Discrete mathematics I - Number...

Discrete mathematics I - Number theory

Discrete mathematics I - Number theory

Emil Vatai <[email protected]>(based on hungarian slides by László Mérai)1

January 31, 2018

1Financed from the financial support ELTE won from the Higher EducationRestructuring Fund of the Hungarian Government.

Discrete mathematics I - Number theoryNumber theory

Divisibility

DivisibilityIf a and b are rational numbers, the division a/b can always beperformed (and the result is a rational number).If a and b are integers, the division a/b can not always beperformed (the quotient will not always be an integer).Definition (Divisibility)The integer a is a divisor of the integer b: a | b, if there exists aninteger c for which a · c = b (that is b/a is an integer if a 6= 0).

Example (Divisibility)

I 1 | 13, because 1 · 13 = 13; 1 | n, because 1 · n = n;I 6 | 12, because 6 · 2 = 12; −6 | 12, because (−6) · (−2) = 12.

I The definition can be extended to Gaussian-integers:{a + bi : a, b ∈ Z}.

I i | 13, because i · (−13i) = 13I 1 + i | 2, because (1 + i) · (1− i) = 2.


Divisibility

Properties of divisibility

ProperiesFor each a, b, c, · · · ∈ Z1. a | a;2. a | b ∧ b | c ⇒ a | c;3. a | b ∧ b | a⇒ a = ±b;4. a | b ∧ a′ | b′ ⇒ aa′ | bb′;5. a | b ⇒ ac | bc;6. ac | bc ∧ c 6= 0⇒ a | b;7. a | b1, . . . , a | bk ⇒

a | c1b1 + · · ·+ ckbk

8. a | 0, since a · 0 = 0;9. 0 | a⇔ a = 0;

10. 1 | a,−1 | a;

Example (Divisibility)

1. 6 | 6;2. 2 | 6 ∧ 6 | 12⇒ 2 | 12;3. 3 | −3 ∧ −3 | 3⇒ 3 =±3;

4. 2 | 4∧ 3 | 9⇒ 2 · 3 | 4 · 9;5. 3 | 6⇒ 5 · 3 | 5 · 6;6. 3 ·5 | 6 ·5∧5 6= 0⇒ 3 | 6;7. 3 | 6, 3 | 9⇒ 3 | 6c1+9c2

for each c1, c2.8. a | 0, since a · 0 = 0;9. 0 | a⇔ 0 · c = a;

10. 1 · a = a, −1 · (−a) | a;


Divisibility

Units

The factor ±1 is irrelevant for divisibility.

Definition (Unit)If an ε is a divisor of every other number, then ε is called a unit.

PropositionThere are two units in the set of integers: 1, −1.

Proof.±1 are clearly units.Conversely, if ε is a unit, then 1 = ε · q for some integer q.Because |ε| ≥ 1, |q| ≥ 1 ⇒ |ε| = 1, that is ε = ±1.

Example (Unit)In the set of Gaussian-integers i is a unit: a + bi = i(b − ai).


Divisibility

Associated elementsThe integers 12 and −12 are the same from the perspective ofdivisibility.Definition (Associated elements)Two numbers are associated if they are each others divisors.

Remarka and b are associated if and only if a | b and b | a.

Definition (Trivial divisor)Trivial divisors of n are the numbers associated with n and theunits. Other divisors are proper divisors.

Example (Divisor of 6)

I The divisors: {±1,±2,±3,±6}I Trivial divisors are: {±1,±6}I The proper divisors: {±2,±3}


Primes, irreducible elements


Definition (Irreducible)A nonzero and non-unit number is irreducible if it has only trivialdivisors.

Example (Irreducible elements)Integers 2,−2, 3,−3, 5,−5 are irreducible; 6 is not irreducible,because 6 = 2 · 3.

Definition (Prime)A non-zero, non-unit p number is a prime number, ifp | ab ⇒ (p | a ∨ p | b) (for any a, b).

Example (Primes)2,−2, 3,−3, 5,−5 are prime; 6 is not a prime number, because6 | 2 · 3 but 6 - 2 and 6 - 3.



Primes, irreducibles

Theorem (Primes and irreducbles)Each prime number is irreducible.

