Research project paper.

anve5h.5p10

Chapter2PPT.pptx

Home >Computer Science homework help > Research project paper.

Cryptography and Network Security: Principles and Practice

Eighth Edition

Chapter 2

Introduction to Number Theory

Lecture slides prepared for “Cryptography and Network Security”, 8/e, by William Stallings, Chapter 2 – “Introduction to Number Theory”.

Number theory is pervasive in cryptographic algorithms. This chapter provides sufficient breadth and depth of coverage of relevant number theory topics for understanding the wide range of applications in cryptography. The reader familiar with these topics can safely skip this chapter.

The first three sections introduce basic concepts from number theory that are needed for understanding finite fields; these include divisibility, the Euclidian algorithm, and modular arithmetic. The reader may study these sections now or wait until ready to tackle Chapter 5 on finite fields.

Sections 2.4 through 2.8 discuss aspects of number theory related to prime numbers and discrete logarithms. These topics are fundamental to the design of asymmetric (public-key) cryptographic algorithms. The reader may study these sections now or wait until ready to read Part Three.

The concepts and techniques of number theory are quite abstract, and it is often difficult to grasp them intuitively without examples. Accordingly, this chapter includes a number of examples, each of which is highlighted in a shaded box.

Learning Objectives 1 of 2

Understand the concept of divisibility and the division algorithm.

Understand how to use the Euclidean algorithm to find the greatest common divisor.

Present an overview of the concepts of modular arithmetic.

Explain the operation of the extended Euclidean algorithm.

Discuss key concepts relating to prime numbers.

Learning Objectives 2 of 2

Understand Fermat’s theorem.

Understand Euler’s theorem.

Define Euler’s totient function.

Make a presentation on the topic of testing for primality.

Explain the Chinese remainder theorem.

Define discrete logarithms

Divisibility

We say that a nonzero b divides a if a = mb for some m, where a, b, and m are integers

b divides a if there is no remainder on division

The notation b | a is commonly used to mean b divides a

If b | a we say that b is a divisor of a

The positive divisors of 24 are 1, 2, 3, 4, 6, 8, 12, and 24

13 | 182; − 5 | 30; 17 | 289; − 3 | 33; 17 | 0

We say that a nonzero b divides a if a=mb for some m, where a, b, and m are integers. That is, b divides a if there is no remainder on division.

The notation b | a is commonly used to mean b divides a . Also, if b | a , we say that b is a divisor of a .

Properties of Divisibility (1 of 2)

If a | 1, then a = ±1

If a | b and b | a, then a = ±b

Any b ≠ 0 divides 0

If a | b and b | c, then a | c

11 | 66 and 66 | 198 = 11 | 198

If b | g and b | h, then b | (mg + nh) for arbitrary integers m and n

Subsequently, we will need some simple properties of divisibility for integers, which are as follows:

• If a|1, then a = ±1.

• If a|b and b|a, then a = ±b.

• Any b ≠ 0 divides 0.

• If a | b and b | c, then a | c

• If b|g and b|h, then b|(mg + nh) for arbitrary integers m and n.

Properties of Divisibility (2 of 2)

To see this last point, note that:

If b | g , then g is of the form g = b * g1 for some integer g1

If b | h , then h is of the form h = b * h1 for some integer h1

So:

mg + nh = mbg1 + nbh1 = b * (mg1 + nh1 )

and therefore b divides mg + nh

b = 7; g = 14; h = 63; m = 3; n = 2

7 | 14 and 7 | 63.

To show 7 (3 * 14 + 2 * 63),

we have (3 * 14 + 2 * 63) = 7(3 * 2 + 2 * 9),

and it is obvious that 7 | (7(3 * 2 + 2 * 9)).

To see this last point, note that

• If b | g , then g is of the form g = b * g1 for some integer g1 .

• If b | h , then h is of the form h = b * h1 for some integer h1 .

mg + nh = mbg1 + nbh1 = b * (mg1 + nh1 )

and therefore b divides mg + nh .

