MC0063(B)-unit2-fi

Modern Applications using Discrete Mathematical Structures Unit 2

Sikkim Manipal University Page No: 23

Unit 2 Theory of Numbers and Introduction to Cryptography

Structure

2.1 Introduction

Objectives

2.2 Divisibility and Factorization

2.3 Congruence

2.4 Arithmetical Functions

2.5 Method of Repeated Squares

2.6 Applications to Cryptography

Self Assessment Questions

2.7 Summary

2.8 Terminal Questions

2.9 Answers

2.1 Introduction We start with a few undefined terms and few axioms or postulates and

deduce from these all the properties of the number system as a logical

consequence. The Italian mathematician G. Peano (1899) propounded that

all the properties of number system follow from only a few assumptions

(called Peano’s axioms) regarding natural numbers. In this unit we study

the fundamental properties of the integers, including mathematical induction,

the division algorithm and the fundamental theorem of arithmetic. We also

give the brief idea on the prime numbers which play an important role in

public key cryptography.

Objectives At the end of the unit the student must be able to:

i) Understand the fundamental idea of number system.



ii) Know the congruence and its properties.

iii) Learn the arithmetical functions and factorization of integers.

iv) Apply the number theory concepts to cryptography.

2.2 Divisibility and Factorization

2.2.1 (i) First Principle of Mathematical Induction: Let S(n) be a

statement about integers for n ∈ ℕ (set of natural numbers) and suppose

S(n0) is true for some integer n0. If for all integers k with k ≥ n0 S(k) implies

that S(k+1) is true, then S(n) is true for all integers n greater than n0.

For instance, If ℤ is a set of integers such that

a) 1 ∈ ℤ,

b) n ∈ ℤ ⇒ n +1 ∈ ℤ then all integers greater than or equal to 1 belongs

to ℤ.

(ii) Second Principle of Mathematical Induction: Let S(n) be a statement

about integers for n ∈ ℕ (set of natural numbers) and suppose S(n0) is true

for some integer n0. If S(n0), S(n0+1), …, S(k) imply that S(k+1) for k ≥ n0,

then the statement S(n) is true for all integers n greater than n0.

2.2.2 Well Ordering Principle: Any nonempty subset of the set of all positive integers contains a smallest (least) elements. However the set of integers is not well ordered.

For the set of positive integers, the principle of mathematical induction is equivalent to the wellordering principle. A totally ordered set is said to be well ordered if any nonempty subset contains a smallest element. It is clear that the set of positive rational numbers Q + under the usual ordering is not wellordered.



2.2.3 Definition: For two integers d and n, we say that d divides n (we write d | n) if

n = cd for some integer c. In this case we also say that d is a factor of n.

If d does not divide n, we write d \/ n.

2.2.4 Properties of divisibility: i) n | n (reflexive property)

ii) d | n and n | m ⇒ d | m (transitive property)

iii) d |n and d |m ⇒ d | an + bm for any two integers a and b (linearity)

iv) d | n ⇒ ad |am (multiplication property)

v) ad | an and a ≠ 0 ⇒ d | n (cancellation law)

vi) 1 | n (1 divides every integer)

vii) n | 0 (every integer divides zero)

viii) 0 | n ⇒ n = 0 (zero divides only zero)

ix) d | n and n ≠ 0 ⇒ |d| ≤ |n| (comparison property)

x) d | n and n |d ⇒ |d| = |n|

xi) d | n and d ≠ 0 ⇒ (n / d) | n.

2.2.5 Definitions

i) If d | n, then d n is called the divisor conjugate to d.

ii) If d divides both a and b, then d is called a common divisor of a and b.

iii) If d ≥ 0, d is a divisor of a and b and c is a divisor of a and b,

implies c divides d; then d is called the greatest common divisor

(gcd) of a and b.

2.2.6 Note: Every pair of integers a and b have g.c.d. If d is the greatest common divisor of a and b, then d = ax + by for some integers x and y.

The g.c.d of a, b is denoted by (a, b) or by aDb. If (a, b) = 1, then a and

b are said to be relatively prime.



2.2.7 Properties: (of greatest common divisor): i) (a, b) = (b, a) or aDb = bDa (commutative law)

ii) (ii) (a, (b, c)) = ((a, b), c) (associative law)

iii) (ac, bc) = |c|(a, b) (distributive law)

iv) (a, 1) = (1, a) = 1 and (a, 0) = (0, a) = |a|.

2.2.8 Definition i) An integer n is said to be prime if n > 1 and if the only positive divisors

of n are 1 and n. ii) If n > 1 and n is not prime, then n is called composite number.

2.2.9 Note i) (Euclid) There are infinite number of prime numbers. ii) If a prime p does not divide a, then (p, a) = 1. iii) If a prime p divides ab, then p | a or p | b. More generally, if a

prime p divides a product a1. a2 … an, then p | ai for at least one i.

