1 / 41

Lecture 07: INTEGERS Sections 2.4, 2.5, 2.6 Pages 153-212

This lecture explores topics such as divisibility, primes, greatest common divisor, least common multiple, congruence, and their applications in cryptography and hashing functions. It also explains algorithms for computing divisions and prime factorization.

mnoyes
Download Presentation

Lecture 07: INTEGERS Sections 2.4, 2.5, 2.6 Pages 153-212

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 07: INTEGERSSections 2.4, 2.5, 2.6Pages 153-212 CS1050: Understanding and Constructing Proofs Spring 2006 Jarek Rossignac

  2. Lecture Objectives • Divisibility • Primes • GCD, LCM • Congruence and applications: random, hash, ciphers • Representing, adding, multiplying integers in base 2 • Algorithms for computing b div m, b mod m, bnmod m • Prime decomposition

  3. When does x divide y? • When y/x is an integer • zZ : y=zx • Assuming that both are integers and x is not zero • Notation: x | y • I will write x !| y when x does not divide y

  4. When is x a factor of y? • when x | y

  5. What are important divisibility properties? Assume that a, b, and c are integers • (a | b)  (a | c)  a | (b+c) • if a divides b and c, it divides their sum • Proof: a | b  xZ b=xa , a | c  yZ c=ya, b+c=xa+ya=(x+y)a • a | b  c ( a | bc ) • if a divides b, then it divides all multiples of b • Proof: • a | b  b | c  a | c • if a divides b and b divides c, then a divides c • Proof: • (a | b)  (a | c)  mZ nZ (a | (mb+nc)) • if a divides b and c, it divides their linear combinations with integer coef

  6. When is p a prime? When • p is an integer > 1 and • p and 1 are its only factors Examples: 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47 An integer greater than 1 that is not prime is called composite

  7. Fundamental theorem of arithmetic? • Every integer greater than 1 can be written uniquely as a product of one or more primes (“divisors”) of non-decreasing size • Example: 100 = 2255

  8. Bound a prime divisor of a composite n • n composite  n has a prime divisor not exceeding √n Proof • If n is composite, it can be written n=ab, with 1<a and 1<b • If both a and b were > √n we would have a contradiction • Assume wlog that a ≤ √n • If a is prime, we are done • If not, it has a prime divisor <a (Fundamental theorem of Arithmetic)

  9. How to check whether n is prime? • n is prime  prime p (p ≤ √n)  (p !| n) Translate this into an algorithm:

  10. How to find the prime factorization of n? factors = emptyList; m=n For all primes p from 2 to √n do if (p|m) {emptyList.add(p); m=m/p;}; Is this algorithm correct? If not, fix it!

  11. Prove that there are infinitely many primes Euclid’s proof by contradiction • Assume that the only primes are p1, p2…pn • Let Q = p1p2…pn+1 • If Q is prime, we have a contradiction • Otherwise, Q can be written as the product of 2 or more primes. • This is impossible, since if one of the primes pi divided Q it would also divide Q – p1p2…pn=1

  12. What is the division “algorithm”? • Let a be an integer and d be a positive integer • There are unique integers q and r with 0≤r<d such that a=dq+r • d is the divisor • a is the dividend • q is the quotient, can be written q = a div d • r is the remainder, can be written r = a mod d What is –11 div 3 ? What is –11 mod 3 ?

  13. Greatest common divisor of a and b? • Assume that a and b are integers and at least one of them is not zero. • Their greatest common divisor, gcd(a,b), is the largest integer d such that d|a and d|b What is gcd(24,36)? 2: (12,18) 22: (6,9) 223: (2,3)

  14. When are two integers relatively prime? • When their GCD is 1 Find the smallest integer larger than 1 that is relatively prime with 9.

  15. The least common multiple of a and b? • Assume a and b are positive integers • Their least common multiple lcm(a,b) is the smallest integer that is divisible by both.