Proof.Let p be a prime number and let p = ab be a factorization. Wehave to prove, that a or b is a unit.Because p = ab, p | ab, which means e.g. p | a. Thena = pk = a(bk), i.e. bk = 1, implying that b and k are units.

RemarkThe converse is not always true:

I In the set Z it is true, (see later);I The set {a + bi

√5 : a, b ∈ Z} it is not true.


Euclidean division

Euclidean division

Theorem (Euclidean division)For all integers a, b 6= 0 there exist unique integers q and r forwhich

a = bq + r ∧ 0 ≤ r < |b|. (1)

Proof.This proof for non-negative numbers can be applied to all integers.1. Existence: induction by a.

I If a < b, then a = b · 0 + a (q = 0, r = a).I If a ≥ b, then suppose that numbers less than a can be written

as (1). Let a− b = bq∗ + r∗. Then a = b(q∗ + 1) + r∗ and letq = q∗ + 1, r = r∗.

2. Uniqueness: Let a = bq + r = bq′ + r ′. Thenb(q − q′) = r ′ − r . This can be only if q = q′ and r = r ′.


Euclidean division

Euclidean division

Definition (mod)Let a and b be integers (b 6= 0). Let a = b · q + r (0 ≤ r < |b|).Then a mod b = r .Remark: q = ba/bc, if b > 0, and q = da/be, if b < 0.

Example (mod)

I 123 mod 10 = 3, 123 mod 100 = 23, 123 mod 1000 = 123;I 123 mod −10 = 3, . . .I −123 mod 10 = 7, −123 mod 100 = 77,−123 mod 1000 = 877;

I −123 mod −10 = 7, . . .


Euclidean division

Euclidean division

Example (mod)

I If it is 9 o’clock now, what time will it be after 123 hours?Let us divide 123 by 24: 123 = 24 · 5 + 3. 9 + 3 = 12: noon!If it is 9 o’clock now, what time will it be after 116 hours?Let us divide 116 by 24: 116 = 24 · 4 + 20. So 9 + 20 = 29.We have a reduction again: 29 = 24 · 1 + 5: it will be 5 A.M.!

I Which day of the week will the 10th of November be nextyear? Which day of the week was the 14th of Septemberbefore two years?Mon= 0, Tue= 1, Wed= 2, Thu= 3, Fri= 4, Sat= 5, Sun= 6

I Divide 365 by 7: 365 = 7 · 52 + 1.Monday + 1 day = 0 + 1 = 1 = Tuesday

I Divide −(365 + 366) (2012 was a leap year) by 7:−731 = 7 · (−105) + 4.Friday + 3 days = 4 + 4 = 8 red.= 1 = Tuesday.


Euclidean division

Numeral systemsIn the base 10 numeral system the number 123:123 = 100 + 20 + 3 = 1 · 102 + 2 · 101 + 3 · 100.In the base 2 numeral system the number 123:1111011(2) = 1 · 26 + 1 · 25 + 1 · 24 + 1 · 23 + 0 · 22 + 1 · 21 + 1 · 20

= 1 · 64 + 1 · 32 + 1 · 16 + 1 · 8 + 0 · 4 + 1 · 2 + 1 · 1(10)

Theorem (Representation of numbers)Let q > 1 be a fixed integer. Then each non-negative integer n canuniquely be written in the form n =

∑ki=0 aiqi , where 0 ≤ ai < q is

an integer, ak 6= 0.1. This expression is the number n written in the base q num.

sys.2. q is the base of the numeral system.3. a0, . . . , ak are the digits of n.4. k = dlogq ne.


Euclidean division

Numeral systems

n written in the base q numeral system: n =∑k

i=0 aiqi .

Proof.The proof is by induction.1. For n = 0 the theorem is true.2. Suppose each integer less than n can be written uniquely in a

base q numeral system. Because of the Euclidean divisiontheorem, there exists a unique integer 0 ≤ a0 < q, for whichn = cq + a0, that is, q | n − a0. Because of the inductionhypothesis we can express n−a0

q =∑k

i=1 aiqi−1 (in a base qnumeral system), and this expression is unique. Thenn =

∑ki=0 aiqi .


