Extra readings

Number Theory

Dr. Cong Wang

City University of Hong Kong

We work on integers only

1
 Divisors
Two integers: a and b (b is non-zero)
– b divides a if there exists some integer m such that
a = m·b
– Notation: b|a
– eg. 1,2,3,4,6,8,12,24 divide 24
– b is a divisor of a

Relations
1. If b|1 Þ b = ±1
2. If b|a and a|b Þ b = ±a
3. If b|0 Þ any b ¹ 0
4. If b|g and b|h then b | (mg + nh) for any integers m and n.
2
 Congruence
a is congruent to b modulo n if n | a-b.

Notation: a º b (mod n)

Examples
1. 23 º 8 (mod 5) because 5 | 23-8
2. -11 º 5 (mod 8) because 8 | -11-5
3. 81 º 0 (mod 27) because 27 | 81-0

Properties
1. a º b (mod n) implies b º a (mod n)
2. a º b (mod n) and b º c (mod n) imply a º c (mod n)

3
 Modular Arithmetic
• modular reduction: a mod n = r
r is the remainder when a is divided by a natural number n
• r is also called the residue of a mod n
§ it can be represented as: a = qn + r where 0 £ r < n, q = ëa/nû
where ëxû is the largest integer less than or equal to x
§ q is called the quotient
• 18 mod 7 = ?
• 29345723547 mod 2 = ?
• Relation between modular reduction and congruence
§ -12 ≡ -5 ≡ 2 ≡ 9 (mod 7)
§ -12 mod 7 = 2 (what’s the quotient?)

4
 Modular Arithmetic Operations

• can do modular reduction at any point,

– a + b mod n = [a mod n + b mod n] mod n
– E.g. 97 + 23 mod 7 = [97 mod 7 + 23 mod 7] mod 7 = [6 + 2] mod 7 = 1
– E.g. 11 – 14 mod 8 = -3 mod 8 = 5
– E.g. 11 x 14 mod 8 = 3 x 6 mod 8 = 2

5
 Modular Arithmetic
• Zn = {0, 1, … , n-1}
• If a+b ≡ a+c (mod n)
then b ≡ c (mod n)
• but if ab ≡ ac (mod n)
then b ≡ c (mod n) only if a is relatively prime to n
– n | ab – ac ð n | a(b – c)
– E.g. 7 x 11 º 7 x 5 (mod 6) ð 11 º 5 (mod 6)
– 9 x 3 º 9 x 5 (mod 6) but 3 ! º 5 (mod 6)

6
 Prime and Composite Numbers
• An integer p is prime if its only divisors are ±1 and ±p only.
• Otherwise, it is a composite number.
• E.g. 2,3,5,7 are prime; 4,6,8,9,10 are not
• List of prime numbers less than 200:
2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79
83 89 97 101 103 107 109 113 127 131 137 139 149 151 157
163 167 173 179 181 191 193 197 199

• Prime Factorization: If a is a composite number, then a can be

factored in a unique way as
a1 a2 at
a = p1 p2 … pt
where p1 > p2 > … > pt are prime numbers and each ai is a natural
number (i.e. a positive nonzero integer).
e.g. 12,250 = 72 × 53 × 2
7
 Prime Factorization
• It is generally hard to do (prime) factorization when
the number is large
• E.g. factorize
1. 24070280312179
2. 10893002480924910251
3. 938740932174981739832107481234871432497617
4. 93874093217498173983210748123487143249761717

8
 Greatest Common Divisor (GCD)
• GCD (a,b) of a and b is the largest number that divides both a and b
– E.g. GCD(60,24) = 12
• If GCD(a, b) = 1, then a and b are said to be relatively prime
– E.g. GCD(8,15) = 1
– 8 and 15 are relatively prime (co-prime)
Question: How to compute gcd(a,b)?
Naive method: factorize a and b and compute the product of
all their common factors.
e.g. 540 = 22 x 33 x 5
144 = 24 x 32
gcd(540, 144) = 22 x 32 = 36

Problem of this naive method: factorization becomes very difficult

when integers become large.
Better method: Euclidean Algorithm (a.k.a. Euclid’s GCD algorithm)
9
 Euclidean Algorithm
Euclid's Algorithm:
A=a, B=b
while B>0
R = A mod B
A = B, B = R
return A

Compute gcd(911, 999) :

A =qxB + R
999 = 1 x 911 + 88
911 = 10 x 88 + 31
88 = 2 x 31 + 26
31 = 1 x 26 + 5
26 =5x5+1
5 =5x1+0

Hence gcd(911, 999) = 1 Value returned

Rationale
Theorem gcd(a, b) = gcd(a, b mod a)
10
 Euclidean Algorithm
Proof Sketch.
“Þ” ( if d divides a and b then d also divides b mod a)
Suppose d|a and d|b.
For any positive integer a, b can be expressed in the form
b = qa + r º r (mod a) — (1)
Þ b mod a = b – qa — (2)
Since d|a, it also divides qa.
Hence from (2), we see that d | b mod a.
“Ü” ( if d divides a and b mod a then d also divides b)
Similarly, if d|a and d|qa.
Thus d | (qa + (b mod a)),
which is equivalent to d | b.
Thus the sets of common divisors of a and b, and a and b mod a, are
identical.