  16. What is gcd(a,b)  lcm(a,b) ? gcd(a,b)  lcm(a,b) = ab What is the essence of a proof?

  17. When are a and b congruent modulo m? • Assume a, b, m are integers and m is positive. • ais congruent to b modulo m if m divides a–b • Notation: ab (mod m) • Theorem: ab (mod m)  (a mod m) = (b mod m) • Theorem: ab (mod m)  kZ a = b+km • Theorem: ab (mod m) and cd (mod m)  a+cb+d (mod m) and acbd (mod m)

  18. What is a hashing function? • Maps an integer k to a positive integer h(k) less than m • To speed up search of people in a table (memory) of m entries. • We want to hash each person to a memory location h(k) where k is the SS number. • If we have more than one person hashed to the same location, we have a collision. • Assign the next free location or use a pointer to a list of all people hashed there • Most common hashing: h(k)=k mod m

  19. How to generate pseudorandom numbers? • Chose 4 integers • m: modulo • a: multiple with 2≤a<m • c: increment with 0≤c<m • x0: seed with 0≤ x0<m • Then iterate: xn+1=(axn+c) mod m How do you get random numbers between 0 and 1?

  20. What was Caesar’s cipher? An important application of congruence is cryptology Caesar’s shift cipher: • Map letters of the alphabet to consecutive integers 0, 1, 2… • Perform a circular shift by 3 • AD, CE,…ZC • How would you encode it using congruence? • How would you decode it using congruence? • How many variables need to be guessed to break the code? • How could you break it? • Increase security to require 3 variables.

  21. How to represent integer n in base b? • Assume b is an integer >1 • There is a unique way of writing n as: n=akxk+ak–1xk–1+…a1x+a0 • where • k is a non-negative integer, • ak, ak–1,… a1 , a0 are non-negative integers less than b, • ak≠0 • b is the base of the expansion of n

  22. What is the binary expansion of n? • Bit string akak–1… a1a0 of the expansion of n in base 2

  23. How to expand n in base b? • Let m=n • Let E=empty string; • Repeat E = (m mod b)+E; #pre-concatenation quotient to stings m= m div b; # keep the reminder m=bq+r until (m==0) Example: What is the binary expansion of 241? Hexadecimal expansion: base 16 Blocks of 4 consecutive bits in base 2 Written 0, 1, …9, A, B, C, D, E, F

  24. How to add integers in base 2? • Usual right-to-left addition with carry propagation • 0+0=0, 1+0=1, 1+1=10 Example: add use base 2 to add 8+9 and verify Binary expansion of 8: (…)2 Binary expansion of 9: (…)2 Sum in base 2: (…)2 Decimal value:

  25. How to program the addition? Let o be the carry from adding the previous bits We want the new carry c and sum s of adding bits a and b Provide Boolean expressions for s= c=

  26. How to multiply two k-bit integers? a=ak2k+ak–12k–1+…a12+a0 b=bk2k+bk–12k–1+…b12+b0 ab=akb2k+ak–1b2k–1+…a1b2+a0b Sum the terms ajb2j where aj=1 Obtain ajb2j by shifting bto the left j times,padding with a 0 How many one bit shifts are needed ? Can we use Horner’s rule here? How?

  27. What is the fast modular exponentiation? How to compute bnmod m? Important in cryptology to compute bnmod m for large b, n, m. Can’t compute bn and then the remainder, because bn is too large Instead, use binary expansion Assume n=(ak–1… a1a0)2 Successively compute pj=b2jmod m as (pj–1)(pj–1) mod m Keep track of the sum of pj values where aj=1

  28. How to compute a div d and a mod d? q=0; r=|a|; while (r≥d) {r=r–d; q=q+1;}; if ((a<0) &&(r>0)) {r=d–r; q=–(q+1);}; #q = a div d, r = a mod d qd r 0 d r 0 d a qd 0 d –(q+1)d r 0 d

  29. What is the Euclidean algorithm? • A faster method for gcd • Note that gcd(bq+r,b)=gcd(b,r) • Proof: Assume d|bq+r and d|b. Then d|(bq+r–qb). Hence d|b and d|r. • Assume d|b and d|r. Then d|(bq+r). • Hence common divisors of bq+r and b are the same as those of b and r. Euclidean algorithm gcd(a,b) x=a; y=b; while (y!=0) {r=x mod y; x=y; y=r;}; return(x); gcd(662,414) 662=414•1+248 414=248•1+166 248=166•1+82 166=82•2+2 82=2•41+0 # gcd(414,662)=2 , the last non zero remainder

  30. Find s and t such that gcd(a,b)=sa+tb gcd(252,198)=18=252s+198t #18 =54 – (198 – (252 –198 •1 )•3 )•1 252 = 198 •1 + 54 #18 =54 – (198 – (54)•3 )•1 198 = 54 •3 + 36 #18 =54 – (36)•1 54 = 36 •1 + 18 36 = 18•2

