1 / 32

IE MS5710 Introduction to Number Theory

IE MS5710 Introduction to Number Theory. 29 January 20 13 Prof. CHAN Yuen-Yan, Rosanna Department of Information Engineering The Chinese University of Hong Kong. Number Theory.

aziza
Télécharger la présentation

IE MS5710 Introduction to Number Theory

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. IEMS5710Introduction to Number Theory 29 January 2013 Prof. CHAN Yuen-Yan, Rosanna Department of Information Engineering The Chinese University of Hong Kong

  2. Number Theory (from Wiki) Number theory is the branch of mathematics concerned with the properties of numbers in general, and integers in particular A number of concepts in number theory are essential in the design of public-key cryptographic algorithms We will review these concepts Prime numbers Fermat’s Little Theorem Euler’s Theorem The Chinese Remainder Theorem Discrete Logarithms IEMS5710 - Lecture 3

  3. Prime Numbers prime numbers only have divisors of 1 and self they cannot be written as a product of other numbers note: 1 is prime, but is generally not of interest eg. 2,3,5,7 are prime, 4,6,8,9,10 are not prime numbers are central to number theory list of prime number less than 200 is: 2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 101 103 107 109 113 127 131 137 139 149 151 157 163 167 173 179 181 191 193 197 199 IEMS5710 - Lecture 3

  4. Prime Factorisation to factor a number n is to write it as a product of other numbers: n=a x b x c note that factoring a number is relatively hard compared to multiplying the factors together to generate the number the prime factorisation of a number n is when its written as a product of primes eg. 91=7x13 ; 3600=24x32x52 IEMS5710 - Lecture 3

  5. Relatively Prime Numbers & GCD two numbers a, b are relatively prime if have no common divisors apart from 1 eg. 8 & 15 are relatively prime since factors of 8 are 1,2,4,8 and of 15 are 1,3,5,15 and 1 is the only common factor Greatest common divisor of two numbers can be determined by comparing their prime factorizations and using least powers eg. 300=21x31x52 18=21x32hence GCD(18,300)=21x31x50=6 IEMS5710 - Lecture 3

  6. Basic Number TheoryFermat’s Little Theorem Fermat’s Little Theorem (FLT) • If p is a prime number, then for any integer a • Variant of the theorem: if p is a prime and a is an integer relatively prime to p (they have no common factors except 1), then Pierre de Fermat 1601 - 1655 IEMS5710 - Lecture 3

  7. Basic Number TheoryFermat’s Little Theorem • Fermat’s Little Theorem - illustrations IEMS5710 - Lecture 3

  8. Exercise 1 • Using Fermat Little Theorem, find 5301 mod 11 • Fermat's theorem states that if p is prime and a is a positive integer not divisible by p, then ap–1 1 (mod p). Therefore 510 1 (mod 11). So we get • 5301 = 51030+1 = (510)30X 5 5 (mod 11) IEMS5710 - Lecture 3

  9. Exercise 2 • x109  8 (mod 37), find x • We have 109 = 36 X 3 + 1 • x109=x36x3+1=x36x3  x  13 x  8 (mod 37) • So we have x  8 (mod 37) IEMS5710 - Lecture 3

  10. Euler Totient Function ø(n) when doing arithmetic modulo n complete set of residues is: 0..n-1 reduced set of residues is those numbers (residues) which are relatively prime to n E.g. for n=10, complete set of residues is {0,1,2,3,4,5,6,7,8,9} reduced set of residues is {1,3,7,9} number of elements in reduced set of residues is called the Euler Totient Function ø(n) IEMS5710 - Lecture 3

  11. Euler Totient Function ø(n) to compute ø(n) can count number of residues to be excluded for p (p prime) ø(p)=p-1 for pq (p,q prime) ø(pq)=(p-1)x(q-1) (prove in next page) eg. ø(37) = 36 ø(21) = (3–1)x(7–1) = 2x6 = 12 IEMS5710 - Lecture 3

  12. ø(pq)=ø(p)ø(q) ø(n) = ø(pq) = pq – 1 – [(q-1)+(p-1)] (why?) = pq – (p + q) + 1 = (p-1) x (q-1) = ø(p)ø(q) IEMS5710 - Lecture 3

  13. Euler's Theorem a generalisation of Fermat Little Theorem aø(n) = 1 (mod n) for any a,n where gcd(a,n)=1 eg. a=3;n=10; ø(10)=4; hence 34 = 81 = 1 mod 10 a=2;n=11; ø(11)=10; hence 210 = 1024 = 1 mod 11 also have: aø(n)+1 = a (mod n) IEMS5710 - Lecture 3

