a, b, and z are positive integers, ab mod z = [(a mod z)(b mod z)] mod z Proof • Let w=ab mod z, x=a mod z, and y=b mod z. • ab = q1z+w w = ab-q1z similarly, a = q2z + x, b = q3z + y • w = ab-q1z =(q2z + x)(q3z + y)- q1z =(q2q3z + q2y + q3 x - q1)z + xy = qz + xy, where q = q2q3z+q2y+q3 x-q1 • xy = -qz + w  w is the remainder when xy is divided by z (w = xy mod z)  ab mod z = [(a mod z)(b mod z)] mod z

  30. Exponentiation Mod z • For example, a29 mod z • To computea29, we successively computed a, a5 = a·a4,a13 = a5·a8,a29 = a13·a16 • To computea29 mod z, we successively compute a mod z, a5 mod z, a13 mod z,a29 mod z • a2 mod z = [(a mod z)(a mod z)] mod z a4 mod z = [(a2 mod z)(a2 mod z)] mod z a8 mod z = [(a4 mod z)(a4 mod z)] mod z a16 mod z = [(a8 mod z)(a8 mod z)] mod z a5 mod z = [(a mod z)(a4 mod z)] mod z a13 mod z = [(a5 mod z)(a8 mod z)] mod z a29 mod z = [(a13 mod z)(a16 mod z)] mod z

  31. Exponentiation Mod z • For example, 57229 mod 713 5722 mod 713 = [(572 mod 713)(572 mod 713)] mod 713 5724 mod 713 = [(5722 mod 713)(5722 mod 713)] mod 713 5728 mod 713 = [(5724 mod 713)(5724 mod 713)] mod 713 57216 mod 713 = [(5728 mod 713)(5728 mod 713)] mod 713 5725 mod 713 = [(572 mod 713)(5724 mod 713)] mod 713 57213 mod 713 = [(5725 mod 713)(5728 mod 713)] mod 713 57229 mod 713 = [(57213 mod 713)(57216 mod 713)] mod 713

  32. Exponentiation Mod z by Repeated Squaring • This algorithm computes an mod z using repeated squaring • Input: a, n, z • Output: anmod z exp_mod_via_repeated_squaring(a, n, z) { result = 1 x = a mod z while (n > 0) { if (n mod 2 == 1) result = (result * x) mod z x =(x * x) mod z n =n/2 } return result }

  33. 5.3 The Euclidean algorithm • Euclid algorithm • an efficient algorithm for finding the greatest common divisor of two integers • gcd(a, b) = gcd(b, a mod b) • Example • a = 105, b = 30 • gcd(105, 30) = gcd(30,105 mod 30) = gcd(30, 15) = gcd(15, 30 mod 15) = gcd(15, 0) • gcd(15, 0) = 15  gcd(105,30) = 15

  34. 5.3 The Euclidean algorithm Theorem 5.3.2: • If a is a nonnegative integer, b is a positive integer, and r = a mod b, • then gcd(a, b) = gcd(b, r) • a = bq + r, 0r<b • Let c be a common divisor of a and b  c|bq  c|a and c|bq  c | (a-bq) (=r)  c is a common divisor of b and r • If c is a common divisor of b and r  c|bq and c|bq + r (=a)  c is a common divisor of a and b  gcd(a, b) = gcd(b, r) Proof

  35. Euclid Algorithm • This algorithm finds the gcd of the nonnegative integers a and b (not both a and b are zero) • Input: a, b • Output: greatest common divisor of a and b • gcd(a, b) { • // make a largest • if (a < b) • swap(a, b) • while (b= 0) { • r = a mod b • a = b • b = r • } • return a • } gcd(a, b) = gcd(b, r) = gcd(b, amod b)

  36. Theorem 5.3.5 Suppose that the pair a, b with a > b requires n>1 modulus operations when input to the Euclidean algorithm. Then a>fn+2 and b>fn+1, where {fn} is the Fibonacci sequence. Analysis of the Euclidean algorithm f1 = 1, f2 = 2 Proof 1. Basis Step (n=1) The theorem is true if n=1 2. Inductive Step • Assume that the Th. is true for n1. • Suppose that the pair a, b, a>b, requires n+1 modulus operations. • r = a mod b (at line 6)  a = bq+r, 0r<b (1) • The algo. repeats using the values b and r, b>r.  These values require n additional modulus op. • By the induction assumption b  fn+2 and r  fn+1(2) • Combine (1) and (2) a = bq+r  b+r  fn+2+ fn+1 = fn+3  a  fn+3 and b  fn+2

  37. Number of operations Theorem 5.3.6 If integers in the range 0 to m, m> 8, not both zero, are input to the Euclidean algorithm, then the number of modulus operations required is at most log 3/2 (2m/3) modulus operations are required.

