




Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Number theory and modular exponentiation, including finding remainders, using the binary expansion of exponents, and the Extended Euclidean Algorithm. It also introduces key results for RSA, such as Bezout's theorem, the definition of an inverse of a modulo m, the Chinese remainder theorem, and Fermat's Little Theorem. questions and a quiz for review.
Typology: Lecture notes
1 / 8
This page cannot be seen from the preview
Don't miss anything!





Questions:
Quiz tomorrow includes chapter 3, section 4.1 and only up to page 249 of section 4.2. You should certainly be comfortable with the above theorems…
In cryptography it is important to be able to find bn^ mod m efficiently, where b , n , and m are large integers. It is impractical to first compute bn^ and then find its remainder when divided by m because bn will be a huge number. Instead, we can use an algorithm that employs the binary expansion of the exponent n .i
OK, this gets tricky. What we are going to do is notice that if we raise some number b to the nth^ power, we can consider the binary representation of n as (ak-1, … a 1 , a 0 ). So if n=12 we could consider 1100 2. Consider the claim that
i (^) Text from page 253 of Rosen
In our case (n=12) we are saying that b^12 =b^8 *b^4 which is clearly true.
So what are going to do is take advantage of this
Let’s see how we’d use this to find 5^13 mod 3 (something a bit less painful).
How are lcm and gcd related?
We are going to propose a fast way of finding the gcd of two numbers. Clearly, if we find the prime factorization of two numbers we can find the gcd by finding the common terms. But that may not be fast enough. Euclid proposed an algorithm that is much faster than searching for all factors (which in the worst case could take quite a while). Let’s start by proving the following:
OK, this is basically saying that if there is any factor which divides a and b, it must also divide r. So let’s say that some factor “d” divides a and b. In that case, d also divides bqiii. And because r=a-bq, where d divides a and bq, it must also divide r. So any number (including the greatest one) that divides a and b must also divide r.
For example consider finding the gcd(30,12). This means that gcd(30,12)=gcd(30 mod 12, 12)=gcd(6,12)=6.
iii (^) If a|b then d, a|bd.
Find the gcd(255,300) using the Euclidian Algorithm.
index i quotient qi - 1 Remainder ri 0 300 1 255 2 3 4 5
We are now going to work on 4 key results we’ll use for RSA.
Bezout’s theorem which states that ∀𝑎𝑏 ∃𝑠𝑡 𝑠𝑎 + 𝑏𝑡 = gcd(𝑎, 𝑏) The definition of an inverse of a modulo m and a proof that it exists if a and m are relatively prime That is, that a(m>1)[gcd(a,m)=1 x(ax1 (mod m))] Chinese remainder theorem which states that if you’ve a group of relatively prime positive integers greater than 1 then you can count to the product of those primes in a unique way just using those primes (this one is actually easy, just hard to state succinctly). Fermat’s Little Theorem which states if p is prime and a is not divisible by p then 𝑎𝑝−1^ ≡ 1 (𝑚𝑜𝑑 𝑝)
(It is unlikely we will manage all 4 of these today, we’ll finish/review on Thursday).
If ax1 (mod m) then x is said to be an inverse of a modulo m. The claim below is that if a and m are relatively prime such an inverse exists and is unique modulo m.
(This proof shows existence, not uniqueness) We know that gcd(a,m)=1, so from Bezout’s theorem we know that s,t as+mt=1. Thus sa+tm1 (mod m). (Finish the proof below, it’s just one or two more lines, though we won’t show the uniqueness part.
We’ll use this one without proof as all known proofs are fairly ugly. But see https://en.wikipedia.org/wiki/Proofs_of_Fermat%27s_little_theorem for some proofs if you are interested.
These looks complex, but really it isn’t. Let’s do a group exercise and have one group be “mod 2” one group be “mod 3” and one group be “mod 5”. This theorem says that if we count up to 30 (235) and each group counts by their mod (so mod 2 counts as 0,1,0,1, etc.) then we can count from 0 to 29 before there is a repeat.
We’ll prove this a bit differently than the text does. We are trying to show that there is a unique solution. First let’s define this scheme as a function f that maps from a domain m to a co-domain of m 1 , m 2 , …, mn to m. Notice that the cardinality of the domain and co-domain are identical (m). Now let’s assume there are two values a and b that generate the same values in the co-domain. In that case, a-b must each be divisible by all values of mi. And as such, since each of the m’s are relatively prime, it must be divisible by their product. But that’s impossible as |a-b|<m as a and b are both between 0 and m-1. Thus there are no two that have the same mapping (the function is one-to-one). And because they have the same cardinality, the function is also onto. It is thus a bijection and every instance in the domain maps to a unique instance in the co-domain. Done.