  14. Euler's Theorem - Proof • aø(n) = 1 (mod n), a and n are co-prime (i.e. relatively prime) • Let R = {x1, x2, …, xø(n)}be the set of integers that are relatively prime to n • The set of integers ax1, ax2, …, axø(n)are also relatively prime to n (because a is relatively prime to n) • Consider the set S = {(ax1mod n), (ax2mod n), …, (axø(n)mod n)}, by definition, the elements are exactly the same as the set R • Multiply all elements in R and S, and because R = S, the proof follows IEMS5710 - Lecture 3

  15. Exercise 3 • Fine 3500 mod 10 • The prime factors of 10 are 2 and 5, and so the totient function yields • ø(10)= ø(25) = ø(2)ø(5) = (2-1)(5-1)=4 • Since 3 is relatively prime to 10, we can apply Euler's theorem that • 3500 = 34X125 = 3ø(10)x125 1 (mod 10) IEMS5710 - Lecture 3

  16. Euclidean Algorithm • Use Euclidean algorithm to find the GCD(a,b), for example: a = 65,b = 40 • We have a = q1b + r1 0 < r1 < b b = q2r1 + r2 0 < r2 < r1 r1 = q3r2 + r3 0 < r3 < r2 ………. rn-2 = qnrn-1 + rn 0 < rn < rn-1 rn-1 = qn+1rn + 0 GCD(a, b) = rn • For example 65 = 1 x 40 + 25 40 = 1 x 25 + 15 25 = 1 x 15 + 10 15 = 1 x 10 + 5 10 = 2 x 5 + 0  can stop • Therefore: gcd(65, 40) = 5. IEMS5710 - Lecture 3

  17. Finding inverses using Extended Euclidean Algorithm IEMS5710 - Lecture 3 • Euclidean algorithm – use to find GCD of two numbers • Extended Euclidean algorithm enable us to calculate not only GCD but also x & y from ax + by = d = gcd(a, b) • useful for later crypto computations • At each step, the following relationship is maintained: r = ax + by for some r • If a and b are relatively prime, GCD(a,b) = 1 at the end and we have ax + by = 1, i.e. we can obtain • ax  1 (mod y)

  18. Finding inverses using Extended Euclidean Algorithm • Find 120-1 mod 23 • Write 120 = 1 x 120 + 0 x 23 and 23 = 120 × 0 + 23 × 1 120 – 23 X 5 = (120 × 1 + 23 × 0) − (120 × 0 + 23 × 1) × 5 5 = 120 x 1 – 23 x 5 23 − 5 × 4 = (120 × 0 + 23 × 1) − (120 × 1 + 23 × −5) × 4 3 = 120 × −4 + 23 × 21 5 − 3 × 1 = (120 × 1 + 23 × −5) − (120 × −4 + 23 × 21) × 1 2 = 120 × 5 + 23 × −26 3 − 2 × 1 = (120 × −4 + 23 × 21) − (120 × 5 + 23 × −26) × 1 1 = 120 × −9 + 23 × 47 At the end we have 120 x (-9)  1 mod 23 so -9 (i.e. 14) is the inverse of 120 in modulo 23 IEMS5710 - Lecture 3

  19. Exercise 4 • Using extended Euclidean algorithm, find the inverse of 550 in modulo 1759 • Write 1759 = 550 × 0 + 1759 × 1 and 550 = 550 x 1 + 1759 x 0 1759 – 550 x 3 = (550 × 0 + 1759 × 1) − (550 × 1 + 1759 × 0) × 3 109 = 550 x (-3) + 1759 x 1 550 – 109 x 5 = 550 x 1+1759x(0) − (550 x(-3)+1759 x 1) × 5 5 = 550 × 16 - 1759 × 5 109 - 5 × 21 = (550 x (-3)+1759 x 1) − (550 × 16 - 1759 × 5 ) × 21 4 = 550 × (-339) + 1759 × 106 5 − 4 × 1 = (550×16 - 1759 × 5)−(550 × (-339) + 1759 × 106) × 1 1 = 550 × 355 + 1759 × (-111) At the end we have 550 x 355  1 mod 1759 so 355 is the inverse of 550 in modulo 1759 IEMS5710 - Lecture 3

  20. Chinese Remainder Theorem Can be used to speed up modulo computations if working modulo a product of numbers eg. mod M = m1m2..mk Chinese Remainder theorem lets us work in each moduli mi separately since computational cost is proportional to size, this is faster than working in the full modulus M E.g. by Chinese Remainder theorem, x mod 30 = x mod (3x5x2) = x mod 3 = x mod 5 = x mod 2 Is also a key theory to the RSA cryptosystem IEMS5710 - Lecture 3

  21. Chinese Remainder Theorem can implement CRT in several ways to compute A(mod M)whereai = A mod mifor i = 1 to k determine constants ci below, where Mi = M/mi then combine results to get answer using: IEMS5710 - Lecture 3

