WINSEM2017-18 CSE4003 ETH SJT501 VL2017185003777 Reference Material I Basic Numtheory 1

Basic Concepts of
Number Theory
Dr. Alekha Kumar Mishra

Divisibility
Divisibility : We say a non-zero integer b divides a , if a = mb for some m,
where a,b, m are integers
Notation ( | )
b|a means b divides a, or b is a divisor of a
Divisibility Properties:
1) if a|1 , then a = ± 1
2) if a|b and b|a , then a = ± b
3) if a|b and b|c , then a|c (transitive)
4) if b|g and b|h , then b|(mg+nh) for some arbitrary integers m and n

Divisibility(2)
Proof of DP 4) :
if b|g , then g is of the form g = b x g1 for some integer g1
if b|h, then h is of the form h = b x h1 for some integer h1
Then, mg+nh = m x b x g1 + n x b x h1 = b ( m x g1 + n x h1)
This implies that b|(mg+nh) .

Example
Property 3: 5|25, 25|100 implies 5|100

Property 4: b =7, g = 14, h = 63, m =3, n =2 then
7|14 and 7|63
mg = 3 x 14, nh = 2 x 63
mg+nh = 3 x 14 + 2 x 63 = 7(6+18), then 7|7(6+18)

Division Algorithm
Given any positive integer n and nonnegative integer a, if we divide a by n, we
get an integer quotient q and an integer remainder r that obey the relationship
a = qn + r 0  r < n ; q =  a/n 
Greatest Common Divisor (GCD)

The greatest common divisor of two integer a and b can be defined as
gcd(a,b) = max [ k, such that k|a and k|b ] (1.2)
Properties:
1) gcd(0,0) =0
2) gcd(a,b) = gcd(|a|, |b|), gcd is required to be positive
3) gcd(a,0) = |a|

Euclidean Algorithm
An efficient procedure for determining the gcd for two positive integers
Description of Euclidean Algorithm
Suppose we have integer a, b such that d = gcd(a,b)
Since gcd(a,b) = gcd(|a|, |b|), we may assume a  b > 0
Now using division algorithm,
a = q1 x b + r1, 0  r1 < b
If r1 = 0,
Then b|a, and d=gcd(a,b) = b,
If r1  0,
Then we can say d|r1,
Because, d|a and d|b implies d|(a - q1 x b)

6

Euclidean Algorithm(2)
What is gcd(b,r1)?
Let c be an integer such that c|b anc c|r1
Then, c|(q1 x b + r1) = a,
Since c|a and c|b, c  d, as d = gcd(a,b),

Therefore, d = gcd(b,r1),
Now for r1  0, we can write b = q2 x r1 + r2, 0  r2 < r1
If If r2 = 0, then d= r1, and If r2  0, then d=gcd(r1,r2)
This process continue until some zero reminder appears

So entire set of equations will appear as follows:
a = q1 x b + r 1, 0  r1 < b
b = q2 x r1 + r2, 0  r2 < r1
r1 = q 3 x r 2 + r 3, 0  r 3 < r 2
...
Euclid(a,b){
rn-2 = qn x rn-1 + rn, 0  rn < rn-1 r1 = a; r2 = b;
while(r2>0){
rn-1 = qn+1rn + 0 => d = gcd(a,b) = rn q = r1/r2;
r = r1 – q * r2;
r1 = r2; r2 = r;
}
return r1;
}
8

Example : gcd(25,60)
Euclid(a,b){
r1 = a; r2 = b;
while(r2>0){
q = r1/r2;
r = r1 – q * r2;
r1 = r2; r2 = r;
}
return r1;
}
9

Modular Arithmetic
The modulus
If a is an integer and n is positive integer, we define a mod n to be the reminder
when a is divided by n.
n is called the modulus
a = qn + r, 0  r < n; q =  a/n
a =  a/n x n + a mod n
Example: 11 mode 7 = 4, -11 mod 7 = 3
“Two integers a and b are said to be congruent modulo n, if (a mod n) = (b mod
n), denoted by a  b (mod n)” (1.3)
If a  0 (mod n) , then n|a
Example : 73  4 (mod 23), 21  -9 (mod 10)
10