Euclidean division

Numeral systems

The previous proof provides a method to express the numbers:

Example (Representation)Let us write in base 2 numeral system the number n = 123(expressed in base 10).

i n n mod 2 n−ai2 Digits

0 123 1 123−12 1

1 61 1 61−12 1 1

2 30 0 30−02 0 11

3 15 1 15−12 1 011

4 7 1 7−12 1 1011

5 3 1 3−12 1 11011

6 1 1 1−12 1 111011


Euclidean algorithm

Greatest common divisor

Definition (Greatest common divisor)The integer d is the greatest common divisor (or gcd) of integers aand b if: d | a, d | b, and if c | a, c | b then c | d .The integer d is the gcd of integers a1, a2, . . . , an (n ∈ N+) if:d | a1, d | a2, . . . d | an, and if c | a1, c | a2, . . . c | an then c | d .

Least common multipleThe least common multiple (or lcm) of numbers a and b is m if:a | m, b | m, and a | c, b | c ⇒ m | c.The lcm of numbers a1, a2, . . . , an (n ∈ N+) is m if:a1 | m, a2 | m, . . . , an | m and if a1 | c, a2 | c, . . . , an | c then m | c.

NotationLet (a, b) = gcd(a, b) be the non-negative greatest commondivisor! Let [a, b] = lcm(a, b) be the non-negative least commonmultiple!


Euclidean algorithm

Greatest common divisor

Definition (Relative prime)

I The numbers a and b are relative prime if (a, b) = 1.I The numbers a1, a2, . . . , an are relative prime if

(a1, a2, . . . , an) = 1 (i.e. if their greatest common divisor isone).

I The numbers a1, a2, . . . , an are mutually (or pairwise) relativeprime, if i 6= j implies (ai , aj) = 1.

RemarksI Attention! The “greatest” does not refer to the usual

ordering: −3 is also the greatest common divisor of 12 and 9.I The greatest common divisor is unique disregarding

association.I Example: 35 and 12 are relative prime while 20 and 12 are

not.


Euclidean algorithm

Euclidean algorithm

Theorem (Euclidean algorithm)Each pair of integers has a greatest common divisor and it can bedetermined using the euclidean algorithm.

Proof.If one of the numbers is 0, then the other one will be the gcd. Leta and b be non-zero integers. Let us do the following divisions:

a = bq1 + r1, 0 < r1 < |b|,b = r1q2 + r2, 0 < r2 < r1,r1 = r2q3 + r3, 0 < r3 < r2,...

rn−2 = rn−1qn + rn, 0 < rn < rn−1,

rn−1 = rnqn+1

Gcd is the last 6= 0 remainder: (a, b) = rn. Here a = r−1,b = r0,


Euclidean algorithm

Proof (continued).


Euclidean algorithm

Calculating the GCD, euclidean algorithm

Example (Euclidean algorithm)Let us calculate the value of (172, 62).

i ri qi ri−2 = ri−1qi + ri– 172 – –– 62 – –1 48 2 172 = 62 · 2 + 482 14 1 62 = 48 · 1 + 143 6 3 48 = 14 · 3 + 64 2 2 14 = 6 · 2 + 25 0 3 6 = 2 · 3 + 0

The greatest common divisor: (172, 62) = 2


Euclidean algorithm

Calculating the GCD using recursion

Theorem (Theorem)Let a 6= 0. If b = 0, then (a, b) = a. If b 6= 0, then(a, b) = (|b|, a mod |b|).

Proof.If b = 0, the theorem is trivial. Since (a, b) = (|a|, |b|), we cansuppose that a, b > 0. If b 6= 0, let us divide a by |b|:a = |b| · q + (a mod |b|). This is the first line of the euclideanalg.

Example ((172,62))

(a, b) a mod |b|(172, 62) 48(62, 48) 14(48, 14) 6(14, 6) 2(6, 2) 0


Euclidean algorithm

GCD, further observations

Similarly, we can define the greatest common divisor of multiplenumbers (HW): (a1, a2, . . . , an).

Proposition (HW)Each collection a1, a2, . . . , an of integers, has (there exists) agreatest common divisor (a1, a2, . . . , an) and(a1, a2, . . . , an) = ((. . . (a1, a2), . . . an−1), an).