  31. Lemma • Assume that a, b, and c are positive integers • gcd(a,b)=1 and a|bc then a|c • a does not divide b, but divides bc, so it must divide c • Proof: • a|bc  a|tbc (from slide 5) • a|sac and a|ctb  a|(sac+ctb) (from slide 5) • gcd(a,b)=1  sa+tb=1  sac+ctb=c, multiply by c

  32. Prime factorization (p is prime)  (p|a1a2…an) then j p|aj • The factorization of an integer into prime, listed in non-decreasing order is unique • Proof: By contradiction • Assume that we have two different factorizations A and B). • Remove their common primes, we still have A’=B’. • Then, a prime p of one (say A’) must divide B’ (since A’=B’) • So, p must divide one of the primes of B’ • But p is not a prime listed in B’ and hence we have a contradiction

  33. Another property Let a, b, c, and m be integers. Assume m>0. (acbc (mod m))  (gcd(c,m)==1)  ab (mod m) When computing mod m, we can divide both terms by a common divisor that is relatively prime to m

  34. What is the inverse modulo m? Let a and m be relatively prime integers and m>1. a is the inverse of a module m if aa1 (mod m) Theorem: a exists and is unique (modulo m) What is the inverse of 3 modulo 7? gcd(3,7)=1, hence, the inverse of 3 exists (theorem) 7 = 2 •3 + 1 1• 7 – 2 •3 = 1 (1• 7 – 2 •3) mod 7 = 1 (–2 •3) mod 7 = 1 –2 is the inverse of 3 modulo 7 (7 •3 –2 •3) mod 7 = 1 (5 •3) mod 7 = 1 5 is the inverse of 3 modulo 7

  35. How to solve a linear congruence? An equation of the form axb (mod m) is a linear congruence. To find all x that satisfy this equation, Find the inverse a of a modulo m Multiply both sides by a to get aaxab (mod m) Since aa 1 (mod m), we obtain xab (mod m)

  36. What is the Chinese reminder theorem? The system of linear congruences: x  ai (mod mi) where the mi are pairwise relatively prime has a unique solution modulo m=mi Example. Solve: x  2 (mod 3), x  3 (mod 5), x  2 (mod 7) m=3•5•7=105, M1=m/3=35, M2=m/5=21, M3=m/7=15. The inverse y1 of M1 modulo 3 is 2, since (35•2) mod 3 = 1. The inverse y2 of M2 modulo 5 is 1, since (21•1) mod 5 = 1. The inverse y3 of M3 modulo 7 is 1, since (15•1) mod 7 = 1. The solutions are x  a1M1y1+a2M2y2+a3M3y3 mod M here: x  233  23 (mod 105)

  37. How to compute with large integers • Relatively prime integers mi larger than 1 form a basis • Let m be their product • Any positive integer a < m can be uniquely represented as (a mod m1,a mod m2, … a mod mn) We can use this representation for large integers and distribute the arithmetic operations to the components. Then, we recover the solution by solving the system of congruences.

  38. What is Fermat’s little theorem? If p is prime and a is an integer not divisible by p, then ap–1  1 (mod p) Furthermore, for every integer a, we have ap  a (mod p) Note that ap–1  1 (mod p) does not imply that p is prime. When bn–1  1 (mod n) and n is not prime, we say that it is pseudoprime to the base b If n does not satisfy bn–1  1 (mod n) then it is composite. We can use several bases to weed out composites when looking from primes.

  39. What is the RSA encryption? • I have a publicly known encryption key. • You can use it to send me an encrypted message, but cannot decrypt messages others send me. • I keep the decryption key secret! In 1976 Rivest, Shamir, Adleman introduced the RSA system based on the product of two large primes Given two encryption keys: modulus n=pq (where p anq q are large primes) and exponent e relatively prime to (p–1)(q–1), you encode an integer M (representing several characters) as C=Memod n (use fast modular exponentiation p 176) I have p, q and d, the inverse of e modulo (p–1)(q–1). I decode your message as M=Cd mod pq To compute d, you would need to factor n. Too slow.

  40. Assigned Homework • Next quiz will cover 2.2–2.7 (two lectures) • Caesar’s cipher and its variations • Exercises: 13, 17, 37b page 167 • Exercises: 40 page 168 • Exercises: 1a, 3a page 179 • Exercises: 27, 31 page 180 • Exercises: 7, 15, 19, 37 page 194-195

  41. Assigned Project • P3 Constructive Solid Geometry in 2D • Due Feb 14 before class through your PPP

More Related