Modular Arithmetic
Properties of Congruence
1) a  b (mod n) if n|(a-b)
2) a  b (mod n) => b  a (mod n)
3) a  b (mod n) and b  c (mod n) => a  c (mod n)
Proof of PC 1): if n|(a-b) => (a-b) = kn for some k

a = b + kn
a mod n = reminder when b + kn divided by n
= reminder when b is divided by n
= b mod n
Proof of PC 3): a  b (mod n) and b  c (mod n),
This impliesa (mod n) = b (mod n), and b (mod n) = c (mod n)
a (mod n) = c (mod n) => a  c (mod n)
11

Examples
12

Modular Arithmetic Operations
mod n maps all integers to the set [0,1,2,..., n-1]
The modular arithmatic can be perrformed confining to the above set
Modular Arithmetic Properties
1) [ (a mod n) + (b mod n) ] mod n = (a+b) mod n
2) [ (a mod n) - (b mod n) ] mod n = (a-b) mod n
3) [ (a mod n) x (b mod n) ] mod n = (a x b) mod n
13

Modular Arithmetic Operations(2)
Proof of MAP 1):
Let a = ra + jn for some integer j, and Let b = rb + kn for some integer k.
(a+b) mod n = ( ra + jn+rb + kn) mod n
= ((ra + rb ) + (k+j)n) mod n
= (ra + rb ) mod n
= [ (a mod n) + (b mod n) ] mod n
Property 2 and 3 can be proven same way as above.
14

15

Exponentiation is performed by repeated multiplication:
What is 712 mod 8 ?

16

Arithmatic Modulo 8
17

Multiplication modulo 8
18

Additive and multiplicative Inverse
19

More properties of
Modular Arithmetic
Define Zn – set of non negative integers less than n
Zn = { 0,1,2,..., n-1} referred as set of residues or residue class (mod n)
Can be labelled as [0], [1], ..., [n-1]

Where, [r] = {a : a is an integer, a  r (mod n)},
The smallest nonnegative integer of the class is the one used to represent the residue
class
20

Properties of Modular Arithmatic
for Integers belongs to Zn
21

Properties for Integers in Zn
Property (Additive) : if (a + b)  (a + c) (mod n) then b  c (mod n)
Proof : Applying additive inverse on both the sides,we get
((-a) + a + b)  ((-a) + a + c)(mod n)
=> b  c (mod n)
Property (Multiplicative) :if (a * b)  (a * c)(mod n) then b  c(mod n) if

a is relatively prime to n
Proof: Applying the multiplicative inverse of a to both sides , we have
((a-1)ab)  ((a-1)ac)(mod n)
=> b  c(mod n)
Why a and n required to be relatively prime? 22

Properties for Integers in Zn
6 X 3 = 18  2(mod 8)
6 X 7 = 42  2(mod 8), Yet 3 ! 7 (mod 8).
23

The Euclidean algorithm revisited
The recursive definition of gcd
For any two integers a, b
gcd(a,b)=gcd(b,a mod b)
Euclid(a,b){
if(b == 0)
return a;
else
return Euclid(b, a mod b);
}
Extended Euclidean Algorithm not only finds the gcd but also represent
the gcd of a, and b in terms of sum of a and b using two integers.
24

Extended Euclidean Algorithm
For given integers a and b, the Extended Euclidean Algorithm not only
compute gcd(a,b) but also two integers x and y such that
ax + by = gcd(a,b)
It is clear that x and y will be of oppisite sign. (why?)
Procedure:
a = q1 x b + r1, r1= ax1 + by1, 0  r1 < b
b = q2 x r1 + r2, r2= ax2 + by2, 0  r2 < r1
r1 = q3 x r2 + r3, r3= ax3 + by3, 0  r3 < r2
...
rn-2 = qn x rn-1 + rn, rn= axn + byn, 0  rn < rn-1
rn-1 = qn+1rn + 0
25