  38. a 273 110 53 4 b 110 53 4 1 r 273 mod 110 = 53 110 mod 53 = 4 53 mod 4 = 1 4 mod 1 = 0 s t 53 = 273 - 110*2 4 = 110 - 53*2 1 = 53 - 4*13 A Special Result • Example • Find s and t such that gcd(273,110) = s*273 + t*110 1. Find gcd(273,110) (=1) 2. Work back, beginning with the last equation Theorem 5.3.7: If a and b are nonnegative integers, not both zero, there exist integers s and t such that gcd(a, b) = sa + tb = 27*273 - 67*110 1 = 27*(273 - 110*2)- 13*110 = 27*53 - 13*110 1 = 53 -(110 - 53*2)*13 1 = 53 - 4*13

  39. Computing an Inverse Modulo an Integer • Inverse ofnmod(required by RSA) • For two integersn>0and>1 such thatgcd(n, )=1, find ans, 0<s<such thatnsmod = 1 • gcd(n, )=1  Using Euclidean algorithm, find s’ and t’ such thats’n + t’ = 1 • Then,ns’ = -t’ + 1 (1) andsince>1, 1 is the remainder. Thus, ns’ mod = 1 • s=s’ mod (s’ may not satisfy0<s’<) • s0. (ifs=0 then|s’  contradiction) Sinces = s’ mod, there exists q such thats’ = q + s. (2) • (1), (2) ns =n(s’ - q)= ns’ - nq = -t + 1 - nq = (-t’ - nq) + 1 Therefore, nsmod = 1

  40. Computing an Inverse Modulo an Integer • Example: n = 110,  = 273. • gcd(n, ) = 1 and -67n + 27 =1 (slide p38) • ns’ mod  = 110(-67) mod 273 = 1 • s = s’ mod  = -67 mod 273 = 206 • The inverse of 110 modulo 273 is 206 • s is unique • Suppose that ns mod  = 1 = ns’ mod , 0<s<, 0<s’< • s’ = (s’ mod )(ns mod ) mod  = s’ns mod  = (s’n mod )(s mod ) mod  = s • Therefore,s is unique.

  41. 5.4 The RSA public-key cryptosystem • Cryptosystems: systems for secure communications • Used by government, industry, investigation agencies, etc. • Sender encrypts a message • Receiver decrypts the message • RSA (Rivest, Shamir, Adleman) system • Messages are represented as numbers • Based on the fact that no efficient algorithm exists for factoring large digit integers in polynomial time O(nk).

  42. S Q E A N R D U E M S O K N R E A Y N S M K O R N A E N Y E K O R N E L W I A N Y E A I B J C F E U F X G V H H I W J P K L G M S N R O K P O Q B R T S Q T Y U M V D W L X Z Y N Z C The Oldest and Simplest System • If a key is defined as • character: • replaced by: • original message : encrypted message : • encrypted message : decrypted message : • Simple systems are easily broken

  43. RSA • Messages are represented as numbers • A, B, C, …  1, 2, 3, … • SEND MONEY  20, 5, 15, 1, 14, 16, 15, 5, 26 (single integer)  200515011416150526 1. Choose two primes p, q and compute z=pq 2. Compute =(p-1)(q-1) 3. Choose n such that gcd(n,)=1 4. Compute s, 0<s<, satisfying ns mod  =1 5. z, n(encryption key, prime): public p, q, s(decryption key): secret 6. To send a message a, encrypt a c = an mod z 7. Decrypt a encrypted message c a = cs mod z

  44. RSA • Example • p=23, q=31, n=29 • z = pq = 713, =(p-1)(q-1) = 660 • s=569 since ns mod  = 29*569 mod 660 = 16501 mod 660 = 1 • public: z(713), n(29) secret: s(569), p(23), q(29) • message: a=572 • encryption: c = an mod z = 57229 mod 713 = 113 • decryption: a = cs mod z = 113569 mod 713 = 572

More Related