Division Algorithm

Given any positive integer n and any nonnegative integer a, if we divide a by n we get an integer quotient q and an integer remainder r that obey the following relationship:

a = qn + r

0 ≤ r < n; q = [a/n]

Given any positive integer n and any nonnegative integer a, if we divide a by n, we get an integer quotient q and an integer remainder r that obey the following relationship:

a = qn + r, 0 ≤ r < n; q = [a/n] which is referred to as the division algorithm.

Figure 2.1 The Relationship a = qn + r; 0 ≤ r < n

Figure 2.1a demonstrates that, given a and positive n, it is always possible to find q and r that satisfy the preceding relationship. Represent the integers on the number line; a will fall somewhere on that line (positive a is shown, a similar demonstration can be made for negative a). Starting at 0, proceed to n, 2n, up to qn such that qn ≤ a and (q + 1)n > a. The distance from qn to a is r, and we have found the unique values of q and r. The remainder r is often referred to as a residue .

For example:

a = 11; n = 7; 11 = 1 x 7 + 4; r = 4 q = 1

a = –11; n = 7; –11 = (–2) x 7 + 3; r = 3 q = –2

Figure 4.1b provides another example.

Euclidean Algorithm

One of the basic techniques of number theory

Procedure for determining the greatest common divisor of two positive integers

Two integers are relatively prime if their only common positive integer factor is 1

One of the basic techniques of number theory is the Euclidean algorithm, which

is a simple procedure for determining the greatest common divisor of two positive

integers. First, we need a simple definition: Two integers are relatively prime if their

only common positive integer factor is 1.

Greatest Common Divisor (GCD)

The greatest common divisor of a and b is the largest integer that divides both a and b

We can use the notation gcd(a,b) to mean the greatest common divisor of a and b

We also define gcd(0,0) = 0

Positive integer c is said to be the gcd of a and b if:

c is a divisor of a and b

Any divisor of a and b is a divisor of c

An equivalent definition is:

gcd(a,b) = max[k, such that k | a and k | b]

Recall that nonzero b is defined to be a divisor of a if a = mb for some m , where a , b , and

m are integers. We will use the notation gcd(a , b ) to mean the greatest common divisor

of a and b . The greatest common divisor of a and b is the largest integer that divides

both a and b . We also define gcd(0, 0) = 0.

More formally, the positive integer c is said to be the greatest common divisor

of a and b if

1. c is a divisor of a and of b .

2. Any divisor of a and b is a divisor of c .

An equivalent definition is the following:

gcd(a , b ) = max[k , such that k | a and k | b ]

GCD

Because we require that the greatest common divisor be positive, gcd(a,b) = gcd(a, −b) = gcd(−a,b) = gcd(−a, −b)

In general, gcd(a,b) = gcd(| a |, | b |)

gcd(60, 24) = gcd(60, − 24) = 12

Also, because all nonzero integers divide 0, we have gcd(a,0) = | a |

We stated that two integers a and b are relatively prime if their only common positive integer factor is 1; this is equivalent to saying that a and b are relatively prime if gcd(a,b) = 1

8 and 15 are relatively prime because the positive divisors of 8 are 1, 2, 4, and 8, and the positive divisors of 15 are 1, 3, 5, and 15. So 1 is the only integer on both lists.

Because we require that the greatest common divisor be positive, gcd(a , b ) =

gcd(a , -b ) = gcd(-a , b ) = gcd(-a ,-b ). In general, gcd(a , b ) = gcd( | a | , | b | ).

Also, because all nonzero integers divide 0, we have gcd(a , 0) = a .

We stated that two integers a and b are relatively prime if their only common

positive integer factor is 1. This is equivalent to saying that a and b are relatively

prime if gcd(a , b ) = 1.

Figure 2.2 Euclidean Algorithm

We now describe an algorithm credited to Euclid for easily finding the greatest

common divisor of two integers (Figure 2.2). This algorithm has broad significance

in cryptography.

Figure 2.3 Euclidean Algorithm Example: gcd(710, 310)

We can find the greatest common divisor of two integers by repetitive application

of the division algorithm. This scheme is known as the Euclidean algorithm.

Figure 2.3 illustrates a simple example.

Table 2.1 Euclidean Algorithm Example

In this example, we begin by dividing 1160718174 by 316258250, which gives 3

with a remainder of 211943424. Next we take 316258250 and divide it by 211943424.