Extended Euclidean Algorithm(2)
Using the equations, we can write,
ri-2 = qi ri-1 + ri
ri = ri-2 – qi ri-1
Also, ri-2= axi-2 + byi-2 and ri-1= axi-1 + byi-1
Substituting these values in equation of ri we get,
ri = axi-2 + byi-2 - ( axi-1 + byi-1 ) qi
= a( xi-2 - qi xi-1 ) + b ( yi-2 - qi yi-1 )
= axi + byi
Where, xi = xi-2 - qi xi-1 , and yi = yi-2 - qi yi-1
26

Extended Euclidean Algorithm:
How it works
27

Extended Euclidean Algorithm(3) :
Example
28

Exercise
29

Finite Field
&
Algebraic Structures
30

Group
A group G, sometimes denoted by {G, * }, is a set of elements with a binary
operation denoted by * that associates to each ordered pair (a, b) of elements in
G an element (a * b) in G, such that the following axioms are obeyed:
(A1) Closure: If a and b belong to G, then a * b is also in G.
(A2) Associative: a * (b * c) = (a * b) * c for all a, b, c in G.
(A3) Identity element: There is an element e in G such that a * e = e * a = a ,
 a in G.
(A4) Inverse element: For each a in G, there is an element a′ in G, such that
a * a′ = a′ * a = e.
If a group has a finite number of elements, it is referred to as a finite group, and

the order of the group is equal to the number of elements in the group.
Otherwise, the group is an infinite group.
31

Group : Example
1) The set of residue integers Zn with the addition operator, G = { Zn, + }
2) Let Nn = {1, 2, ... , n}. A permutation of n distinct symbols is a one-to-one
mapping from Nn to Nn. Define Sn to be the set of all permutations of n distinct
symbols. Each element of Sn is represented by a permutation p of the

integers in 1, 2, . . . , n. Then {Sn, * } is a group where * is the permutation
operation.
32

Abelian Group
A group is said to be abelian if it satisfies the following additional condition:
(A5) Commutative: a * b = b * a for all a, b in G.
Example:
1) The set of integers (positive, negative, and 0) under addition is an
abelian group.
2) The set of nonzero real numbers under multiplication is an abelian
group.
3) The set Sn from the preceding example is a group but not an abelian
group for n > 2.
33

Ring
A ring R, sometimes denoted by {R, +, x }, is a set of elements with two
binary operations, called addition and multiplication, such that for all a, b, c
in R the following axioms are obeyed.
(A1–A5) R is an abelian group with respect to addition; that is, R
satisfies axioms
A1 through A5. For the case of an additive group, we denote the identity
element as 0 and the inverse of a as -a.
(M1) Closure under multiplication: If a and b belong to R, then ab is also
in R.
(M2) Associativity of multiplication: a(bc) = (ab)c for all a, b, c in R.
(M3) Distributive laws: a(b + c) = ab + ac for all a, b, c in R.
(a + b)c = ac + bc for all a, b, c in R.
34

Commutative Ring
A ring is said to be commutative if it satisfies the following additional
condition:
(M4) Commutativity of multiplication: ab = ba for all a, b in R.
35

Integral Domain
An integral domain is a commutative ring that obeys the following axioms.
(M5) Multiplicative identity:
There is an element 1 in R such that a1 = 1a = a for all a in R.
(M6) No zero divisors:
If a, b in R and ab = 0, then either a = 0 or b = 0.
36

Field
A field F, sometimes denoted by {F, +, x }, is a set of elements with two
binary operations, called addition and multiplication, such that for all a, b, c
in F the following axioms are obeyed.
(A1–M6) F is an integral domain; that is, F satisfies axioms A1 through
A5 and M1 through M6.
(M7) Multiplicative inverse: For each a in F, except 0, there is an
element a-1 in F such that aa-1 = (a-1)a = 1.
** A field is a set of elements in which we can do addition, subtraction,

multiplication, and division without leaving the set.
** Division is defined with the following rule: a/b = a(b-1) 37

