Math For Cryptology 1 This presentation contains the fundamental math you need to understand cryptology. It is not the case that this math will make you.

Math For Cryptology

1

• This presentation contains the fundamental math you need to understand cryptology. It is not the case that this math will make you a master of cryptology, or an expert. But it will give you the basis for understanding cryptology.

Diophantine Algebra

• Represents the end of a movement among Greeks away from geometrical algebra to a system of algebra that did not depend on geometry•Diophantus – Greek mathematician from Alexandria•Often considered the “father of Algebra”•Wrote series of books “Arithmetica” – features work on

solutions of algebraic equations to theory of numbers• 189 problems in “Arithmetica” were all solved by a

different method• Some of his writings from this series are still lost•No general method to his solutions•Accepted only positive rational roots

• Diophantus was the first Greek mathematician to recognize fractions as numbers• His discoveries led to what we know today as “Diophantine Equations”

and “Diophantine Approximations”• Furthermore, he introduced the syncopated & symbolic styles of writing• We know essentially nothing of his life and are uncertain about the date

at which he lived (200-284).• The only know detail of his age was a phrase written by Metrodorus

which stated: “his boyhood lasted 1/6th of his life, he married after 1/7th more, his beard grew after 1/12th more, and his son was born 5 years later, the son lived to half his father’s age and the father died 4 years after the son”• Translates to: he married at 26 son died at 42, so Diophantus died at 84.

Diophantine Algebra

Stages of Algebra

•The development of algebra progressed through 3 stages:•Rhetorical – no use of symbols, verbal only•Syncopated – abbreviated words•Symbolic – use of symbols, used today

Rhetorical Algebra

•1650 BCE-200 CE•Early Babylonian and Egyptian algebras were both rhetorical•In Greece, the wording was more geometric but was still rhetorical.•The Chinese also started with rhetorical algebra and used it longer.

Syncopated Algebra

•200 CE-1500 CE•Started with Diophantus who used syncopated algebra in his Arithmetica (250 CE) and lasted until 17th Century BCE.•However, in most parts of the world other than Greece and India, rhetorical algebra persisted for a longer period (in W. Europe until 15th Century CE).

Symbolic Algebra

•Began to develop around 1500 but did not fully replace rhetorical and syncopated algebra until the 17th century•Symbols evolved many times as mathematicians

strived for compact and efficient notation•Over time the symbols became more useable and

standardized

Below is a table of various forms in which the modern day equation 4x2 + 3x = 10 might have been written by different mathematicians from different countries and at different times.

Nicolas Chuquet 1484 42 p31 égault 100

Vander Hoecke 1514 4 Se + 3 Pri dit is ghelijc 10

F.Ghaligai 1521 4 e 3c° - 10 numeri

Jean Buteo 1559 4 p 3 p [ 10

R.Bombelli 1572 p equals á 10

Simon Stevin 1585 4 + 3 egales 10

François Viète 1590 4Q + 3N aequatus sit 10

Thomas Harriot 1631 4aa + 3a === 10

René Descartes 1637 4ZZ + 3Z 10

John Wallis 1693 4XX + 3X = 10

Types of Algebra

•Algebra is divided into two types:• Classical algebra – equation solving• Abstract/Modern algebra – study of groups

•Classical algebra has been developed over a period of 4,000 years, while abstract algebra has only appeared in the last 200 years.

Classical Algebra

•Finding solutions to equations or systems of equations• i.e. finding roots or values of unknowns•Uses symbols instead of specific numbers•Uses arithmetic operations to establish procedures

for manipulating symbols

Abstract Algebra

•In the 19th century algebra was no longer restricted to ordinary number systems. Algebra expanded to the study of algebraic structures such as:•Groups•Rings•Fields•Modules•Vector spaces

Subject Areas Under Abstract Algebra:

•Algebraic number theory - study of algebraic structures to algebraic integers•Algebraic topology – study of topological spaces•Algebraic geometry – study of algebra and

geometry combined

Algebraic Number Theory

•Study of algebraic spaces related to algebraic integers•Accomplished by a ring of algebraic integers O in a

algebraic number field K/Q•Studies the algebraic properties such as

factorization, behavior of ideals, and field extensions

Algebraic Topology

•Study of qualitative aspects of spatial objects–Surfaces, spheres, circles, knots, links, configuration spaces, etc.

•Also viewed as the study of “disconnectives”–Interpreted as a hole in space

•Example: We live on the surface of a sphere, but locally it is difficult to distinguish this from living on a flat plane

Algebraic Geometry

•Combines techniques of abstract algebra with the language and the problems of geometry•Areas of study in are algebraic sets, systems of polynomial equations, plane curves (lines, circles, parabolas, ellipses, hyperbolas, and cubic curves)•Study of special points such as singular points, inflection points, and points at infinity

About Matrices

A matrix is a rectangular arrangement of numbers in rows and columns. Rows run horizontally and columns run vertically.