2.2.10 Fundamental Theorem of Arithmetic: (the unique factorization theorem) Every integer n > 1 can be written as a product of prime factors in only one way, apart from the order of the factors. (That is., Any positive

integer a > 1 can be factored in a unique way as a = 1 1 p α . 1

2 p α . … t t p α

where p1, p2, …, pt are prime numbers, αi, 1 ≤ i ≤ t are positive integers and p1 > p2 > … > pt).

[Example: 3000 = 2 × 2 × 2 × 5 × 5 × 5 × 3 = 2 3 .5 3 .3 1 ]

2.2.11 Note i) Let n be an integer. If the distinct prime factors of n are p1, p2, … pr

and if pi occurs as a factor ai times, then we write

n = 1 a1 p × 2 a

2 p × … × r ar p or n = ∏

=

r

1 i

i a i p

and is called the factorization of n into prime powers.



ii) We can express 1 in this form by taking each exponent ai to be zero.

iii) If n = ∏ =

r

1 i

i a i p , then the set of positive divisors of n is the set of

numbers of the form ∏ =

r

1 i

i ci p , where 0 ≤ ci ≤ ai for i = 1, 2, …, r.

iv) If two positive integers a and b have the factorization a = ∏ =

r

1 i

i a i p ,

b = ∏ =

r

1 i

i b i p , then their g.c.d. has the factorization (a, b) = ∏

=

r

1 i

i ci p

where ci = minai, bi

2.2.12 Note

i) The infinite series ∑ ∞

=1 n n p 1 diverges where pn's are primes.

ii) Division Algorithm: Let a, b be integers such that b > 0. Then there

exists two integers p and q such that a = pb + q where 0 ≤ q < b.

iii) (Euclidean Algorithm) Given positive integers a and b, where b \/ a.

Let r0 = a, r1 = b and apply the division algorithm repeatedly to obtain

a set of remainders r2, r3, …, rn, rn+1 defined successively by the

relations

r0 = r1q1 + r2 0 < r2 < r1,

r1 = r2q2 + r3 0 < r3 < r2

……

rn2 = rn1qn1 + rn 0 < rn < rn1 rn1 = rnqn + rn+1 rn+1 = 0

Then rn, the last non zero remainder in this process, is the g.c.d. of a

and b.



2.2.13 Definition: The greatest common divisor of three integers a, b, c is denoted by (a, b, c) and is defined as (a, b, c) = (a, (b, c)).

Note that from the properties of g.c.d, we have (a, (b, c)) = ((a, b), c). So the

g.c.d. depends only on a, b, c and not on the order in which they are written.

2.2.14 Definition: The g.c.d. of n integers a1, a2, …, an is defined

inductively by the relation (a1, a2, …, an) = (a1, (a2, …, an)). Again this

number is independent of the order in which the ai appear.

2.2.15 Note: i) If d = (a1, a2, …, an), then d is a linear combination of the ai. That is,

there exist integers x1, x2, …, xn such that (a1, a2, …, an) = a1x1 + a2x2 + … + anxn.

ii) If d = 1, then numbers are said to be relatively prime.

iii) If (ai, aj) = 1 whenever i ≠ j, then the numbers a1, a2, …, an are said to

be relatively prime in pairs. For instance, g.c.d 2, 3 = 1, g.c.d.4, 9

= 1, g.c.d 75, 8 = 1.

iv) If a1, a2, …, an are relatively prime in pairs, then (a1, a2, …, an) = 1.

2.3 Congruence

2.3.1 Definitions:

i) For any real number x, we define the floor of x as x = the greatest

integer less than or equal to x = max n / n ≤ x, n is an integer

For example, take x = 2.52, then

x = max n / n ≤ x, n is an integer = max 1, 2 = 2.

ii) For any real number x, we define the ceiling of x as x = the least

integer greater than or equal to x = min n / n ≥ x, n is an integer.

For example, take x = 3.732, then

x = min n / n ≥ x, n is an integer = min 4, 5, 6, 7… = 4.



Observation: For any real number x, x ≤ x and x ≥ x.

2.3.2 Definition:

We define for y ≠ 0, x mod y = x y x/y

For example: 9 mod 5 = 95 9/5 = 95 1.9 = 94 = 4.

Let n > 0 be a fixed integer. Define a relation “Congruence modulo n” on

Z, the set of integers as : a ≡ b mod n ⇔ n divides

(a b ). Some times we write a ≡ b as a ≅ b ( we read as ‘a is

congruent to b modulo n’).

2.3.3 Property:

a ≡ b (mod m) if and only if a mod m = b mod m. (In other words, two

integers are congruent modulo m if and only if they leave the same

remainder when divided by m).

For example, 9 mod 5 = 16 mod 5 if and only if 9 ≡ 16 (mod 5).