Finite Field
Infinite field are not of much interest in cryptography.
It can be shown that the order of a finite field must be a power of prime say
pn, where n is a positive integer
The finite field of order pn is written as GF(pn)
Here GF stands for Galois Field
Special cases : n =1, makes GF(p), p = 2, makes GF(2 n)
Finite fields of order p:
For a given prime p, we define the finite field of order p, GF(p) – the set Zp of
integers { 0, 1, 2, ..., p-1} in association with arithmatic operation modulo p.
38

Multiplicative Inverse in GF(p)
Since p is a prime, therefore there exists a multiplicative inverse, i.e,
For each w  Zp , w  0, z  Zp such that w x z  1( mod p) (1.4)
Since w is relatively prime to p, if we multiply all the element of Z p by w, it will
result in all residues of Zp. So, the element with residue 1 is the multiplicative
inverse of w and denoted as w-1
39

Finding Multiplicative Inverse in GF(p)
The extended euclidean algorithm finds the multiplicative inverse of w in GF(p)

If a and b are two integers that are relatively prime to each other, then using
extended Euclidean algorithm we can write
ax + by = 1 why?
=> (ax mod a + by mod a ) mod a = 1 mod a
=> 0 + by mod a = 1
If by mod a = 1 is true in module a, then y = b-1
Therefore, while computing remainder using Extened Euclidean, when r i = 1,
then y = b-1
40

An example
Find the multiplicative inverse of 11 in GF(29)
It is clear that gcd(11,29) = 1
i ri qi xi yi
-------------------------------------------------------------------
-1 29 - 1 0
0 11 - 0 1
1 7 2 1 -2
2 4 1 -1 3
3 3 1 2 -5
4 1 1 -3 8
-------------------------------------------------------------------- 41
Inverser of 11 exist and is equals to 8.
Finite Field Examples
GF(2) = {0,1}
42

Finite Field GF(7)
Additive modulo, Multiplicative modulo and Inverse Tables
43

Polynomial Arithmatic
with Coefficients in Zp
When polynomial arithmetic is performed on polynomials over a field,
then division is possible.
Within a field, given two elements a and b, the quotient a/b is also an
element of the field. (Exact Division)
However, given a ring R that is not a field, in general, division will result in
both a quotient and a remainder; this is not exact division.
44

Consider the division 5/3 within a set S.
If S is the set of rational numbers, which is a field, then the result is simply
expressed as 5/3 and is an element of S.
If S is the field Z7. In this case, 5/3 = (5 * 3 - 1) mod 7 = (5 * 5) mod 7 = 4 .
If S is the set of integers, which is a ring.

Then 5/3 produces a quotient of 1 and a remainder of 2: 5/3 = 1 + 2/3
If the coefficient set is the integers, then (5x2)/(3x) does not have a solution,
Because, a coefficient with a value of 5/3, is not in the coefficient set.
However, the same polynomial division over Z7. Then, we have
(5x2)/(3x) = 4x, which is a valid polynomial over Z 7.
45

with Coefficients in GF(2)
f(x) = (x7 + x5 + x4 + x3 + x + 1) and g(x) = (x3 + x + 1)
f(x) + g(x)
f(x) - g(x)
46

with Coefficients in GF(2)
f(x) = (x7 + x5 + x4 + x3 + x + 1) and g(x) = (x3 + x + 1)
f(x)  g(x)
f(x)  g(x)
47

Irreducible polynomial
A polynomial f(x) over a field F is called irreducible if and only if f(x) cannot
be expressed as a product of two polynomials, both over F, and both of
degree lower than that of f(x).
By analogy to integers, an irreducible polynomial is also called a prime
polynomial.
Example:
The polynomial f(x) = x4 + 1 over GF(2) is reducible, because
x4 + 1 = (x + 1)(x3 + x2 + x + 1).
48