The dimensions of a matrix are stated “m x n” where ‘m’ is the number of rows and ‘n’ is the number of columns.

Vectors and Matrices

• Matrix is an array of numbers with dimensions M (rows) by N (columns)• 3 by 6 matrix• element 2,3 is (3)

• Vector can be considered a 1 x M matrix•

zyxv

100025114311212003

Types of Matrix

• Identity matrices - I

• Diagonal

1001

1000010000100001

• Symmetric

• Diagonal matrices are (of course) symmetric• Identity matrices are (of

course) diagonal

4000010000200001

fecedbcba

Different types of Matrices

• Column Matrix - a matrix with only one column.

• Row Matrix - a matrix with only one row.

• Square Matrix - a matrix that has the same number of rows and columns.

Operation on Matrices

• Addition• Done elementwise

• Transpose• “Flip” (M by N becomes N by M)

s d r c

q b p a

s r

q p

d c

b a

379724651

376825941

T

Operations on Matrices

•Multiplication•Only possible to multiply of dimensions• x1 by y1 and x2 by y2 iff y1 = x2 • resulting matrix is x1 by y2

• e.g. Matrix A is 2 by 3 and Matrix by 3 by 4• resulting matrix is 2 by 4

• Just because A x B is possible doesn’t mean B x A is possible!

Equal Matrices

• Two matrices are considered equal if they have the same number of rows and columns (the same dimensions) AND all their corresponding elements are exactly the same.

Special Matrices

Some matrices have special names because of what they look like.

a) Row matrix: only has 1 row.b) Column matrix: only has 1

column.c) Square matrix: has the same

number of rows and columns.d) Zero matrix: contains all zeros.

Matrix Addition

You can add or subtract matrices if they have the same dimensions (same number of rows and columns).

To do this, you add (or subtract) the corresponding numbers (numbers in the same positions).

Matrix Addition

2 4 1 0

5 0 2 1

1 3 3 3

Example:

3 4

7 1

2 0

Matrices as linear equations

• The next slide shows a matrix re-written as a linear equation and solved.

* Write as linear equations.2. 3x yx 2y

x 3

y 2

7y7

y1

2x y 3

2x 6y4

2x 1 3

2x 2

x 1

* Combine like terms.* Solve using elimination.

3x y x 3

x 2y y 2

x 2y y 2

1 2 1 1 2

1 2 1

1 1

2x y 3

x 3y 2

Scalar Multiplication

To do this, multiply each entry in the matrix by the number outside (called the scalar). This is like distributing a number to a polynomial.

Scalar Multiplication

2 4

4 5 0

1 3

Example:

8 16

20 0

4 12

Matrix multiplication

• Here is a key point: You cannot just multiply each number by the corresponding number in the other matrix. Matrix multiplication is not like addition or subtraction.

From: http://www.freemathhelp.com/matrix-multiplication.html

Matrix Multiplication Continued

• The first two steps

From: http://www.freemathhelp.com/matrix-multiplication.html

Matrix Multiplication

• Steps 3 & 4

From: http://www.freemathhelp.com/matrix-multiplication.html

Matrix Multiplication

• Step 5

From: http://www.freemathhelp.com/matrix-multiplication.html

Matrix Multiplication

Matrix Multiplication is NOT Commutative! Order matters! You can multiply matrices only if the number of columns in

the first matrix equals the number of rows in the second matrix.

2 3

5 6

9 7

2 columns2 rows

1 2 0

3 4 5

If n is a negative number then you add as many multiples of m as necessary to get an answer in the range 0 – m.

Examples17 mod 5 = 2 7 mod 11 = 720 mod 3 = 2 11 mod 11 = 0-3 mod 11 = 8 -1 mod 11 = 1025 mod 5 = 0 -11 mod 11 = 0

•Two numbers a and b are said to be “congruent modulo n” if

(a mod n) = (b mod n) a ≡ b(mod n)•The difference between a and b will be a multiple

of n So a-b = kn for some value of k

E.g: 4 9 1419 -1 -6 mod 573 4(mod 23); 21 -9(mod 10)If a 0 (mod n), then n|a.

Properties of Congruences

1. a b (mod n) if n|(a-b)2. a b (mod n) implies b a (mod n)3. a b (mod n) and b c (mod n) imply a c (mod n)

Proof of 1.If n|(a-b), then (a-b) = kn for some k. Thus, we can writea = b + kn. Therefore, (a mod n) = (remainder when b + kn is divided by n) =

(remainder when b is divided by n) = (b mod n).