2.3.4 Property: For any a, b, a b is a multiple of m if and only if a mod m = b mod m.

2.3.5 Result: The relation “a ≡ b mod n” defined above is an equivalence

relation on Z.

Proof: Reflexive: Let a ∈ Z. Since n divides a a = 0, we have a

≡ a mod n.

Symmetric: Let a ≡ b mod n

⇒ n divides a – b

⇒ n divides ( a b )

⇒ n divides b – a

⇒ b ≡ a mod n.



Transitivity: Let a , b , c ∈ Z such that a ≡ b mod n, b ≡ c mod n

⇒ n divides a b, and n divides b c

⇒ n divides ( a b ) + ( b c)

⇒ n divides a c

⇒ a ≡ c mod n. Hence the relation is an equivalence relation.

2.3.6 Example: Suppose n = 5. Then

[0] = x /x ≡ 0 mod 5 = x / 5 divides x 0 = x = …, 10, 5, 0, 5, 10, …,

[1] = x / x ≡ 1 mod 5 = x / 5 divides x 1 = …, 9, 4, 1, 6, …,

[2] = x / x ≡ 2 mod 5 = x / 5 divides x 2 = …, 8, 3, 2, 7, 12, …,

[3] = x / x ≡ 3 mod 5 = x / 5 divides x 3 = …, 7, 2, 3, 8, 13, …,

[4] = x / x ≡ 4 mod 5 = x / 5 divides x 4 = …, 6, 1, 4, 9, 14, ….

Also it is clear that [0] = [5] = [10] = … [1] = [6] = [11] = … [2] =

[7] = [12] = … [3] = [8] = [13] = … [4] = [9] = [14] = ….

Therefore the set of equivalence classes is given by [0], [1], [2], [3], [4].

2.3.7 Note:

i) The set of equivalence classes under the relation “a ≡ b mod n” is

[0], [1], …, [n1]. The equivalence class [i] is denoted by i or i.

The set of all equivalence classes under this relation is denoted by Zn

or Jn. Therefore Zn = 0 , 1 , 2 , …, ( 1 − n ) or Zn = 0, 1, 2, …,

(n1);

ii) On Zn, define “+” as x + y = ( y x + ). Then “+” is a binary

operation on Zn;

iii) Define “.” on Zn as x . y = xy . Then “.” is a binary operation

on Zn;



iv) (Zn, +) is an Abelian group. 0 is the identity element. For x ∈ Zn,

the element ( x n− ) is the additive inverse;

v) (Zn, .) is a monoid (that is, a semigroup with identity), 1 is the

multiplicative identity. 0 has no multiplicative inverse. So (Zn, .) is not a group;

vi) Consider Zn * = Zn \ 0 . Then ( Zn

* , .) is a group ⇔ n is a

prime number. If n = 6, then 2 ∈ Z6 * has no inverse. ( Suppose y is

inverse of 2 . Then y . 2 = 1 . Now 3 . 1 3 = = (y . 2 ). 3 = y ( 3 . 2 ) =

y ( 6 ) = y ( 0 ) = 0 , which implies 3 = 0 , a contradiction. Therefore

2 has no inverse).

2.3.8 Some Properties: If a ≡ b (mod m) , then

i) a+ c ≡ b+ c (mod m),

ii) ii) ac ≡ bc (mod m) where c is any integer.

Property: a ≡ b (mod m) and c ≡ d (mod m), then

i) a+c ≡ b+ d (mod m)

ii) ac ≡ bd (mod m)

iii) ac ≡ bd (mod m).

Property: a ≡ b (mod m), then a n ≡ b n (mod m) for any n ≥ 0 and

integers a and b.

Property: ad ≡ bd (mod m) if and only if a ≡ b (mod m), integers a,

b, d, m and (m, d) = 1.

Property: ad ≡ bd (mod m) if and only if a ≡ b (mod m

gcd(d,m) ),

integers a, b, d, m.



Property: a ≡ b (mod m) if and only if ax ≡ bx (mod mx).

2.3.9 Gauss Theorem: If a bc and (a, b) = 1, then a c.

Proof: Suppose a bc . Then there exists d such that bc = ad. Since (a, b) = 1, there exists m and n such that am + bn = 1. On multiplying both sides by c we get, acm = bcn = c. Put bc = ad we get acm + and = c. That is,

a(cm + dn) = c. This shows that a c.

2.3.10 Problem:

Prove that a ≡ b (mod m) and a ≡ b (mod n) if and only if a ≡ b (mod

lcm (m, n)).

Solution: Suppose a ≡ b (mod m) and a ≡ b (mod n). This means

m ab and n ab. That is, (ab) is a common multiple of m and n.

But l = lcm (m, n) is the least common multiple of m and n.

Therefore (ab) is a multiple of l. That is l ab . This means a ≡ b (mod

lcm (m, n)).