Hence gcd(911, 999) = gcd(911, 999 mod 911) = gcd(911 mod 88, 88)
= gcd(31, 88 mod 31) = gcd(31 mod 26, 26) = gcd(5, 26 mod 5)
= gcd(5, 1) = 1.
11
 Modular Inverse
A is the modular inverse of B mod n if

AB mod n = 1.

A is denoted as B-1 mod n.

e.g.
•3 is the modular inverse of 5 mod 7. In other words, 5-1 mod 7 = 3.
•7 is the modular inverse of 7 mod 16. In other words, 7-1 mod 16 = 7.

However, there is no modular inverse for 8 mod 14.

There exists a modular inverse for B mod n iff B is relatively prime to n.

Question:
What’s the modular inverse of 911 mod 999?

12
 Extended Euclidean Algorithm
The extended Euclidean algorithm can be used to solve the integer
equation
ax + by = gcd(a, b)
For any given integers a and b.
Example
Let a = 911 and b = 999. From the Euclidean algorithm,
999 = 1 x 911 + 88
911 = 10 x 88 + 31
88 = 2 x 31 + 26
31 = 1 x 26 + 5
26 =5x5+1 Þ gcd(a, b) =1
Tracing backward, we get
1 = 26 – 5 x 5
= 26 – 5 x (31 – 1 x 26) = -5 x 31 + 6 x 26
= -5 x 31 + 6 x (88 – 2 x 31) = 6 x 88 – 17 x 31
= 6 x 88 – 17 x (911 – 10 x 88) = -17 x 911 + 176 x 88
= -17 x 911 + 176 x (999 – 1 x 911) = 176 x 999 – 193 x 911

13
we now have
gcd(911, 999) = 1 = -193 x 911 + 176 x 999.
If we do a modular reduction of 999 to this equation, we have
1 (mod 999) = -193 x 911 + 176 x 999 (mod 999)
Þ1 = -193 x 911 mod 999
Þ1 = (-193 mod 999) x 911 mod 999
Þ1 = 806 x 911 mod 999
1 º 806 x 911 (mod 999).
Hence 806 is the modular inverse of 911 modulo 999.

14
 The Euler phi Function
For n ³ 1, f(n) denotes the number of integers in the interval [1, n]
which are relatively prime to n. The function f is called the Euler phi
function (or the Euler totient function).

Fact 1. The Euler phi function is multiplicative. I.e. if gcd(m, n) = 1,

then f(mn) = f(m) x f(n).
Fact 2. For a prime p and an integer e ³ 1, f(pe) = pe-1(p-1).

• From these two facts, we can find f for any composite n if the
prime factorization of n is known.
• Let n = p1e1 p2e2 … pkek where p1,…, pk are prime and each ei is a
nonzero positive integer.
• Then
f(n) = n (1 - 1/p1) (1 - 1/p2) … (1 - 1/pk).

15
 The Euler phi Function

f (n) = {x : 1 £ x £ n and gcd( x,n) = 1}

• f(2) = |{1}| = 1
• f(3) =|{1,2}| = 2
• f(4) = |{1,3}| = 2
• f(5) = |{1,2,3,4}| = 4
• f(6) = |{1,5}| = 2

• f(37) = 36
• f(21) = (3–1)×(7–1) = 2×6 = 12

16
 Fermat’s Little Theorem
Let p be a prime. Any integer a not divisible by p
satisfies ap-1 º 1 (mod p).

• We can generalize the Fermat’s Little Theorem as follows. This is

due to Euler.
Euler’s Generalization Let n be a composite. Then af(n) º 1 (mod n)
for any integer a which is relatively prime to n.

• E.g. a=3;n=10; j(10)=4 ð 34 º 81 º 1 (mod 10)

• E.g. a=2;n=11; j(11)=10 ð 210 º 1024 º 1 (mod 11)

Exercise: Compute 111,073,741,823 mod 13.

Compute 1112.1112.1112.1112.....114 mod 13 º3 (mod 13)
17
 Modular Exponentiation
Let Z = { …, -2, -1, 0, 1, 2, … } be the set of integers.
Let a, e, n Î Z.
Modular exponentiation ae mod n is defined as repeated
multiplications of a for e times modulo n.

Method 1 : Repeated Modular Multiplication (as defined)

e.g. 1115 mod 13 = 11 x 11 x 11 x 11 x … x 11 mod 13
= 4 x 11 x 11 x … x 11 mod 13
= 5 x 11 x … x 11 mod 13
:
=5
• performed 14 modular multiplications
• Complexity = O(e)
• Compute 11103,741,823 mod 1,073,741,823?