Examples

23 8 (mod 5) because 23 -8 =15 = 5x3 -11 5 (mod 8) because -11-5 =-16 = 8x(-2)81 0 (mod 27) because 81-0=81 = 27x3

Congruence Classes

• This section, we are grouping numbers, based on their reminders.

18 ÷ 4 = 4 r. 2

22 ÷ 4 = 5 r. 2

78 ÷ 4 = 19 r. 2

These are said to be in the same congruence class.18 ≡ 22 (mod 4) bc their remainders are the same

How many congruence classes are there in modulo 7?

• 77 ÷ 7 = 11 r. 0

• 78 ÷ 7 = 11 r. 1

• 79 ÷ 7 = 11 r. 2

• 80 ÷ 7 = 11 r. 3

• 81 ÷ 7 = 11 r. 4

• 82 ÷ 7 = 11 r. 5

• 83 ÷ 7 = 11 r. 6

• 84 ÷ 7 = 12 r. 0

R0

R0

R1

R2

R3

R4

R5

R6

77 ≡ 84 (mod 11)

There are 7 congruence classes!

Euclidian Algorithm• The Euclidean algorithm proceeds in a series of steps such that the output of each step is used as an input

for the next one. Let k be an integer that counts the steps of the algorithm, starting with zero. Thus, the initial step corresponds to k = 0, the next step corresponds to k = 1, and so on.• Each step begins with two nonnegative remainders rk−1 and rk−2. Since the algorithm ensures that the

remainders decrease steadily with every step, rk−1 is less than its predecessor rk−2. The goal of the kth step is to find a quotient qk and remainder rk such that the equation is satisfied• rk−2 = qk rk−1 + rk• where rk < rk−1. In other words, multiples of the smaller number rk−1 are subtracted from the larger

number rk−2 until the remainder is smaller than the rk−1.• In the initial step (k = 0), the remainders r−2 and r−1 equal a and b, the numbers for which the GCD is

sought. In the next step (k = 1), the remainders equal b and the remainder r0 of the initial step, and so on. Thus, the algorithm can be written as a sequence of equations• a = q0 b + r0b = q1 r0 + r1r0 = q2 r1 + r2r1 = q3 r2 + r3…• If a is smaller than b, the first step of the algorithm swaps the numbers. For example, if a < b, the initial

quotient q0 equals zero, and the remainder r0 is a. Thus, rk is smaller than its predecessor rk−1 for all k ≥ 0.• Since the remainders decrease with every step but can never be negative, a remainder rN must

eventually equal zero, at which point the algorithm stops.[15] The final nonzero remainder rN−1 is the greatest common divisor of a and b. The number N cannot be infinite because there are only a finite number of nonnegative integers between the initial remainder r0 and zero.

Euclidian Algorithm• This is used in solving Diophantine equations.• The algorithm is based on the following two observations:• 1.If b|a then gcd(a, b) = b. • This is indeed so because no number (b, in particular) may have a divisor greater than the number itself (I am

talking here of non-negative integers.)• 2.If a = bt + r, for integers t and r, then gcd(a, b) = gcd(b, r). • Indeed, every common divisor of a and b also divides r. Thus gcd(a, b) divides r. But, of course, gcd(a, b)|b.

Therefore, gcd(a, b) is a common divisor of b and r and hence gcd(a, b) ≤ gcd(b, r). The reverse is also true because every divisor of b and r also divides a.• Example• Let a = 2322, b = 654.• 2322 = 654·3 + 360 gcd(2322, 654) = gcd(654, 360) • 654 = 360·1 + 294 gcd(654, 360) = gcd(360, 294) • 360 = 294·1 + 66 gcd(360, 294) = gcd(294, 66) • 294 = 66·4 + 30 gcd(294, 66) = gcd(66, 30) • 66 = 30·2 + 6 gcd(66, 30) = gcd(30, 6) • 30 = 6·5 gcd(30, 6) = 6 • Therefore, gcd(2322,654) = 6.

A Diophantine equation is any equation for which you are interested only in the integer solutions to the equation.

Thus a linear Diophantine equation is a linear equation ax + by c with integer coefficients for which you are interested only in finding integer solutions.