Converse: Suppose a ≡ b (mod lcm (m, n)) and say l = lcm (m, n). This

implies l ab and m l , n l. Therefore m ab and n ab. Hence a ≡ b

(mod m) and a ≡ b (mod n).

2.3.11 Problem

a ≡ b (mod mn) if and only if a ≡ b (mod m) and a ≡ b (mod n) if

(m, n) = 1.

2.3.12 Note: Let a, b, d be integers such that d > 0. Then d is

said to be the least common multiple of a and b if it satisfies the

following two conditions: (i) a divides d, and b divides d. (ii) a divides

x, and b divides x ⇒ d divides x.



2.4 Arithmetical Functions

2.4.1 Definition A real or complex valued function defined on the positive integers is called

an arithmetical function or number theoretic function. If f is an Arithmetical

function, then f: N → ℛ or f : N → ℂ.

2.4.2 Example:

i) The following are Arithmetical functions:

a) f(n) = 2n for all n ∈ N.

b) U(n) = n 1 for all n ∈ N.

c) N(n) = n + n 1 for all n ∈ N.

2.4.3 Example The number of divisors of a positive integer n is denoted by d(n).

It is an arithmetical function and is represented as d(n) = ∑ n | d 1 .

Here is a short table of values of d(n).

2.4.4 Note:

i) If n = 1 1 p α . 2 2 p α … k k p α where pi (1 ≤ i ≤ k) are distinct primes

and αi ∈ N , 1 ≤ i ≤ k, then the number of prime divisors of n is

(1 + α1)(1 + α2) … (1 + αk).

ii) The highest power of a prime p contained in n ! is denoted by K (n !)

Number (n) Divisors d(n) 10 1, 2, 5, 10 d(10) = 4 20 1, 2, 4, 5, 10, 20 d(2) = 6 6 1, 2, 3, 6 d(6) = 4



where K (n !) = .... p

n

p

n p n

3 2 +

+

+

2.4.5 Notation:

The sum of the divisors of a positive integer n is denoted by σ(n)

That is, σ(n) = ∑ n | d d and it is an Arithmetical function.

For example consider the positive integer 4. The divisors of 4 are 1, 2, 4.

Therefore σ(4) = 1 + 2 + 4 = 7.

Similarly, it is easy to see that σ(6) = 1 + 2 + 3 + 6 = 12, σ(10) = 1 + 2 + 5 +

10 = 18, σ(15) = 1 + 3 + 5 + 15 = 24.

In general if n = 1 1 p α . 2 2 p α … k k p α , then

σ(n) = ∑ n | d d =

1 p 1 p

1

1 1 1

−

− + α .

1 p 1 p

2

1 2 2

−

− + α …

1 p 1 p

k

1 k k

−

− + α … (*)

For example, consider

σ (100) = 1 + 2 + 4 + 5 + 10 + 20 + 25 + 50 + 100 = 217 (by definition)

We can also write 100 = 2 2 × 5 2 = 1 1 p α . 2

2 p α .

So σ(100) = 1 p

1 p

1

1 1 1

−

− + α .

1 p

1 p

2

1 2 2

−

− + α =

−

−

1 2 1 2 3

− − 1 5 1 5 3 = 7.

4 124 =

217 (by (*))

2.4.6 Definition

The sum of the α th powers of the divisors of n is denoted by σα(n). That is

σα(n) = ∑ n | d d α Since the function σα(n) is defined on positive integers, it is

an Arithmetical function.



For example consider the following:

i) σ2(6) = 1 2 + 2 2 + 3 2 + 6 2 = 1 + 4 + 9 + 36 = 50.

ii) σ3(10) = 1 3 + 2 3 + 5 3 + 10 3 = 1134.

2.4.7 Example:

σ0(n) = d(n) and σ1(n) = ∑ n | d

1 d = σ(n).

2.4.8 Definition: An integer n is said to be square free if it is has no square factor.

(Equivalently, n = 1 1 p α . 2 2 p α … k k p α is a square free if αi = 1 for 1 ≤ i ≤ k.)

2.4.9 Example:

1, 2, 3, 5, 6, 7, 10, 11, 13, 14, 15, 17, 19 are square free numbers between

1 and 20. 4, 8, 9, 12, 16, 18 are not square free numbers.

(Because 4 = 2 2 , 8 = 2 3 , 9 = 3 2 , 12 = 2 2 × 3, 16 = 4 2 , 18 = 3 2 .2)

2.4.10 Mobius function µ(n):

The function µ: ℕ → ℛ defined by

µ(1) = 1

If n > 1 and n = 1 a 1 p . 2 a

2 p … k a k p (the prime decomposition for n).

Then µ(n) = (1) k if a1 = a2 = ... = ak = 1 (that is n is square free)

= 0 otherwise.

2.4.11 Example:

Consider the table of some values of µ(n).

n 1 2 3 4 5 6 7 8 9 10 30

µ(n) 1 1 1 0 1 1 1 0 0 1 1



2.4.12 Notation: i) For any real number x, [x] denote the integral part of x.

That is [x] is the greatest integer less than or equal to x.