18
 Modular Exponentiation
Method 2 : Square-and-Multiply Algorithm
e.g. 1115 mod 13 = 118+4+2+1 mod 13 = 118x114x112x11 mod 13 — (1)
• 112 = 121 º 4 (mod 13) — (2)
2
• 114 = (112) º 3 (mod 13) — (3)
2
• 118 = (114) º 9 (mod 13) — (4)
Put (2), (3) and (4) to (1) and get
1115 º 9 x 3 x 4 x 11 º 5 (mod 13)

• performed at most 2ëlog215û modular multiplications

• Complexity = O( lg(e) )

19
 Modular Exponentiation
Pseudo-code of Square-and-Multiply Algorithm to
compute ae mod n :
Let the binary representation of e be (et-1 et-2 … e1 e0).
Hence t is the number of bits in the binary representation of e.

1. z=1
2. for i = t-1 downto 0 do
3. z = z2 mod n
4. if ei = 1 then z = z x a mod n

20
 Group Theory

• very important in cryptography, especially

in public key cryptography
• concern an operation on “a set of numbers”

21
 Groups
• Let G be a nonempty set and º be a binary operation.
• A binary operation º on a set G is a mapping from GxG to G.

• E.g. G = {1,2,3,4} and º is * (mod 5)

• E.g. 2 º 4 means 2*4 (mod 5) = 3.

(G, º) is a group if the following conditions are satisfied:

1. closed : for any a, b Î G, a º b Î G
2. associative : any a, b, c Î G, (a º b) º c = a º (b º c)
3. there exists an identity element e in G, such that for any a Î
G, a º e = e º a = a.
4. For each a Î G, there exists an inverse of a denoted by a-1,
such that a º a-1 = e.

If º is also commutative, i.e. for any a, b Î G, a º b = b º a, then

(G, º) is an Abelian group.
22
 Example 1
• a set: {1,2,3,4} with operator * (mod 5)
• obeys:
– close law
– associative law: (a*b)*c = a*(b*c) (mod 5)
– identity e=1: 1*a = a*1 = a
– How about inverses a-1?
• 1 has an inverse (itself)
• 2 has an inverse: 3 since 2*3=6=1 (mod 5)
• 3 has an inverse: 2.
• 4 has an inverse: 4 since 4*4=16=1 (mod 5)
• It is a group
• It is commutative: a*b = b*a
• Therefore, this multiplicative group is an Abelian Group

23
 Example 2
• a set: {0,1,2,3} with operator * (mod 4)
• obeys:
– close law
– associative law: (a*b)*c = a*(b*c) (mod
4)
– identity e=1: 1*a = a*1 = a
– How about inverses a-1?
• First of all, 0 has no inverse
• 1 has an inverse (itself)
• 3 has an inverse (itself) 3.3=9=1 (mod 4)
• 2 has no inverse
• Cannot be a group
24
 Example 3
• a set: {1,2,3} with operator * (mod 5)
• obeys:
– associative law: (a*b)*c = a*(b*c) (mod 5)
– identity e=1: 1*a = a*1 = a
– How about inverses a-1?
• 1 has an inverse (itself)
• 2 has an inverse: 3 since 2*3=6=1 (mod 5)
• 3 has an inverse: 2.
• Is it a group?
• No, it’s not closed since 2*2=4 (mod 5) is not in the set.

25
 More on Multiplicative Groups
• For multiplication, not all Zn\{0} form (multiplicative) groups with
the identity element 1.
• It depends on the value of n.
• For example, Z8\{0} does not while Z7\{0} under multiplication
forms a group.
• Reason: Only those elements which are relatively prime to n have
multiplicative inverses. Hence Zn\{0} forms a multiplicative group
only when n is a prime.

• As an extension, the set Zn* = {a Î Zn | gcd(a,n)=1 } forms a

multiplicative group (i.e. operator is * mod n) for any positive integer
n.

26
 Cyclic Groups
• A group is cyclic if there is an element g Î G such that for each
a Î G, there is an integer i with a = gi, that is g operates (e.g.
modular multiply) on itself for i times.
• g is called a generator of G.
• Example: (Z7*, * mod 7) is a cyclic multiplicative group with g=3.

Let n=7 and g=3.

i 1 2 3 4 5 6
gi mod 7 3 2 6 4 5 1

But not all the multiplicative groups of positive composite integers n

have generators (are cyclic).
Fact. Zn* has a (at least one) generator if and only if n = 2, 4, pk, 2pk,
where p is an odd prime and k ³ 1.

27
 Example
• Is the group {1,2,3,4}; * (mod 5) cyclic?
– The identity is 1.
– Let a=2
– Recall that the notation: a3 = a.a.a
– 1= a0
– a1=2
– a2= 4 (mod 5)
– a3 =2*2*2=8=3 (mod 5)
– a4 =16=1 (mod 5)
• 2 is a generator of the group
• Therefore, the group is cyclic.
• Ex: Is 3 (or 4) a generator of this group?

28