Basic Math facts you need• A group is an algebraic system consisting of a set, an identity element, one operation and

its inverse operation.• An Abelian Group or commutative group has an additional axiom a+b = b+a if the operation

is addition ab = ba if the operation is multiplication • A Cyclic Group is a group that has elements that are all powers of one of its elements. • A ring is an algebraic system consisting of a set, an identity element, two operations and

the inverse operation of the first operation. • A field is an algebraic system consisting of a set, an identity element for each operation,

two operations and their respective inverse operations. • GF(p) for any prime, p, this Galois Field has p elements which are the residue classes of

integers modulo p. • m GF(pm ) for any prime, p, and m greater than zero, this Galois Field m has pm elements which is a

Field of polynomials over GF(p) modulo an irreducible polynomial of degree m. m GF(q) for q = pm for anyprime, p, and m greater than zero, this Galois Field has q elements of the vector space of dimension m over GF(p).

• An algebra is a set of elements and a set of laws that apply to the elements. One way to define various types of algebras such as rings, fields, Galois Fields and the like, is to list the possible laws (axioms, postulates, rules) that might apply, then define each algebra in terms of which laws apply.

Prime Numbers

A prime number is any number whose factors are 1 and itself. So 2, 3, 5, 7, 11, 13, 17, 23, etc. are prime numbers. Prime numbers are used in some public key cryptography algorithms (which we will study in lesson 4) such as RSA.Prime Number Theorem: If a random number N is selected, the chance of it being prime is approximately 1 / ln(N), where ln(N) denotes the natural logarithm of N.

L9 46

Fundamental Theorem of Arithmetic

THM: Any number n 2 is expressible as as a unique product of 1 or more prime numbers.

Note: prime numbers are considered to be “products” of 1 prime. We’ll need induction and some more number theory tools to prove this.Q: Express each of the following number as a product of primes: 22,

100, 12, 17

The prime number theorem

• The ratio of the number of primes not exceeding x and x/ln(x) approaches 1 as x grows without bound• Rephrased: the number of prime numbers less than x is approximately x/ln(x)

(in 1792 by Gauss at 15...)• Rephrased: the chance of an number x being a prime number is (roughly) 1 / ln(x)

• (density: there are n numbers up to n with roughly n/ln(n)

• being prime. So, frequency of primes among n numbers is around 1/ln(n).)• So, less frequent for higher x• But still, there are many primes!! (key for crypto!!)

• Consider 200 digit prime numbers• ln (10200) 460• The chance of a 200 digit number being prime is 1/460• If we only choose odd numbers, the chance is 2/460 = 1/230

Euclid’s Elements, ~300 B.C.

Book VII, Definition 22:“A perfect number is that which is equal to its own parts.”

Examples:6 = 3 + 2 + 128 = 14 + 7 + 4 + 2 + 1

Source of the concept

• Plato’s Theaetetus contains a section indicating that the idea predates Euclid.• Later tradition credits the Pythagoreans, but Aristotle documents a

different use by them of the term perfect number.• The unit fractions of the Egyptians have also been suggested as a

source:1/2 + 1/3 + 1/6 = 1, for example.

Euclid’s Elements, Book IX, Proposition 36“If as many numbers as we please, beginning from a unit be set out

continuously in double proportion, until the sum of all becomes prime, and if the sum multiplied into the last make some number, the product will be perfect.”

Illustration in proof: 1 + 2 + 4 + 8 + 16 = 31 is prime, so 31 x 16 = 496 is perfect.

Euclid’s formula: If 2n –1 is prime, then 2n-1(2n –1) is

perfect.

Eratosthenes, ~250 B.C.

• Showed how to systematically produce tables of primes using a “sieve”.• Presumably could have easily discovered that 27-1 = 127 was prime,

thus proving that 26(27-1) = 8128 was the fourth perfect number.

• Note: in the next presentation we show the specifics of Erotasthenes siev

The Neo-Pythagoreans

Philo Judaeus, The Creation of the World, (c. 30 A.D.): “It was fitting, therefore, that the world, being the most perfect of created things, should be made according to the perfect number, namely, six.”

Nicomachus, Introduction to Arithmetic, (c. 100 A.D.)

“It comes about that even as fair and excellent things are few and easily enumerated, while ugly and evil ones are widespread, so also the superabundant and deficient numbers are found in great multitude and irregularly placed – for the method of their discovery is irregular – but the perfect numbers are easily enumerated and arranged with suitable order; for only one is found among the units, 6, only one other among the tens, 28, and a third in the rank of the hundreds, 496 alone, and a fourth within the limits of the thousands, that is, below ten thousand, 8128. And it is their accompanying characteristic to end alternately in 6 or 8, and always to be even.”

Table of factors of 2n–1, for n to 10 • 21 –1 = 1• 22 –1 = 3 prime• 23 –1 = 7 prime• 24 –1 = 15 = 3 · 5• 25 –1 = 31 prime• 26 –1 = 63 = 3 · 3 · 7• 27 –1 = 127prime• 28 –1 = 3 · 5 · 17• 29 –1 = 511 = 7 · 73• 210 –1 = 1023 = 3 · 11 · 31

Note: n is prime when 2n –1 is prime!