Proposition (HW)For each a, b, c integer (ca, cb) = c(a, b) is true.


Euclidean algorithm

Extended euclidean algorithm

Theorem (Extended euclidean algorithm)For each a, b integer there exist integers x, y , so that(a, b) = x · a + y · b.

Proof.Let qi , ri be the quotient and the remainder obtained by theeuclidean algorithm.Let x−1 = 1, x0 = 0 and for i ≥ 1 let xi = xi−2 − qixi−1. Similarlylet y−1 = 0, y0 = 1 and for i ≥ 1 let yi = yi−2 − qiyi−1.Then for i ≥ 1, xia + yib = ri . Suppose for all ∀j < i ,xja + yjb = rj is true. ri = ri−2 − ri−1qi , sori = xi−2a + yi−2b − (xi−1a + yi−1b)qi after rearranging,ri = xia + yib.Ergo xna + ynb = rn = (a, b).


Euclidean algorithm

Extended euclidean algorithmI Algorithm: ri−2 = ri−1, qi + ri ,

I x−1 = 1, x0 = 0, xi = xi−2 − qixi−1I y−1 = 0, y0 = −1, yi = yi−2 − qiyi−1

Extended euclidean algorithmLet us calculate (172, 62) and solve the 172x + 62y = (172, 62)equation!

i rn qn xi yi ri = 172xi + 62yi−1 172 – 1 0 172 = 172 · 1 + 62 · 00 62 – 0 1 62 = 172 · 0 + 62 · 11 48 2 1 −2 48 = 172 · 1 + 62 · (−2)2 14 1 −1 3 14 = 172 · (−1) + 62 · 33 6 3 4 −11 6 = 172 · 4 + 62 · (−11)4 2 2 −9 25 2 = 172 · (−9) + 62 · 255 0 3 – – –

The solution: 2 = 172 · (−9) + 62 · 25, x = −9, y = 25.


Elementary number theory

Irreducibles, primes (reminder)

I t is irreducible: if it has only trivial divisors of the form ε, t,ε · t (where ε is a unit).

I p is prime: if p | ab ⇒ p | a or p | b.I p is prime ⇒ p is irreducible.

On the set of integers the converse is also true.Theorem (Irreducible integers are prime)Every irreducible number is also a prime number.

Proof.Let p be an irreducible number, and let p | ab. Assume p - b.Then p and b are relative prime. Using the extended euclideanalgorithm we can obtain x , y integers, so that px + by = 1.Therefore pax + aby = a. Since p divides the left hand side, it alsodivides the right hand side: p | a.



The fundamental theorem of number theory

Theorem (Fundamental theorem of number theory)Every non-zero, non-unit number can uniquely be written as aproduct of primes ignoring associated elements and order.

Proof.The proof is only for non negative integers, but it can begeneralized.Existence: Induction: for n = 2, n = 3 it is true (primes).Generally if n is prime, then we are finished, if not, it can bedivided into a product in a non-trivial way. The factors are can befactorized base on the induction hypothesis.Uniqueness: Induction: for n = 2, n = 3 it is true (primes).Assume n = p1p2 · · · pk = q1q2 · · · q`, wherep1, p2 · · · , pk , q1, q2, . . . , q` are primes. p1 divides the left handside ⇒ it divides the right hand side, suppose p1 = q1. Aftersimplification: n′ = p2 · · · pk = q2 · · · q`. Because of the inductionhypothesis, this is true.



Fundamental theorem of number theory

Definition (Canonical form)The canonical form of a non-zero integer n is:

n = ±pα11 pα2

2 · · · pα`` = ±

∏̀i=1

pαii

where p1, p2,. . . , p` are positive primes, α1, α2,. . . , α` positiveintegers.

Corollary (HW)Let n, m > 1 positive integers: n = pα1

1 pα22 · · · p

α`` ,

m = pβ11 pβ2

2 · · · pβ`` , (where αi , βi ≥ 0 non-negative integers!).