The process continues until we get a remainder of 0, yielding a result of 1078.

Modular Arithmetic (1 of 3)

The modulus

If a is an integer and n is a positive integer, we define a mod n to be the remainder when a is divided by n; the integer n is called the modulus

Thus, for any integer a:

a = qn + r 0 ≤ r < n; q = [a/ n]

a = [a/ n] * n + ( a mod n)

11 mod 7 = 4; - 11 mod 7 = 3

If a is an integer and n is a positive integer, we define a mod n to be the remainder

when a is divided by n . The integer n is called the modulus . Thus, for any integer a:

a = qn + r 0 ≤ r < n; q = [ a/ n]

a = [a/ n] * n + ( a mod n)

Modular Arithmetic (2 of 3)

Congruent modulo n

Two integers a and b are said to be congruent modulo n if (a mod n) = (b mod n)

This is written as a = b(mod n)2

Note that if a = 0(mod n), then n | a

73 = 4 (mod 23); 21 = −9 (mod 10)

Two integers a and b are said to be congruent modulo n , if (a mod n ) =

(b mod n ). This is written as a K b (mod n ).2

Note that if a = 0 (mod n ), then n | a .

Properties of Congruences

Congruences have the following properties:

a = b (mod n) if n (a – b)

a = b (mod n) implies b = a (mod n)

a = b (mod n) and b = c (mod n) imply a = c (mod n)

To demonstrate the first point, if n (a − b), then (a − b) = kn for some k

So we can write a = b + kn

Therefore, (a mod n) = (remainder when b + kn is divided by n) = (remainder when b is divided by n) = (b mod n)

23 = 8 (mod 5) because 23 − 8 = 15 = 5 * 3

−11 = 5 (mod 8) because − 11 − 5 = −16 = 8 * (−2)

81 = 0 (mod 27) because 81 − 0 = 81 = 27 * 3

Congruences have the following properties:

1. a = b (mod n) if n (a – b)

2. a = b (mod n) implies b = a (mod n)

3. a = b (mod n) and b = c (mod n) imply a = c (mod n)

To demonstrate the first point, if n (a - b), then (a - b) = kn for some k

So we can write a = b + kn

Therefore, (a mod n) = (remainder when b + kn is divided by n) = (remainder when b is divided by n) = (b mod n)

Modular Arithmetic (3 of 3)

Modular arithmetic exhibits the following properties:

[(a mod n) + (b mod n)] mod n = (a + b) mod n

[(a mod n) − (b mod n)] mod n = (a - b) mod n

[(a mod n) * (b mod n)] mod n = (a * b) mod n

We demonstrate the first property:

Define (a mod n) = ra and (b mod n) = rb. Then we can write a = ra + jn for some integer j and b = rb + kn for some integer k

Then:

(a + b) mod n = (ra + jn + rb + kn) mod n

= (ra + rb + (k + j)n) mod n

= (ra + rb) mod n

= [(a mod n) + (b mod n)] mod n

Modular arithmetic exhibits the following properties:

1. [(a mod n) + (b mod n)] mod n = (a + b) mod n

2. [(a mod n) - (b mod n)] mod n = (a - b) mod n

3. [(a mod n) * (b mod n)] mod n = (a * b) mod n

We demonstrate the first property:

Define (a mod n) = ra and (b mod n) = rb. Then we can write a = ra + jn for some integer j and b = rb + kn for some integer k.

Then:

(a + b) mod n = (ra + jn + rb + kn) mod n

= (ra + rb + (k + j)n) mod n

= (ra + rb) mod n

= [(a mod n) + (b mod n)] mod n

Thamizharasan Dhanaseelan (TD) -

Remaining Properties

Examples of the three remaining properties:

11 mod 8 = 3; 15 mod 8 = 7

[(11 mod 8) + (15 mod 8)] mod 8 = 10 mod 8 = 2

(11 + 15) mod 8 = 26 mod 8 = 2

[(11 mod 8) − (15 mod 8)] mod 8 = − 4 mod 8 = 4

(11 − 15) mod 8 = − 4 mod 8 = 4

[(11 mod 8) * (15 mod 8)] mod 8 = 21 mod 8 = 5

(11 * 15) mod 8 = 165 mod 8 = 5

The remaining properties are proven as easily. Here are examples of the three

properties.