Arabic mathematicians

• Ibn al-Haytham (Alhazen, 965-1039) attempted to show that all even perfect numbers were of Euclid’s form.

• Ibn Fallus (1194-1252) claimed that Euclid’s formula gave primes for n = 2, 3, 5, 7, 9, 11, 13, 17, 19, and 23.

Italians and Germans

Regiomontanus and anonymous codices (c. 1458-1461): n = 2, 3, 5, 7, 13, 17 give the first six perfect numbers according to Euclid’s formula. Case of 13 was justified. 217–1 = 131,071 would have required 72 divisions to prove it prime. It was also noted that 211–1 = 2047 was equal to 23·89 and was therefore not prime.

Cataldi (1548-1626)

Proved that n must be prime and used a table of all primes up to 750 to prove that n = p = 2, 3, 5, 7, 13, 17, and 19 generate the first seven perfect numbers. 219–1 = 524,287 required 128 divisions by all the primes up to 719 to prove it is prime.

Pierre de Fermat (1601-1665)

•Discovered that all possible factors of 2p

–1 for p prime must be of the form 2kp + 1 and found factors for p = 23, 37, and possibly 29, eliminating these as possible perfect number generators.

•What about p = 31?

Marin Mersenne (1588-1648)

•Claimed that 2p – 1 was prime for p = 2, 3, 5, 7, 13, 17, 19, 31, 67, 127, 257, and for no other numbers in this range.

•His conjecture resulted in a prime of the form 2p – 1 being named a Mersenne prime.

Leonhard Euler (1707-1783)

• Showed that factors of 2p – 1 must leave a remainder of 1 or 7 upon division by 8, which reduced the number of possible factors by roughly half.

• He then proved that 231 – 1 is prime by testing all 84 possible prime factors.

Euler also proved that all even perfect numbers were given by Euclid’s formula. Descartes had said he saw no reason that an odd perfect number could not exist, but Euler discovered some strong constraints on the form of any such number.

Édouard Lucas (1842-1891)

• Invented a primality testing method for Mersenne numbers in 1876 that did not require testing all possible factors.• Computed that p = 127 resulted in a Mersenne prime.• Computed that p = 67 resulted in a composite, but the

composite character of 267 – 1 was not considered settled until 1894.

Between 1883 and 1914, the Mersenne primes for p = 61, 89, and 107 were discovered, resulting in a total of 12 known Mersenne primes and 12 known perfect numbers.

Derrick H. Lehmer (1905-1991)

• Refined Lucas’ test, now known as the Lucas-Lehmer primality test for Mersenne numbers.

• Lehmer and his wife, Emma Trotskaia Lehmer, proved in 1932 that 2257 – 1, the last number on Mersenne’s list, was actually composite.

Dawn of computer age

• All p up to 257 were settled.

• Max Newman and Alan Turing tested all p up to 509 on the University of Manchester Mark I computer in 1951 without finding any more Mersenne primes.

Raphael Robinson (1912-1995)

• Used the SWAC computer at UCLA between January and October of 1952.

• Discovered 5 new Mersenne primes for p = 521, 607, 1279, 2203, and 2281.

• Brought the total number of known Mersenne primes to 17.

By 1996, there were 34 known Mersenne primes, with the last eight discoveries made on supercomputers.

Great Internet Mersenne Prime Search (GIMPS)

•Launched in 1996 by George Woltman.•Over 100,000 participants.•Assignments coordinated by the PrimeNet server.•Has discovered 12 new Mersenne primes in 13 years.

Largest known prime: 243,112,609 – 1 • Discovered August 23, 2008.• Contains 12,978,189 decimal digits.• Verified using multi-processor machines.• The associated perfect number, 243,112,608(243,112,609 – 1),

contains 25,956,377 digits!• Claimed the EFF $100,000 prize for the first proven prime of

over ten million digits.

Known Mersenne prime exponents p, 2^p - 1 is prime

0

5

10

15

20

25

0 5 10 15 20 25 30 35 40 45

Mersenne prime number in order of size

log2

(p)

Known Mersenne prime exponents p, 2^p - 1 is prime

0

5

10

15

20

25

0 5 10 15 20 25 30 35 40 45

Mersenne prime number in order of size

log2

(p)

Odd perfect numbers?

• The question of their existence has been called the oldest unsolved math problem.• Must contain over 300 digits.• Must contain at least 75 prime factors.• Must contain at least 9 distinct prime factors.• Heuristic arguments suggest that none exist, but the question is still

open.