ThenI (a, b) = pmin{α1,β1}

1 pmin{α2,β2}2 · · · pmin{α`,β`}

` ,I [a, b] = pmax{α1,β1}

1 pmax{α2,β2}2 · · · pmax{α`,β`}

` ,I (a, b) · [a, b] = a · b.



Number of divisors

Definition (The τ function)τ(n) is the number of (positive) divisors for an integer n > 1.

Calculating τ(n)Let n > 1 be an integer, n = pα1

1 pα22 · · · p

α`` its canonical form.

Then τ(n) = (α1 + 1) · (α2 + 1) · · · (α` + 1).

Proof.The possible divisors of n can be obtained by iterating all the βiexponents in the expression d = pβ1

1 pβ22 · · · p

β`` over the set

{0, 1, . . . , αi}. There are αi + 1 choices for each exponent.

Example (τ(n))τ(6) = 4: divisors: 1, 2, 3, 6;τ(96) = 12: divisors: 1, 2, 3, 4, 6, . . .τ(2 · 3) = (1 + 1) · (1 + 1); τ(25 · 3) = (5 + 1) · (1 + 1).



About primes

Theorem (Euclid’s theorem)There are infinitely many primes.

Proof.Indirect. Assume there are finite many primes. Let them bep1, . . . , pk . Consider the integer n = p1 · · · pk + 1. This is notdivisible by either prime p1, . . . , pk , so the factorization of n has tocontain an additional prime.

Theorem (Dirichlet’s theorem)If a, d are integers, d > 0, (a, d) = 1, then there are infinitelymany primes of the form ak + d.



About primes

Theorem (Prime number theorem)The number of primes ≤ x is ∼ x

ln x

x Number of primes x/ ln x10 4 4, 33100 25 21, 711000 168 144, 7610000 1229 1085, 73

Sieve of EratosthenesHow to find all the primes up to the integer n. Start with all theintegers from 2 to n. 2 is prime. The (non-trivial) multiples of 2are not prime, so they are eliminated. The next number is 3 whichis also a prime. The (non-trivial) multiples of 3 are not prime, sothey we eliminate them. . . Repeat this procedure up to

√n. The

integers which were not eliminated are the primes.

Discrete mathematics I - Number theoryCongruences

Congruences

CongruencesFor questions about divisibility, often only the remainder from theeuclidean division is important:

I days of the week;I number of hours, . . .

Example (Equal remainders)16 mod 3 = 1, 4 mod 3 = 1: for division by 3 we have 16 ”=” 4.

Definition (Congruence)Let a, b,m be integers. If m | a − b, then we say a is congruent tob with modulus m (or a and b are congruent modulo m) written as

a ≡ b (mod m).

If a and b are not congruent (with some modulus m) then they areincongruent.


Congruences

Equivalent formulation

Alternative notationThe following all mean m | a − b

I a ≡ b (mod m),I a ≡ b mod m,I a ≡ b (m).

Equivalent formulation:a ≡ b (mod m) ⇔ a mod m = b mod m, that is we get the sameremainder when dividing by m.

Example (Congruences)16 ≡ 4 (mod 3) since 3 | 16− 4 ⇔ 16 mod 3 = 1 = 4 mod 3;16 ≡ 4 (mod 2) since 2 | 16− 4 ⇔ 16 mod 2 = 0 = 4 mod 2;16 6≡ 4 (mod 5) since 5 - 16− 4 ⇔ 16 mod 5 = 1 6= 4 = 4 mod 5.


Congruences

Properties of congruence

Theorem (Properties of congruence)

1. a ≡ a (mod m) (reflexivity);2. a ≡ b (mod m)⇒ b ≡ a (mod m) (symmetry);3. a ≡ b (mod m) ∧ b ≡ c (mod m)⇒ a ≡ c (mod m)

(transitivity);

Ergo, the congruence modulo m is an equivalence relation.

Proof.1. m | 0 = a − a;2. m | a − b ⇒ m | b − a = −(a − b);3. m | a − b ∧m | b − c ⇒ m | a − c = (a − b) + (b − c);


Congruences


Theorem (Properties of congruence)

1. a ≡ b (mod m) ∧m′ | m⇒ a ≡ b (mod m′);2. a ≡ b (mod m)∧ c ≡ d (mod m)⇒ a+ c ≡ b + d (mod m);3. a ≡ b (mod m) ∧ c ≡ d (mod m)⇒ ac ≡ bd (mod m).