Example
49

Finding GCD using
polynomial arithmatic
The polynomial c(x) is said to be the greatest common divisor of a(x) and
b(x) if the following are true.
1. c(x) divides both a(x) and b(x).
2. Any divisor of a(x) and b(x) is a divisor of c(x).
gcd[a(x), b(x)] = gcd[b(x), a(x) mod b(x)]
50

Find gcd[a(x), b(x)] for
a(x) = x6 + x5 + x4 + x3 + x2 + x + 1 and
b(x) = x4 + x2 + x + 1
51

n
Finite Field over GF(2 )
● A n-bit word can represent integers in the range
0 to 2n -1
● It is required that all arithimatic operations should
be able to perform using all integers for n-bits
● However, set of integers in modulo 2 n is not a
field
● The polynomial arithmatic can construct the
desired field
52

Polynomial Arithmetic over Zp
n
Consider the set S of all polynomial of degree <= n-1 over field 2 , such that
f(x) = an-1 xn-1 + an-2 xn-2 + ... + a1 x + a0
Where ai {0,1, ... , p-1}.
In this case, S can be a field if following refinements are considered:

1) Arithmatic operations on polynomial coefficient is performed over modulo p
2) If multiplication over polynomial results in a polynomial f(x) with degree > n-1,
then it is reduced as r(x) = f(x) mod m(x), For an irreducible polynomial of
degree n
53

Example
54

Polynomial arithmatic modulo
3 3
(x +x+1) over GF(2 )
55

56

Example
57

Computation of operations
● Addition of polynomials is the addition of
corresponding coefficients in polynomial, which
is just the XOR operation
58

● Let us conGF(28) for multiplication using m(x) =
x8 + x4 + x3 + x + 1
● It is observed that
x8 mod m(x) = [m(x) - x8] = (x4 + x3 + x + 1)
● In general, in GF(2n) with an nth-degree
polynomial p(x), we have
xn mod p(x) = [p(x) - xn].
59

8
Now, consider a polynomial in GF(2 ), which has the form
7 6 5 4 3 2
f(x) = b7x + b6x + b5x + b4x + b3x + b2x + b1x + b0. If we multiply by x,
we have
8 7 6 5 4 3 2
x * f(x) = (b7x + b6x + b5x + b4x + b3x + b2x + b1x + b0x) mod m(x)
If b7 = 0, then polynomial is already in GF(28)
If b7  0, then reduction is achieved by using the equation (xn mod p(x) = [p(x) – xn])
as
7 6 5 4 3 2 4 3
x * f(x) = (b6x + b5x + b4x + b3x + b2x + b1x + b0x) + (x + x + x + 1)
60

This step of multiplication by x (i.e., 00000010) can be implemented as a 1-bit
left shift followed by a conditional bitwise XOR with (00011011), which
4 3
represents (x + x + x + 1)
In general,
x * f(x) = (b6b5b4b3b2b1b0 ), if b7 = 0
= (b6b5b4b3b2b1b0 )(00011011), if b7 = 1
61

Example : multiplication
6 4 2 7 8 4 3
f(x) = x + x + x + x + 1, g(x) = x + x + 1, and m(x) = x + x + x + x + 1,
7 6
To show f(x) * g(x) mod m(x) = x + x + 1 in binary arithmatic.
Need to compute (01010111) * (10000011). Steps as follows:
62

A Generator in Field
● A generator g of a finite field F of order q is an element
whose first q - 1 powers generate all the non-zero
elements of F.
● That is, the elements of F consist of 0, g 0, g1, ... , gq – 2.
● Consider a field F defined by a polynomial f(x). An
element b contained in F is called a root of the
polynomial if f(b) = 0.
● A root g of an irreducible polynomial is a generator of
the finite field defined on that polynomial
63

Generator of a polynomial
● Let us consider the finite field GF(23), defined over the irreducible
polynomial x3 + x + 1
● Thus, the generator g must satisfy f(g) = g3 + g + 1 = 0
=> g3 = - g - 1 = g + 1.
● It can be shown that g in fact generates all of the polynomials of
degree less than 3.
64