For example,

3 20 = 6,

−

3 13 = 5.

ii) [x] is not an arithmetical function (since its domain is not the set of all

positive integers).

2.4.13 Definition:

For any n ≥ 1, define I(n) =

n 1 .

This is an arithmetical function. I(n) can be defined as I(n) =

>

=

1 n if 0 1 n if 1 .

2.4.14 Theorem

If n ≥ 1 and µ(n) is the Mobius function, then ∑ n | d

) d ( µ = I(n), where the

summation on left is over all positive divisors d of n.

2.4.15 Euler totient function φ(n)

If n ≥ 1, then the Euler’s totient function φ(n) is defined to be the number of

positive integers not exceeding n which are relative prime to n. That is,

φ(n) = ∑ =

n

1 k 1 , where (k, n) = 1 and the summation is taken over all the

numbers k (1 ≤ k ≤ n) which are relatively prime to n.

2.4.16 Note

i) If p is a prime number, then φ(p) = p 1.



ii) Consider a Table of values of φ(n).

2.4.17 Note Consider positive integer n and write S = 1, 2, …, n.

Define ~ on S by a ~ b ⇔ (a, n) = (b, n).

Then ~ is an equivalence relation (Verify).

For a divisor of n, A(d) = k / (k, n) = d is an equivalence class. So

S = ( ) U n | d

d A .

2.4.18 Example Take n = 6. Now S = 1, 2, …, 6. Then divisors of 6 are 1, 2, 3, 6.

Now A(1) = 1, 5.A(2) = 2, 4, A(3) = 3, A(6) = 6.

The union of A(1), A(2), A(3), A(6) is S.

Note that these sets A(1), A(2), A(3), A(6) are disjoint.

2.4.19 Problem:

If n ≥ 1, we have ∑ n | d

) d ( φ = n.

2.4.20 Note:

If (k, n) = 1, then I(k, n) = ( )

n , k

1 =

1 1 = [1] = 1.

If (k, n) ≠ 1, then (k, n) > 1 ⇒ ( )

n , k 1 = 0 ⇒ I[(k, n)] = 0.

n 1 2 3 4 5 6 7 8 9 10 11

φ(n) 1 1 2 2 4 2 6 4 6 4 10



2.4.21 Relation between the Euler totient function and the Mobius function:

If n ≥ 1, then φ(n) = d n . ) d (

n | d ∑ µ

2.4.22 A product formula for φ(n):

For n ≥ 1, we have φ(n) = n ∏

−

n | p p 1 1 where p runs over distinct prime

factors of n.

Proof: For n = 1, the product is empty (since there are no primes which

divide 1).

In this case it is clear that the product is to be assigned the value 1.

Now suppose n > 1 and p1p2 … pr are distinct prime divisors of n.

That is n = 1 1 p α . 2

2 p α … r r p α .

Consider the product

∏

−

n | p p 1 1 =

−

1

1 1 p

−

2

1 1 p

…

−

r p 1 1

= 1 ∑=

r

1 i i p 1 + ∑

=

r

1 i , i j i p p 1 ∑

=

r

1 k , j , i k j i p p p 1 + …

= 1 + ∑ (

i

i

p ) p µ

+ ∑ µ(

j i

j i

p p

) p p + ∑

(

k j i

k j i

p p p

) p p p µ + … +

∑ (

n 2 1

n 2 1

p p

) p p

K

K

p

p µ … (i)

Observe the sum on the right side in (i).



Consider ∑ k j i p p p

1 .

We consider all possible products pi pj pk of distinct prime factors of n

taken three at a time.

In general, each term on right of (i) is of the form d 1 ± where d is a

divisor of n and d is square free.

Also numerator 1 ± is exactly µ(d).

[If d = p1p2 then µ(d) = (1) 2 = 1.

If d = pipjpk then µ(d) = (1) 3 = 1 and so on].

Therefore the sum in (i) is equal to . d

) d (

n | d ∑

µ

[Observe that if d is not square free then by the definition of µ we have

µ(d) = 0.

So d

) d ( µ =

d 0 = 0]

Hence ∏

−

n p p |

1 1 = . ) ( |

∑ n d d

d µ

⇒ R.H.S = n ∏

−

n p p |

1 1 = n ∑ n d d

d |

) ( µ = ∑

n d d n d

|

). ( µ = φ(n) (by 2.4.21)

Hence φ(n) = ∏

−

n p p |

1 1 . This completes the proof.

2.5 Method of Repeated Squares: Computing large powers can be very time consuming. Anyone can easily

compute 2 3 or 2 8 , every one knows how to compute 1000000 2 2 .