Proof.1. m′ | m | a − b ⇒ m′ | a − b;2. m | a−b∧m | c−d ⇒ m | (a+c)−(b+d) = (a−b)+(c−d);3. a = q1m + b ∧ c = q2m + d ⇒ ac = (q1m + b)(q2m + d) =

m(q1q2m + q1d + q2b) + bd .


Congruences


Example (Properties of congruences)What is 345 mod 7 =?345 = 34 · 10 + 5 ≡ 6 · 3 + 5 = 18 + 5 ≡ 4 + 5 = 9 ≡ 2 (mod 7).Reminder: a ≡ b (mod m), c ≡ d (mod m) ⇒ ac ≡ bd (mod m)

CorollaryIf a ≡ b (mod m) then ac ≡ bc (mod m).

Example (Properties of congruence)14 ≡ 6 (mod 8) then 42 ≡ 18 (mod 8)The converse is not true! 2 · 7 ≡ 2 · 3 (mod 8) but 7 6≡ 3 (mod 8).


Congruences

Divisibility and relative primes

Theorem (Statement)∀a, b, c ∈ Z : (a | bc ∧ (a, b) = 1 =⇒ a | c)

Proof.Using the extended Euclidean algorithm to obtain x and y , suchthat ax + by = 1, so c = xac + ybc = (xc)a + y(bc). Using thestatement about the divisibility of linear combinations we havea | c.


Congruences

The converse is not true

Theorem (Division)Let a, b, c, m be integers. Thenac ≡ bc (mod m) ⇔ a ≡ b (mod m

(c,m))

Corollaryac ≡ bc (mod m), (c,m) = 1 ⇔ a ≡ b (mod m).

Example (Division)2 · 7 ≡ 2 · 3 (mod 8) ⇒ 7 ≡ 3 (mod 8

2).

Proof.Let d = (c,m). Thenm | c(a − b) ⇔ m

d |cd (a − b) . Since

(md ,

cd

)= 1,

we have md | (a − b) ⇔ a ≡ b (mod m

d ).


Linear congruences

Linear congruencesLet us solve the congruence 2x ≡ 5 (mod 7).If x is a solution of x ≡ y (mod 7), then y is also a solution.Let us find the solution in the set {0, 1, . . . , 6}.

I x = 0 ⇒ 2x = 0 6≡ 5 (mod 7);I x = 1 ⇒ 2x = 2 6≡ 5 (mod 7);I x = 2 ⇒ 2x = 4 6≡ 5 (mod 7);I x = 3 ⇒ 2x = 6 6≡ 5 (mod 7);I x = 4 ⇒ 2x = 8 ≡ 1 6≡ 5 (mod 7);I x = 5 ⇒ 2x = 10 ≡ 3 6≡ 5 (mod 7);I x = 6 ⇒ 2x = 12 ≡ 5 (mod 7).

The solution of the congruence: {6 + 7k : k ∈ Z}.Is there a better method?Let us solve the congruence 23x ≡ 4 (mod 211). Do we need 211tries?


Linear congruences

Linear congruences

Theorem (Solution of linear congruences)Let a, b, m be integers with m > 1. Then if there is a solution forax ≡ b (mod m) ⇔ (a,m) | b. If this is the case, the number ofincongruent solutions modulo m equals (a,m).

Proof.ax ≡ b (mod m) ⇔ ax + my = b for some y integer.(a,m) | a and (a,m) | m ⇔ (a,m) | ax + my = b.If d = (a,m) | b let a′ = a/d , b′ = b/d , m′ = m/d :a′x + m′y = b′Since (a′,m′) = 1 using the extended euclidean algorithm we cancalculate x0, y0, so a′x0 + m′y0 = 1 ⇒ a′(b′x0) + m′(b′y0) = b′,that is x1 = b′x0, y1 = b′y0 will be the solutions.Number of solutions: let (x , y) be a (pair of) solutions.Subtracting the equations equations a′x + m′y = b′ anda′x1 +m′y1 = b′ we get: a′(x − x1) = m′(y1− y) ⇒ m′ | x − x1 ⇒x = x1 + m′k: for k = 0, 1, . . . d − 1 we have incongruentsolutions. (y = y1 − ka′).