Fermat primes

•Fermat knew that for 2n +1 to be prime, n must be a power of 2:•21 + 1 = 3 prime•22 + 1 = 5 prime•24 + 1 = 17 prime•28 + 1 = 257 prime•216 + 1 = 65537 prime•Fermat thought that these numbers 22m

+ 1 were always prime!

WRONG!

• Euler proved in 1732 that 232 +1, the “fifth” Fermat number, was composite:• 232 +1 = 4,294,967,297 = 641 · 6,700,417.• We now know that the 5th through the 32nd Fermat numbers are all

composite, as well as over 200 larger Fermat numbers.• Most of these numbers have been proven composite through finding

factors.

• Euler and Lagrange: Any factor of a Fermat number 22m + 1 must be

of the form k·2n + 1 where n ≥ m + 2.

• Early researchers noted that some k values gave sequences of k·2n + 1 that were rich in primes, other k values gave sequences very sparse in primes.

Waclaw Sierpiński (1882-1969)

Proved in 1960 that there are infinitely many positive odd integer values of k such that k·2n + 1 is composite for any positive integer n.

• John Selfridge proved in 1962 that k = 78557 is an example of such a Sierpiński number, and raised the question of whether it was the smallest.• It can be easily proven that for all n, 78557·2n+1 is always divisible by

at least one number in the finite “covering set” {3,5,7,13,19,37,73}.

Paul Erdős (1913-1996)

• Conjectured that any Sierpiński number must have a finite covering set.• Recent evidence indicates that his conjecture is probably false for

certain values of k which are perfect powers.• It is still believed that 78557 is the smallest Sierpiński number.

The Sierpiński Problem

• For each positive odd integer k < 78557, find a positive integer n such that k·2n+1 is prime.• The distributed computing project Seventeen or Bust was started in

2002 to work on the remaining 17 k values.• To date, six k values are still unresolved.

The dual Sierpiński problem

• Replace n by a negative integer: k·2-n+1 = (k + 2n) / 2n.• Again, 2n +78557 is always composite with the same covering set

{3,5,7,13,19,37,73}.• Is k = 78557 the smallest positive odd integer with this property?

Dual Sierpiński investigation:

• For each positive odd k < 78557, find an n such that k + 2n is prime.• Of these 39,278 values of k, a prime value of k + 2n is known for all

but 33 of them.• For 30 of these 33 remaining k values, a probable prime value of k +

2n is known.• The three remaining sequences are being searched by “Five or Bust”.

Probable primes

•Pass tests that all prime numbers will pass and most composite numbers will fail.•Term is usually used for numbers which are not proven primes.•Called “industrial grade” primes in cryptology.

Large probable primes discovered in this dual Sierpiński investigation:• 21191375 + 8543, discovered June 2008 at LCC, at 358,640 digits was the

record holder until October.• 21518191 + 75353, discovered January 4, 2009 by Five or Bust, at

457,022 digits held the record for a short time.• 22249255 + 28433, discovered January 26, 2009 by Five or Bust, at

677,094 digits is the current record holder.

Fact sheet on 22249255 + 28433

• The probability that this record probable prime is actually composite is less than one in 10900.• To prove that it is actually prime would take an estimated 3 billion

years.• If the Generalized Riemann Hypothesis is ever proven, we could

prove it is prime in just one year using 3 billion computers!

Five or Bust

• Begun in October 2008 to search the remaining 5 sequences 2n + k.• Sieving removes candidates divisible by a “small” factor (now up to

150 trillion or so.)• Each remaining candidate is subjected to a probable prime test.• The unsolved sequences correspond to the values k = 2131, 40291,

and 41693.

What about k·2n – 1 ?

• Hans Riesel (1956): There are infinitely many values of k such that k·2n – 1 is always composite.• One such value is k = 509203, as the sequence 509203·2n – 1 has the

covering set {3,5,7,13,17,241}. Is 509203 the smallest such value of k? • Currently 64 odd values of k < 509203 are unsettled.

What about 2n – k ?

• Replace n by -n again, and see that k·2-n – 1 = (k – 2n) / 2n.• k – 2n can be positive or negative, so take the absolute value.• If k = 509203, |2n – 509203| has a covering set and is therefore

always composite. Is k = 509203 the smallest such value of k?

Current status of 2n – k

• All n searched up to 262,000.• 87 values of k < 509203 are still unresolved. Another distributed

search?• Note: 509203 is about six and a half times larger than 78557, so the

Riesel problem and the dual Riesel problem are quite a bit larger than the Sierpiński problem and its dual. These problems may never be resolved within our lifetimes!

So, actually x /(log x – 1) is better estimate of number of primes.