However, such numbers are so large that we don’t want to attempt the

calculations; moreover, past a certain point the computations would not be

feasible even if we had every computer in the world at our disposal. Even

writing down the decimal representation of a very large number may not be

reasonable. It could be thousands or even millions of digits long. However,

if we could compute something like 2 37398332 (mod 46389), we could very

easily write the result down since it would be a number between 0 and

46,388. If we want to compute powers modulo n quickly and efficiently, the

first thing to notice is that any number a can be written as the sum of distinct

powers of 2; that is, we can write

a = 1 2 n k k k 2 2 ... 2 , + + + where k1 < k2 < …< kn. This is just the

representation of a. For example, the binary representation of 57 is 111001,

since we can write 57 = 2 0 +2 3 +2 4 +2 5 .

The laws on exponents in Zn will hold. That is,

b ≡ a x (mod n) and c ≡ a y (mod n), then by bc ≡ a x+y (mod n).

We can compute k 2 a (mod n) in k multiplications by computing

0

1

k

2

2

2

a (mod n)

a (mod n) . . .

a (mod n)

Each step involves squaring the answer obtained in the previous step,

divided by n, and taking the remainder.



2.5.1 Example:

We compute 271 321 (mod 481).

Write 321 = 2 0 + 2 6 + 2 8 ;

Hence, computing 271 321 (mod 481) is same as computing 0 6 8 2 2 2 271 + + ≡

0 6 8 2 2 2 271 271 271 ⋅ ⋅ (mod 481)

So it will suffice to compute i 2 271 (mod 481) where i = 0,6,8.

It is clear that 1 2 271 ≡ 73,441 (mod 481)

≡ 329 (mod 481)

We can square this result to obtain a value for 2 2 271 (mod 481)

2 2 271 ≡ ( 2 2 271 ) 2 (mod 481)

≡ (329) 2 (mod 481)

≡ 1, 082, 411 (mod 481)

≡ 16 (mod 481)

We use the fact that ( ) n 2 2 a ≡ n n 1 2.2 2 a a

+

= (mod n).

Continuing, we can calculate 6 2 271 ≡ 419 (mod 481) and 8 2 271 ≡ 16 (mod 481).

Therefore

321 271 ≡ 0 6 8 2 2 2 271 + + (mod 481)

≡ 0 6 8 2 2 2 271 271 271 ⋅ ⋅ (mod 481)

≡ 271⋅ 419⋅16 (mod 481)

≡ 1,816,784 (mod 481)

≡ 47 (mod 481).



The method of repeated squares will prove to be a very useful tool when we

explore RSA cryptography. To encode and decode messages in a

reasonable manner under this scheme, it is necessary to be able to quickly

compute large powers of integers mod n.

2.6 Applications to Cryptography: Cryptography is the study of sending and receiving secret messages. The

aim of cryptography is to send messages across a channel so only the

intended recipient of the message can read it. In addition, when a message

is received, the recipient usually requires some assurance that the message

is authentic. Modern cryptography is fully depending on basic algebraic

systems like semigroups/groups and number theory.

2.6.1 Definitions: The message to send is called the plaintext. The disguised message is

called the ciphertext. The plaintext and ciphertext are both written in an

alphabet, consisting of letters or characters. Characters can include not

only the familiar alphabetic characters A, …, Z and a, …, z but also digits,

punctuation marks, and blanks.

2.6.2 Note: A cryptosystem has two parts

i) Encryption: The process of transforming a plaintext message to a ciphertext message (The parameter used to the encryption function is

called a Key).

ii) Decryption: The reverse transformation of changing a ciphertext message into a plaintext message.

Systems that use two separate keys, one for encoding and another for

decoding, are called public key cryptosystems. Since knowledge of the

encoding key does not allow anyone to guess at the decoding key, the

encoding key can be made public.



To encrypt a plaintext message, we apply to the message some function

which is kept secret, say f. This function will yield and encrypted message.

Given the encrypted form of the message, we can recover the original

message by applying the inverse transformation f 1.

2.6.3 Example:

i) We consider the private key cryptosystems in which the shift code used

by Julius Caesar.

The encoding function f(p) = p + 3 mod 26 with the encoded message

DOJHEUD.

Step1: We first digitize the alphabet by A = 00, B = 01, …, Z = 25.

Step 2: Using encoding function f(p) = p + 3 mod 26 we get A → D, B

→ E, …, Z → C.

Step 3: Digitize DOJHEUD: we get 3, 14, 9, 7, 4, 20, 3. Step 4: Consider the decoding function is f 1 (p) = p 3 mod 26 = p + 23

mod 26. Step 5: Apply the inverse transformation (step 4) to get 0, 11, 6, 4, 1, 17, 0 Step 6: Decode to get ALGEBRA.

ii) The encoding function f(x) = x + 5 mod 26 with the encoded message

SJFMMDIB. Step1: We first digitize the alphabet by A = 00, B = 01, …, Z = 25.

Step 2: Using encoding function f(x) = x + 5 mod 26 we get A → F, B

→ G, …, Z → E.