Table 2.2 (a) Arithmetic Modulo 8

Table 2.2a and Table 2.2b provide an illustration of modular addition and multiplication

modulo 8. Looking at addition, the results are straightforward, and there is a regular

pattern to the matrix. Both matrices are symmetric about the main diagonal

in conformance to the commutative property of addition and multiplication.

Table 2.2 (b) Multiplication Modulo 8

Similarly, the entries in the multiplication table are straightforward. In ordinary

arithmetic, there is a multiplicative inverse, or reciprocal, to each integer. In modular

arithmetic mod 8, the multiplicative inverse of x is the integer y such that

(x * y ) mod 8 = 1 mod 8. Now, to find the multiplicative inverse of an integer

from the multiplication table, scan across the matrix in the row for that integer to

find the value 1; the integer at the top of that column is the multiplicative inverse;

thus, (3 * 3) mod 8 = 1. Note that not all integers mod 8 have a multiplicative

inverse; more about that later.

Table 2.2 (c) Additive and Multiplicative Inverse Modulo 8

As in ordinary addition, there is an additive inverse, or negative, to each integer in

modular arithmetic. In this case, the negative of an integer x is the integer y such

that (x + y ) mod 8 = 0. To find the additive inverse of an integer in the left-hand

column, scan across the corresponding row of the matrix to find the value 0; the

integer at the top of that column is the additive inverse; thus, (2 + 6) mod 8 = 0.

Table 2.3 Properties of Modular Arithmetic for Integers in Zn

Property	Expression
Commutative Laws	(w + x) mod n = (x + w) mod n (w × x) mod n = (x × w) mod n
Associative Laws	[(w + x) + y] mod n = [w + (x + y)] mod n [(w × x) × y] mod n = [w × (x × y)] mod n
Distributive Law	[w × (x + y)] mod n = [(w × x) + (w × y)] mod n
Identities	(0 + w) mod n = w mod n (1 × w) mod n = w mod n
Additive Inverse (−w)	For each w  Zn, there exists a z such that w + z  0 mod n

If we perform modular arithmetic within Zn, the properties shown in Table 2.3 hold for integers in Zn We show in the next section that this implies that Zn is a commutative ring with a multiplicative identity element.

In general, an integer has a multiplicative inverse in Zn if that integer is relatively prime to n. Table 2.2c in the text shows that the integers 1, 3, 5, and 7 have a multiplicative inverse in Z 8, but 2, 4, and 6 do not.

Table 2.4 Extended Euclidean Algorithm Example

i	ri	qi	xi	yi
−1	1759	Blank	1	0
0	550	Blank	0	1
1	109	3	1	−3
2	5	5	−5	16
3	4	21	106	−339
4	1	1	−111	355
5	0	4	Blank	Blank

Result: d = 1; x = −111; y = 355

Example of the Extended Euclidean Algorithm.

Prime Numbers

Prime numbers only have divisors of 1 and itself

They cannot be written as a product of other numbers

Prime numbers are central to number theory

Any integer a > 1 can be factored in a unique way as

a = p1 a1 * p2 a2 * . . . * pp1 a1

where p1 < p2 < . . . < pt are prime numbers and where each ai is a positive integer

This is known as the fundamental theorem of arithmetic

An integer p > 1 is a prime number if and only if its only divisors are ±1

and ± p . Prime numbers play a critical role in number theory and in the techniques

discussed in this chapter.

Any integer a > 1 can be factored in a unique way as

a = p1 a1 * p2 a2 * . . . * pp1 a1

where p1 < p2 < . . . < pt are prime numbers and where each ai is a positive integer

This is known as the fundamental theorem of arithmetic; a proof can be found in any text on number theory.

Table 2.5 Primes Under 2000

Table 2.5 shows the primes less than 2000. Note the way

the primes are distributed. In particular, note the number of primes in each range

of 100 numbers.