L9 92

Fundamental Theorem of Arithmetic

A: 22 = 2·11, 100 = 2·2·5·5, 12 = 2·2·3, 17 = 17Convention: Want 1 to also be expressible as a

product of primes. To do this we define 1 to be the “empty product”. Just as the sum of nothing is by convention 0, the product of nothing is by convention 1.

L9 93

Primality Testing

Prime numbers are very important in encryption schemes. Essential to be able to verify if a number is prime or not. It turns out that this is quite a difficult problem.

LEMMA: If n is a composite, then its smallest prime factor is n

L9 94

Primality Testing.Example

EG: Test if 139 and 143 are prime.List all primes up to and check if they divide the numbers.

2: Neither is even3: Sum of digits trick: 1+3+9 = 13, 1+4+3 = 8 so neither divisible by 3

5: Don’t end in 0 or 57: 140 divisible by 7 so neither div. by 711: Alternating sum trick: 1-3+9 = 7 so 139 not div. By 11. 1-4+3 = 0 so 143 is divisible by 11.

STOP! Next prime 13 need not be examined since bigger than.

Conclude: 139 is prime, 143 is composite.

n

n

Prime Numbers - Continued

There have been many proposed methods for generating prime numbers. Surprisingly this is not that easy to do, and all methods so far have failed. One such example was advanced by the mathematician Mersenne:Mersenne Primes

Mn – 2n -1Where n is a prime numberWorks for n 2, 3, 5, 7 but fails on n = 11 and on

many other n values.

Mersenne numbers

•Mersenne number: any number of the form 2n-1

•Mersenne prime: any prime of the form 2p-1, where p is • also a prime• Example: 25-1 = 31 is a Mersenne prime• But 211-1 = 2047 is not a prime (23*89)

• If M is a Mersenne prime, then M(M+1)/2 is a perfect number• A perfect number equals the sum of its divisors• Example: 23-1 = 7 is a Mersenne prime, thus 7*8/2 = 28 is a perfect number

• 28 = 1+2+4+7+14

• Example: 25-1 = 31 is a Merenne prime, thus 31*32/2 = 496 is a perfect number

496 = 2*2*2*2*31 1+2+4+8+16+31+62+124+248 = 496

• The largest primes found are Mersenne primes.

• Since, 2p-1 grows fast, and there is a quite efficient test – Lucas-Lehmer test – for determining if a Mersenne prime is prime.

Prime Numbers - Continued

Fermat also proposed a formula which he thought could be used to generate prime numbers. Fermat Numbers• Fn = 22n + 1• So F1 = 221 + 1 or 5• However F5 is not prime

Prime Factorisation

to factor a number n is to write it as a product of other numbers: n=a x b x c note that factoring a number is relatively hard compared to multiplying the factors together to generate the number the prime factorisation of a number n is when its written as a product of primes eg. 91=7x13 ; 3600=24x32x52

Relatively Prime Numbers & GCDtwo numbers a, b are relatively prime if have no

common divisors apart from 1 eg. 8 & 15 are relatively prime since factors of 8 are

1,2,4,8 and of 15 are 1,3,5,15 and 1 is the only common factor

conversely can determine the greatest common divisor by comparing their prime factorizations and using least powerseg. 300=21x31x52 18=21x32 hence GCD(18,300)=21x31x50=6

L9 101

Greatest Common DivisorRelatively Prime

DEF Let a,b be integers, not both zero. The greatest common divisor of a and b (or gcd(a,b) ) is the biggest number d which divides both a and b.

Equivalently: gcd(a,b) is smallest number which divisibly by any x dividing both a and b.

DEF: a and b are said to be relatively prime if gcd(a,b) = 1, so no prime common divisors.

L9 102

Greatest Common DivisorRelatively PrimeQ: Find the following gcd’s:1. gcd(11,77)2. gcd(33,77)3. gcd(24,36)4. gcd(24,25)

L9 103

Greatest Common DivisorRelatively Prime

A:1. gcd(11,77) = 112. gcd(33,77) = 113. gcd(24,36) = 124. gcd(24,25) = 1. Therefore 24 and 25 are

relatively prime.NOTE: A prime number is relatively prime to all

other numbers which it doesn’t divide.

L9 104

Greatest Common DivisorRelatively Prime

EG: More realistic. Find gcd(98,420). Find prime decomposition of each number and find

all the common factors:98 = 2·49 = 2·7·7420 = 2·210 = 2·2·105 = 2·2·3·35

= 2·2·3·5·7Underline common factors: 2·7·7, 2·2·3·5·7Therefore, gcd(98,420) = 14

L9 105

Greatest Common DivisorRelatively Prime

Pairwise relatively prime: the numbers a, b, c, d, … are said to be pairwise relatively prime if any two distinct numbers in the list are relatively prime.