Step 3: Digitize SJFWWNSL: we get 18, 9, 5, 22, 22, 13, 18, 11. Step 4: Consider the decoding function is f 1 (x) = x5 mod 26 = x + 21

mod 26. Step 5: Apply the inverse transformation (step 4) to get 13, 4, 0, 17,

17, 8, 13, 6. Step 6: Decode to get NEARRING.



2.6.4 Remark:

Simple shift codes are examples of monoalphabetic cryptosystems. In

these ciphers a character in the enciphered message represents exactly

one character in the original message. Such cryptosystems are not very

sophisticated and are quite easy to break. In a simple shift as describe in

the example 2.6.3, there are only 26 possible keys. It would be quite easy

to try them all rather than to use frequency analysis.

Let us investigate a slightly more sophisticated cryptosystems.

2.6.5 Affine Cryptosystem:

Suppose that the encoding function is given by

f(p) = ap + b mod 26.

We first need to find out when a decoding function f 1 exists. Such a

decoding function exists when we can solve the equation

c = ap + b mod 26 for p. This is possible exactly when a has an inverse or

equivalently, when gcd (a, 26) = 1. In this case, f 1 (p) = a 1 p a 1 b mod 26.

2.6.6 Example: Let us consider the affine cryptosystem f(p) = ap + b mod 26. For this

cryptosystem to work we must choose an a ∈ Z26 that is invertible. This is

only possible if gcd (a, 26) = 1. Let a = 5. Then a is invertible and a 1 = 21.

Since gcd(5, 26) = 1. Therefore, we can take the encryption function to be

f(p) = 5p + 3 mod 26. Thus, ALGEBRA is encoded as 3, 6, 7, 23, 8, 10, 3,

or DGHXIKD. The decryption function will be f 1 (p) = 21p 21⋅3 mod 26.

= 21p + 15 mod 26.

2.6.7 Public Key Cryptography:

If the routine (traditional) cryptosystems are used, anyone who knows

enough to encode a message will also know enough to decode an

intercepted message. The public key cryptography which is based on the



observation that the encryption and decryption procedures need not have

the same key. This removes the requirement that the encoding key be kept

secret. The encoding function f must be relatively easy to compute, but f 1

must be extremely difficult to compute without some additional information,

so that someone who knows only the encrypting key cannot find the

decrypting key without prohibitive computation.

2.6.8 The RSA Cryptosystem:

The RSA cryptosystem introduced by R. Rivest, A. Shamir and L.Adleman

in 1978, is based on the difficulty of factoring large numbers. Through it is

not a difficult task to find two large random primes and multiply them

together, factoring a 150digit number that is the product of two large primes

would take 100 million computers operating at 10 million instructions per

second about 50 million years under the fastest algorithms currently known.

2.6.9 Working of the RSA cryptosystem: Suppose that we choose two random 150digit prime numbers p and q.

Next, we compute the product n = pq and also compute φ(n) = m = (p1)(q

1), where φ is the Euler φfunction. Now we start choosing random integers

E until we find one that is relatively prime to m; that is, we choose E such

that gcd(E,m) = 1. Using the Euclidean algorithm, we can find a number D

such that DE = 1 (mod m). The numbers n and E are now made public.

Suppose now that person B (Bob) wishes to send person A (Alice) a

message over a public line. Since E and n are known to everyone, anyone

can encode messages. Bob first digitizes the messages according to some

scheme, say A = 00, B = 02, …, Z = 25. If necessary, he will break the

message into pieces such that each piece is a positive integer less than n.

Suppose x is one of the pieces. Bob forms the number y = x E mod n and

sends y to Alice. For Alice to recover x, she need only compute x = y D mod

n. Only Alice knows D.



2.6.10 Example:

Suppose we wish to send some message, which when digitized is 23.

Let p = 23 and q = 29. Then n = pq = 667

and φ(n) = m = (p1)(q1) = 616.

Let E = 487, since gcd(616, 487) = 1.

The encoded message is computed to be 23 487 mod 667 = 368.

This computation can be reasonably done by using the method of repeated

squares as described. Using the Euclidean algorithm, we determine that

191 E = 1 + 151m; therefore, the decrypting key is (n, D) = (667, 191). We

recover the original message by calculating 368 191 mod 667 = 23.

Self Assessment Questions 1. Find the gcd of 858 and 325.

2. If a|c and b|c, then is it true that “ab|c”?

3. If gcd of a, b = 1, then what is the gcd of a + b and a – b is?

4. Are every two consecutive integers are coprime?

5. If a|b and c|d, gcd b, d = 1, then gcd a, c = ?

6. If a and b are any two odd primes, then (a 2 – b 2 ) is?

7. State whether the following are true or false.

i) Sum of an integer and its square is even.

ii) Difference between the square of any number and the number itself

is even.