3 3
Generator for GF(2 )using x + x + 1
65

End of Number Theory part 1
66

WINSEM2017-18 CSE4003 ETH SJT501 VL2017185003777 Reference Material I Basic Numtheory 1

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

WINSEM2017-18 CSE4003 ETH SJT501 VL2017185003777 Reference Material I Basic Numtheory 1

Загружено:

Авторское право:

Доступные форматы

Basic Concepts of

Dr. Alekha Kumar Mishra

Dr. Alekha Kumar Mishra

if b|h, then h is of the form h = b x h1 for some integer h1

Then, mg+nh = m x b x g1 + n x b x h1 = b ( m x g1 + n x h1)

This implies that b|(mg+nh) .

Dr. Alekha Kumar Mishra

Property 3: 5|25, 25|100 implies 5|100

Dr. Alekha Kumar Mishra

Greatest Common Divisor (GCD)

Dr. Alekha Kumar Mishra

Then b|a, and d=gcd(a,b) = b,

Then we can say d|r1,

Because, d|a and d|b implies d|(a - q1 x b)

Dr. Alekha Kumar Mishra

Let c be an integer such that c|b anc c|r1

Then, c|(q1 x b + r1) = a,

Since c|a and c|b, c  d, as d = gcd(a,b),

Now for r1  0, we can write b = q2 x r1 + r2, 0  r2 < r1

If If r2 = 0, then d= r1, and If r2  0, then d=gcd(r1,r2)

This process continue until some zero reminder appears

Dr. Alekha Kumar Mishra

Dr. Alekha Kumar Mishra

Dr. Alekha Kumar Mishra

Dr. Alekha Kumar Mishra

Proof of PC 1): if n|(a-b) => (a-b) = kn for some k

Dr. Alekha Kumar Mishra

Dr. Alekha Kumar Mishra

Dr. Alekha Kumar Mishra

(a+b) mod n = ( ra + jn+rb + kn) mod n

= ((ra + rb ) + (k+j)n) mod n

= [ (a mod n) + (b mod n) ] mod n

Property 2 and 3 can be proven same way as above.

Dr. Alekha Kumar Mishra

Dr. Alekha Kumar Mishra

What is 712 mod 8 ?

Dr. Alekha Kumar Mishra

Dr. Alekha Kumar Mishra

Dr. Alekha Kumar Mishra

Dr. Alekha Kumar Mishra

Zn = { 0,1,2,..., n-1} referred as set of residues or residue class (mod n)

Can be labelled as [0], [1], ..., [n-1]

Dr. Alekha Kumar Mishra

Dr. Alekha Kumar Mishra

Property (Multiplicative) :if (a * b)  (a * c)(mod n) then b  c(mod n) if

Why a and n required to be relatively prime? 22

Dr. Alekha Kumar Mishra

Dr. Alekha Kumar Mishra

Dr. Alekha Kumar Mishra

a = q1 x b + r1, r1= ax1 + by1, 0  r1 < b

b = q2 x r1 + r2, r2= ax2 + by2, 0  r2 < r1

r1 = q3 x r2 + r3, r3= ax3 + by3, 0  r3 < r2

rn-2 = qn x rn-1 + rn, rn= axn + byn, 0  rn < rn-1

Dr. Alekha Kumar Mishra

Also, ri-2= axi-2 + byi-2 and ri-1= axi-1 + byi-1

Substituting these values in equation of ri we get,

ri = axi-2 + byi-2 - ( axi-1 + byi-1 ) qi

= a( xi-2 - qi xi-1 ) + b ( yi-2 - qi yi-1 )

Where, xi = xi-2 - qi xi-1 , and yi = yi-2 - qi yi-1

Dr. Alekha Kumar Mishra

Dr. Alekha Kumar Mishra

Dr. Alekha Kumar Mishra

Dr. Alekha Kumar Mishra

Dr. Alekha Kumar Mishra