Q: Find a maximal pairwise relatively prime subset of{ 44, 28, 21, 15, 169, 17 }

L9 106

Greatest Common DivisorRelatively Prime

A: A maximal pairwise relatively prime subset of {44, 28, 21, 15, 169, 17} :

{17, 169, 28, 15} is one answer.{17, 169, 44, 15} is another answer.

Co-Prime

Just as important as prime numbers are in cryptography, co-prime numbers are also important. A co-prime is a number that has no factors in common with another number. For example 3 and 7 are co-prime. This is another term for ‘relatively prime’.

Eulers Totient

This is actually a part of the RSA Algorithm which we will study in lesson 4. The number of positive integers less than or equal to n that are coprime to n is called the Euler’s Totient of n.So for the number 6, 4 and 5 are coprime with 6. Therefore Eulers Totient = 2For a prime number p the Eulers totient is always p-1.Symbolized

Eulers Totient

Coprime numbers have interesting relationships that are part of algorithms like RSA. For example if m and n are coprime then the totient of m * the totient of n is equal to the totient of (m*n). Put more mathematicallyIf m and n are coprime then(m) * (n) = (mn)

Fermat's Theorem

•ap-1 = 1 (mod p)• where p is prime and gcd(a,p)=1

•also known as Fermat’s Little Theorem•also have: ap = a (mod p)•useful in public key and primality testing

Chinese Remainder Theorem

•used to speed up modulo computations •if working modulo a product of numbers • eg. mod M = m1m2..mk

•Chinese Remainder theorem lets us work in each moduli mi separately •since computational cost is proportional to size, this is faster than working in the full modulus M

Chinese Remainder Theorem

can implement CRT in several waysto compute A(mod M)

first compute all ai = A mod mi separatelydetermine constants ci below, where Mi = M/mi

then combine results to get answer using:

Euler's Theorem

a generalisation of Fermat's Theorem aø(n) = 1 (mod n)

for any a,n where gcd(a,n)=1eg.

a=3;n=10; ø(10)=4; hence 34 = 81 = 1 mod 10

a=2;n=11; ø(11)=10;hence 210 = 1024 = 1 mod 11

also have: aø(n)+1 = a (mod n)

Prime Distribution

•prime number theorem states that primes occur roughly every (ln n) integers•but can immediately ignore evens•so in practice need only test 0.5 ln(n) numbers of size n to locate a prime• note this is only the “average”• sometimes primes are close together• other times are quite far apart

If n is a negative number then you add as many multiples of m as necessary to get an answer in the range 0 – m.

Examples17 mod 5 = 2 7 mod 11 = 720 mod 3 = 2 11 mod 11 = 0-3 mod 11 = 8 -1 mod 11 = 1025 mod 5 = 0 -11 mod 11 = 0

•Two numbers a and b are said to be “congruent modulo n” if

(a mod n) = (b mod n) a ≡ b(mod n)•The difference between a and b will be a multiple

of n So a-b = kn for some value of k

E.g: 4 9 1419 -1 -6 mod 573 4(mod 23); 21 -9(mod 10)If a 0 (mod n), then n|a.

Properties of Congruences

1. a b (mod n) if n|(a-b)2. a b (mod n) implies b a (mod n)3. a b (mod n) and b c (mod n) imply a c (mod n)

Proof of 1.If n|(a-b), then (a-b) = kn for some k. Thus, we can writea = b + kn. Therefore, (a mod n) = (remainder when b + kn is divided by n) =

(remainder when b is divided by n) = (b mod n).

Examples

23 8 (mod 5) because 23 -8 =15 = 5x3 -11 5 (mod 8) because -11-5 =-16 = 8x(-2)81 0 (mod 27) because 81-0=81 = 27x3

Congruence Classes

• This section, we are grouping numbers, based on their reminders.

18 ÷ 4 = 4 r. 2

22 ÷ 4 = 5 r. 2

78 ÷ 4 = 19 r. 2

These are said to be in the same congruence class.18 ≡ 22 (mod 4) bc their remainders are the same

How many congruence classes are there in modulo 7?

• 77 ÷ 7 = 11 r. 0

• 78 ÷ 7 = 11 r. 1

• 79 ÷ 7 = 11 r. 2

• 80 ÷ 7 = 11 r. 3

• 81 ÷ 7 = 11 r. 4

• 82 ÷ 7 = 11 r. 5

• 83 ÷ 7 = 11 r. 6

• 84 ÷ 7 = 12 r. 0

R0

R0

R1

R2

R3

R4

R5

R6

77 ≡ 84 (mod 11)

There are 7 congruence classes!