Section 3.8: More Modular Arithmetic and Public-Key Cryptography
Modular Arithmetic
-
Upload
fredericka-hunter -
Category
Documents
-
view
35 -
download
4
description
Transcript of Modular Arithmetic
Last Time
1. Euclid’s algorithm to compute gcd(a,b).
2. gcd(a,b) = sa + tb.
3. Use this to solve Die Hard’s water jug problem.
How to find s and t so that gcd(a,b) = sa + tb??
Method: apply Euclidean algorithm, finding
coefficients as you go.
Example: a = 899, b=493899 = 1·493 + 406 493 = 1·406 + 87 406 = 4·87 + 58 87 = 1·58 + 29 58 = 2·29 + 0 done, gcd = 29
GCD Algorithm
Example: a = 899, b=493899 = 1·493 + 406 so 406 = 1·899 + -1·493493 = 1·406 + 87 so 87 = 493 –
1·406 = -1·899 + 2·493406 = 4·87 + 58 so 58 = 406 - 4·87 = 5·899 + -9·49387 = 1·58 + 29 so 29 = 87 – 1·58 = -6·899 + 11·49358 = 2·29 + 0 done, gcd = 29
Extended GCD Algorithm
Example: a = 899, b=493899 = 1·493 + 406 so 406 = 1·899 + -1·493493 = 1·406 + 87 so 87 = 493 – 1·406 = -1·899 + 2·493406 = 4·87 + 58 so 58 = 406 - 4·87 = 5·899 + -9·49387 = 1·58 + 29 so 29 = 87 – 58 = -6·899 + 11·49358 = 2·29 + 0 done, gcd = 29 s = -6, t = 11
Extended GCD Algorithm
Die Hard
Given jug of 21 and jug of 26, is it possible to have exactly 11 gallons in one jug?
gcd(21,26) = 1
5x21 – 4x26 = 1
55x21 – 44x26 = 11
Can we save some water??
26x21 – 21x26 = 0
52x21 – 42x26 = 0
Therefore, 3x21 – 2x26 = 11.
Prime Divisibility
pf: say p does not divide a. so gcd(p,a)=1.
So by the Theorem, there exist s and t such that
sa + tp = 1
(sa)b + (tp)b = b
Lemma: p prime and p|a·b implies p|a or p|b.
p| p| p|
Cor : If p is prime, and p| a1·a2···am then p|ai for some i.
Every integer, n>1, has a unique factorization into primes:
p0 ≤ p1 ≤ ··· ≤ pk
p0 p1 ··· pk = n
Fundamental Theorem of Arithmetic
Example:
61394323221 = 3·3·3·7·11·11·37·37·37·53
Claim: Every integer > 1 is a product of primes.
Prime Products
Proof: (by contradiction)
Suppose not. Then set of non-products is nonempty.
By WOP, there is a least n > 1 that is not a product of
primes.
In particular, n is not prime.
So n = k·m for integers k, m where n > k,m >1.
Since k,m smaller than the least nonproduct,
both are prime products, eg.,
k = p1 p2 p94
m = q1 q2 q214
Prime Products
…So
n = k m = p1 p2 p94 q1 q2 q214
is a prime product, a contradiction.
The set of nonproducts > 1 must be empty.
QED
Claim: Every integer > 1 is a product of primes.
Claim: There is a unique factorization.
Unique Factorization
pf: suppose not. choose smallest n >1:
n = p1·p2···pk = q1·q2···qm
p1p2···pk
q1q2···qm
can assume q1 < p1
so q1 pi all i
pf: n = p1·p2···pk = q1·q2···qm
now p1|n, so by Cor., p1|qi .
so p1 = qi with i >1.
so p2···pk = q1·q2···qi-1·qi+1···qm
and q1 p2
contradiction!
Unique Factorization
Cor : if n = p1·p2···pk , and m|n, then
Claim: There is a unique factorization.
1 2 ji i im = p ·p ···p
Def: a b (mod n) iff n|(a - b).
Modular Arithmetic
Theorem. a b (mod n) iff rem(a, n) = rem(b, n).
For example, 15 29 (mod 7).
Corollary. a rem(a,n) (mod n)
1. a = qn + r
2. b = q’n + r’
3. n | (a-b) iff r = r’
Lemma: If a a’ (mod n), and b b’ (mod n) then
a+b a’+b’ (mod n).
Modular Addition
pf: n| (a – a’) and n| (b – b’) implies
n| ((a+b) – (a’+b’))
Lemma: If a a’ (mod n), and b b’ (mod n) then
ab a’b’ (mod n).
Modular Multiplication
pf: n| (a – a’) and n| (b – b’) implies
a – a’ = pn and b – b’ = qn
implies
ab = (pn + a’)(qn + b’)
= pqn + a’qn + b’pn + a’b’
= (pq+aq’+b’p)n + a’b’
n | (ab – a’b’)
Application
Why is a number written in decimal evenly divisible by 9 if and
only if the sum of its digits is a multiple of 9?
Hint: 10 1 (mod 9).
The multiplicative inverse of a number a is another number a’ such that:
a · a’ = 1 (mod n)
Multiplication Inverse
Does every number has a multiplicative inverse in modular arithmetic?
Theorem. If gcd(k,n)=1, then have k’
k·k’ 1 (mod n).
k’ is an inverse mod n of k
pf: sk + tn = 1.
So tn = 1 - sk
This means n | 1 -
sk
just let k’ = s .
Multiplication Inverse
Cancellation
So (mod n) a lot like =.
main diff: can’t cancel
4·2 1·2 (mod 6)
4 1 (mod 6)
No general cancellation
Cor: If i·k j·k (mod n), and gcd(k,n) = 1,
then i j (mod n)
pf: multiply inverse of k to both sides.
If p is prime & k not a multiple of p, can cancel k. So
k, 2k, …, (p-1)k
are all different (mod p).
So their remainders on division by p are all different (mod p).
Fermat’s Little Theorem
This means that
rem(k, p), rem(2k, p),…,rem((p-1)k, p)
must be a permutation of
1, 2, ···, (p-1)