8. If p > 1 and 2 p – 1 is prime, then p is prime. Is the converse true?

Justify.

9. Express 29645 in terms of their prime factors.

10. Find the gcd 963, 657 and find the integers m and n such that gcd

963, 657 = m.657 + n.963.



11. Let x be any real number. Then [x] is the largest integer does not

exceed x. What is the value of [ ]

c a

?

12. Find the highest power of 3 which is contained in 100!.

13. Find the highest power of 7 contained in 1000!.

14. Find the number of divisors of (i). 600 (ii). 9504.

2.7 Summary: This unit provides the broad idea of number system. The set of integers are

the building blocks of modern mathematics. The concept congruence and

integers mod n have indispensable in various applications of algebra. In this

unit we have presented some applications of cryptosystems.

2.8 Terminal Questions 1. Find the sum of divisors of 360.

2. Find the number of multiples of 7 among the integers form 200 to 500.

3. Find the smallest positive integer with sum of all its divisors is 15.

4. If the sum of divisors of n, that is σ(n) is equal to 2n, then n is called a

perfect number. Show that if n is an odd perfect number then n has at

least three different prime divisors.

5. If (m, n) = 1, then verify that σ(n) is multiplicative. Is σ(n) totally

multiplicative? Justify?

2.8 Answers Self Assessment Questions 1. gcd of 858 and 325 is 13.

2. If it is not true. For example, take a = 3, b = 6, c = 12. Now 3|12 and

6|12 but 3.6 \/ 12.

3. Either 1 or 2.



4. Yes, the gcd of n, n+1, n ∈ ℕ is equal to 1. 5. gcd a, c = 1.

6. Composite.

7. (i) Yes, it is true.

(ii) Yes, it is true.

8. If p is not prime, then p = mn, where m, n > 1.

Therefore 2 p – 1 = 2 mn – 1 = (2 m ) n – 1 n . Take 2 m = a.

Now 2 m = a = a n – 1 n where a = 2 m > 2

= (a – 1)(a n1 + a n2 + … + 1 n1 )

Now each of the two factors on right hand side is greater than 1 and

therefore 2 p – 1 is composite, a contradiction.

Converse is not true: For example, take p = 11 is prime, but 2 11 – 1 is

divisible by 23 and so it is not prime.

9. 5 × 7 2 × (11) 2 .

10. gcd 963, 657 = 9, m = 22, n = 15.

11.

c a .

12. The highest power of a primem contained in n! is denoted by k(n!), where

k(n!) = ... p

n

p

n p n

3 2 +

+

+

Now m = 3, n = 100,

p n =

3 100 = 33.

2 p

100 =

9 100 = 11 and so on.

Therefore k(100!) = 33 + 11 + 3 + 1 + 0 = 48.



13. Here m = 7 and n = 1000.

Therefore the highest power of 7 contained in 1000! is

+ +

+

4 2 7

1000 ... 7

1000 7

1000 = 142 + 20 + 2 + 0 = 164.

14. (i) 24.

(ii) 48.

Terminal Questions

1. 1170.

2. Here

7 500 = 71 and

7 199 =28, the required number is 71–28 = 43.

3. Suppose n = p a .q b .… r c . Given σ(n), the sum of divisors of n = 15.

That is, 1 q

1 q

1 p

1 p 1 b 1 a

−

− ×

−

− + +

= 15 = 15 × 1 = 3 × 5.

Therefore m = 2, a = 3, q = 2, b = 1 (not allowed).

Therefore the number is n = 2 3 = 8.

4. Suppose that n = p a , where m is prime and ‘a’ is a positve integer.

Then

σ(n) = 1 p

1 p 1 a

−

− +

< 1 p

p 1 a

−

+

= 1 p

np

− =

p 1 1

n

− ≤

3 2

n < 2 n 3 so that

σ(n) ≠ 2n and n is not perfect. Next suppose n = p a q b where m and q are

primes and a, b are positive integers.

Then σ(n) = 1 q

1 q

1 p

1 p 1 b 1 a

−

− ⋅

−

− + +

< ( )( ) 1 q 1 p

q p 1 b 1 a

− −

+ +

= ( )( ) 1 q 1 p npq

− − =



−

−

q 1 1

p 1 1

n ≤

5 4

3 2

n = 8 n 15 < 2n. Therefore σ(n) ≠ 2n

and n is not perfect.

5. Easily verified using the definition of σ(n).

It is not totally multiplication. Take m = 18, n = 30, gcd m,n ≠ 1 and

σ(18 × 30) = σ(540) = σ(2 3 ×3 3 ×5) = 1680.

On the other hand, σ(18)σ(30) = σ(2×3 2 ).

σ(2×3×5) = 3×13×3×4×6 = 2808.

Therefore σ(mn) ≠ σ(m).σ(n).

MC0063(B)-unit2-fi

Documents

Transcript of MC0063(B)-unit2-fi