  22. The Chinese Remainder Theorem • Put in other words… • Suppose m1, m2, …, mk are positive integers which are prime to each other. Then, for any given integers a1,a2, …, ak, there exists an integer X solving the system of simultaneous congruence • Furthermore, all solutions X to this system of equations are equivalent under modulo the product M = m1m2…mk. • i.e. If A is a solution to X, then A  X  ai mod mi for i = 1 to k and A  X mod m1m2…mk • i.e. X  ai mod mi for i = 1 to k iff X ai mod m1m2…mk X  a1 mod m1 X  a2 mod m2 … X  ak mod mk IEMS5710 - Lecture 3

  23. The Chinese Remainder Theorem X = 2 mod 3 X = 3 mod 5 X = 2 mod 7 • Example M = 3 X 5 X 7 c1 = 5 x 7 x ((5 x 7)-1 mod 3)= 5 x 7 x 2 = 70 c2 = 3 x 7 x ((3 x 7)-1 mod 5)= 3 x 7 x 1 = 21 c3 = 3 x 5 x ((3 x 5)-1 mod 7) = 3 x 5 x 1 = 15 Let A be the solution to X A = 2 x70 + 3 x 21 + 2 x 15 (mod 3 x 5 x 7) = 140 + 63 + 30 = 233 mod 105 = 23 IEMS5710 - Lecture 3

  24. The Chinese Remainder Theorem Here we can cancel out Mi X Mi-1because they are in the same modulo (mi) • Explanation For mod mi: ci = Mi X (Mi-1 mod mi) mod mi = 1 For mod mj: ci = Mi X (Mi-1mod mi) mod mj = 0 j ≠ i We cannot cancel out Mi X Mi-1 But mj is a factor of Mi, Mj=0 mod mj Therefore: IEMS5710 - Lecture 3

  25. The Chinese Remainder Theorem • Explanation (Continue) X = 2 mod 3 X = 3 mod 5 X = 2 mod 7 M = 3 X 5 X 7 A = c1 x 2 + c2 x 3 + c3 x 2 (mod M) Check, e.g., for c1 Consider the c1 in the first term c1 = 5 x 7 x ((5 x 7)-1 mod 3) mod 3 = 1 c1 = 5 x 7 x ((5 x 7)-1 mod 3) mod 5 = 0 and c1 = 5 x 7 x ((5 x 7)-1 mod 3) mod 7 = 0 Therefore, A = 1 x 2 + 0 x 3 + 0 x 2 (mod 3) and other follows….. The terms (5 x 7) and (5 x 7)-1 can be cancelled out here because all of them are operated in “mod 3” IEMS5710 - Lecture 3

  26. Exercise 5 • Find the solution to X where X = 1 mod 2 X = 2 mod 3 X = mod 5 M = 2 X 3 X 5 = 30 c1 = 3 x 5 x ((3 x 5)-1 mod 2) = 3 x 5 x 1 = 15 c2 = 2 x 5 x ((2 x 5)-1 mod 3) = 2 x 5 x 1 = 10 c3 = 2 x 3 x ((2 x 3)-1 mod 5) = 2 x 3 x 1 = 6 Let A be the solution to X A = 1 x 15 + 2 x 10 + 3 x 6 (mod 30) = 53 mod 30 = 23 IEMS5710 - Lecture 3

  27. Primitive Roots from Euler’s theorem have aø(n)mod n=1 consider am=1 (mod n), GCD(a,n)=1 must exist for m = ø(n) but may be smaller once powers reach m, cycle will repeat if smallest is m = ø(n) then a is called a primitive root if p is prime, then successive powers of a "generate" the group mod p From next table, can you tell what are the primitive root of the field modulo 19? Ans: 2, 3, 10, 13, 14, 15 IEMS5710 - Lecture 3

  28. Powers mod 19 IEMS5710 - Lecture 3

  29. Discrete Logarithms Logarithm log101000 = 3  103 = 1000 For modulo arithmetic, the inverse problem to exponentiation is to find the discrete logarithm of a number modulo p that is to find i such thatb = ai(mod p) this is written as i = dloga b (mod p) if a is a primitive root then it always exists, otherwise it may not, eg. x = log3 4 mod 13 has no answer x = log2 3 mod 13 = 4 by trying successive powers whilst exponentiation is relatively easy, finding discrete logarithms is generally a hard problem IEMS5710 - Lecture 3

  30. Discrete Logarithms mod 19 IEMS5710 - Lecture 3

  31. Exercise 6 • Find the following from the previous table of discrete log mod 19 • dlog10,19 6 = 4 • dlog14,19 7 = 6 • 13x 6 mod 19, find x Need to look up the log table for dlog13,19 6 Ans: x = 10 IEMS5710 - Lecture 3

  32. References • William Stallings, Cryptography and Network Security Principles and Practices, 5/e, Pearson • Chapter 8 (except 8.3) IEMS5710 - Lecture 3

More Related