Fermat’s Theorem

States the following:

If p is prime and a is a positive integer not divisible by p then

ap−1 = 1 (mod p)

An alternate form is:

If p is prime and a is a positive integer then

ap = a (mod p)

Two theorems that play important roles in public-key cryptography are Fermat’s

theorem and Euler’s theorem.

Fermat’s theorem states the following: If p is prime and a is a positive integer not

divisible by p, then

ap-1 = 1 (mod p)

An alternative form of Fermat’s theorem is also useful: If p is prime and a is a

positive integer, then

ap = a (mod p)

Table 2.6 Some Values of Euler’s Totient Function ø(n)

n	ɸ (n)
1	1
2	1
3	2
4	2
5	4
6	2
7	6
8	4
9	6
10	4

n	ɸ (n)
11	10
12	4
13	12
14	6
15	8
16	8
17	16
18	6
19	18
20	8

n	ɸ (n)
21	12
22	10
23	22
24	8
25	20
26	12
27	18
28	12
29	28
30	8

Before presenting Euler’s theorem, we need to introduce an important quantity in

number theory, referred to as Euler’s totient function, written ø (n ), and defined as

the number of positive integers less than n and relatively prime to n . By convention,

ø(1) = 1.

Table 2.6 lists the first 30 values of ø (n ). The value ø(1) is without meaning

but is defined to have the value 1.

It should be clear that, for a prime number p ,

ø (p ) = p - 1

Euler’s Theorem

States that for every a and n that are relatively prime:

aø(n) = 1(mod n)

An alternate form is:

aø(n)+1 = a(mod n)

Euler’s theorem states that for every a and n that are relatively prime:

aø(n) = 1(mod n)

As is the case for Fermat’s theorem, an alternative form of the theorem is also

Useful:

aø(n)+1 = a(mod n)

Miller-Rabin Algorithm

Typically used to test a large number for primality

Algorithm is:

TEST (n)

Find integers k, q, with k > 0, q odd, so that (n – 1)=2kq ;

Select a random integer a, 1 < a < n – 1 ;

if aq mod n = 1 then return (“inconclusive") ;

for j = 0 to k – 1 do

if (a2jq mod n = n – 1) then return (“inconclusive") ;

return (“composite”) ;

The algorithm due to Miller and Rabin [MILL75, RABI80] is typically used to test

a large number for primality.

The procedure TEST takes a candidate integer n as input and returns the result composite

if n is definitely not a prime, and the result inconclusive if n may or may not

be a prime.

How can we use the Miller-Rabin algorithm to determine with a high degree of confidence whether or not an integer

is prime? It can be shown [KNUT98] that given an odd number n that is not prime

and a randomly chosen integer, a with 1 < a < n - 1, the probability that TEST

will return inconclusive (i.e., fail to detect that n is not prime) is less than 1/4.

Thus, if t different values of a are chosen, the probability that all of them will pass

TEST (return inconclusive) for n is less than (1/4)t . For example, for t = 10, the

probability that a nonprime number will pass all ten tests is less than 10-6 . Thus,

for a sufficiently large value of t, we can be confident that n is prime if Miller’s test

always returns inconclusive .

This gives us a basis for determining whether an odd integer n is prime

with a reasonable degree of confidence. The procedure is as follows: Repeatedly

invoke TEST (n) using randomly chosen values for a . If, at any point, TEST returns

composite , then n is determined to be nonprime. If TEST continues to

return inconclusive for t tests, then for a sufficiently large value of t , assume

that n is prime.

Deterministic Primality Algorithm

Prior to 2002 there was no known method of efficiently proving the primality of very large numbers

All of the algorithms in use produced a probabilistic result

In 2002 Agrawal, Kayal, and Saxena developed an algorithm that efficiently determines whether a given large number is prime

Known as the AKS algorithm

Does not appear to be as efficient as the Miller-Rabin algorithm

Prior to 2002, there was no known method of efficiently proving the primality of very

large numbers. All of the algorithms in use, including the most popular (Miller-Rabin),

produced a probabilistic result. In 2002 (announced in 2002, published in 2004),

Agrawal, Kayal, and Saxena [AGRA04] developed a relatively simple deterministic

algorithm that efficiently determines whether a given large number is a prime. The algorithm,

known as the AKS algorithm, does not appear to be as efficient as the Miller-

Rabin algorithm. Thus far, it has not supplanted this older, probabilistic technique.

Chinese Remainder Theorem (CRT)

Believed to have been discovered by the Chinese mathematician Sun-Tsu in around 100 A.D.

One of the most useful results of number theory

Says it is possible to reconstruct integers in a certain range from their residues modulo a set of pairwise relatively prime moduli

Can be stated in several ways

Provides a way to manipulate (potentially very large) numbers mod M in terms of tuples of smaller numbers

This can be useful when M is 150 digits or more

However, it is necessary to know beforehand the factorization of M

One of the most useful results of number theory is the Chinese remainder theorem

(CRT). In essence, the CRT says it is possible to reconstruct integers in a certain

range from their residues modulo a set of pairwise relatively prime moduli.

The CRT can be stated in several ways. We present here a formulation that is most

useful from the point of view of this text. An alternative formulation is explored in

Problem 2.33.

One of the useful features of the Chinese remainder theorem is that it provides

a way to manipulate (potentially very large) numbers mod M in terms of tuples of

smaller numbers. This can be useful when M is 150 digits or more. However, note

that it is necessary to know beforehand the factorization of M .

Table 2.7 Powers of Integers, Modulo 19

Table 2.7 shows all the powers of a, modulo 19 for all positive a <19. The

length of the sequence for each base value is indicated by shading. Note the

following:

1. All sequences end in 1. This is consistent with the reasoning of the preceding

few paragraphs.

2. The length of a sequence divides ø (19) = 18. That is, an integral number of

sequences occur in each row of the table.

3. Some of the sequences are of length 18. In this case, it is said that the base

integer a generates (via powers) the set of nonzero integers modulo 19. Each

such integer is called a primitive root of the modulus 19.

More generally, we can say that the highest possible exponent to which a number

can belong (mod n ) is ø (n ). If a number is of this order, it is referred to as a

primitive root of n . The importance of this notion is that if a is a primitive root of n ,

then its powers

a , a2 ,. . . , aø(n)

are distinct (mod n ) and are all relatively prime to n . In particular, for a prime number

p , if a is a primitive root of p , then

a , a2 ,. . . , ap-1

are distinct (mod p ). For the prime number 19, its primitive roots are 2, 3, 10, 13, 14,

and 15.

Not all integers have primitive roots. In fact, the only integers with primitive

roots are those of the form 2, 4, pa , and 2pa , where p is any odd prime and a is a

positive integer. The proof is not simple but can be found in many number theory

books, including [ORE76].

Table 2.8 Tables of Discrete Logarithms, Modulo 19 (1 of 2)

Table 2.8, which is directly derived from Table 2.7, shows the sets of discrete

logarithms that can be defined for modulus 19.

Table 2.8 Tables of Discrete Logarithms, Modulo 19 (2 of 2)

Table 2.8, which is directly derived from Table 2.7, shows the sets of discrete

logarithms that can be defined for modulus 19.

Summary

Understand the concept of divisibility and the division algorithm

Understand how to use the Euclidean algorithm to find the greatest common divisor

Present an overview of the concepts of modular arithmetic

Explain the operation of the extended Euclidean algorithm

Discuss key concepts relating to prime numbers

Understand Fermat’s theorem

Understand Euler’s theorem

Define Euler’s totient function

Make a presentation on the topic of testing for primality

Explain the Chinese remainder theorem

Define discrete logarithms

Chapter 2 summary.

This work is protected by United States copyright laws and is provided solely for the use of instructors in teaching their courses and assessing student learning. Dissemination or sale of any part of this work (including on the World Wide Web) will destroy the integrity of the work and is not permitted. The work and materials from it should never be made available to students except by instructors using the accompanying text in their classes. All recipients of this work are expected to abide by these restrictions and to honor the intended pedagogical purposes and the needs of other instructors who rely on these materials.

.MsftOfcThm_Text1_Fill { fill:#000000; } .MsftOfcThm_MainDark1_Stroke { stroke:#000000; }