Linear congruences

Linear Congruences

1. ax ≡ b (mod m) ⇔ ax + my = b.2. Let us solve the ax + my = (a,m) equation (ext. euc. alg.).3. If (a,m) | b ⇔ a solution exists.4. The solution: xi = b

(a,m)x + k m(a,m) : k = 0, 1, . . . , (a,m)− 1.

Example (Solvingcongruences)

i rn qn xi−1 23 – 10 211 – 01 23 0 12 4 9 −93 3 5 464 1 1 −555 0 3 –

Example (23x ≡ 4 (211))ri−2 = ri−1qi + ri , x−1 = 1,x0 = 0, xi = xi−2 − qixi−1GCD: (23, 211) = 1 | 4 ⇒One solution:x = 4(−55) ≡ 202(mod 211).All solutions:{202 + 211k : k ∈ Z}.These are solutions:23 · (202 + 211k)− 4 =4642 + 211k = (22 + k) · 211


Linear congruences

Linear congruences

Example (Solving congruences)Solve the 10x ≡ 8 (mod 22) congruence!

i rn qn xi−1 10 – 10 22 – 01 10 0 12 2 2 −23 0 5 –

The algorithm: ri−2 = ri−1qi + ri , x−1 = 1, x0 = 0,xi = xi−2 − qixi−1, y−1 = 0, y0 = −1, yi = yi−2 − qiyi−1GCD: (10, 22) = 2 | 8 ⇒ A pair of solutions: x1 = 4(−2) ≡ 14(mod 22), x2 = 4(−2) + 22

2 ≡ 14 + 11 ≡ 3 (mod 22).All solutions: {14 + 22k : k ∈ Z} ∪ {3 + 22k : k ∈ Z}.These are solutions: x1 = 14: 10 · 14− 8 = 132 = 6 · 22 x2 = 3:10 · 3− 8 = 22 = 1 · 22.


Linear congruences

Linear Diophantine equations

Linear Diophantine equationsDefinition: equations with integer solutions.Linear Diophantine equations: ax + by = c, where a, b, c ∈ Z.This is equivalent with the ax ≡ c (mod b), or by ≡ c (mod a)congruence.ax + by = c can be solved if and only if (a, b) | c, and then thesolutions can be obtained using the extended euclidean algorithm.

Other Diophantine equationsx2 + y2 = −4: Doesn’t have (real)solutions.x2 − 4y2 = 3: doesn’t have integersolutions, because the remainders(mod 4) is: x2 ≡ 3 (mod 4). Butthis can not be, because theremainder of a square has to be 0 or1:

Squares (mod 4)

x x2 mod 44k 04k + 1 14k + 2 04k + 3 1


Simultaneous congruences

Simultaneous congruencesWe want to find an integer x , which simultaneously satisfies thefollowing congruences:

2x ≡ 1 (mod 3)4x ≡ 3 (mod 5)

The solution for the congruences separately:x ≡ 2 (mod 3)x ≡ 2 (mod 5)

We can see x = 2 will be a solution!I 2, 17, 32, . . . ,2 + 15k;I Other solutions?I How do we solve the general case:

x ≡ 2 (mod 3)x ≡ 3 (mod 5)



Simultaneous congruencesProblem: Solve the following system of congruences:

a1x ≡ b1 (mod m1)a2x ≡ b2 (mod m2)

...anx ≡ bn (mod mn)

The congruences aix ≡ bi (mod mi) can be solved separately:

x ≡ c1 (mod m1)x ≡ c2 (mod m2)...

x ≡ cn (mod mn)



Simultaneous congruencesProblem: Solve the following system of congruences:

x ≡ c1 (mod m1)x ≡ c2 (mod m2)...

x ≡ cn (mod mn)We can assume that m1,m2 . . . ,mn are relative prime.If e.g. m1 = m′1d , m2 = m′2d , the first two congruences can besubstituted with the following (Proof later)

x ≡ c1 (mod m′1)x ≡ c1 (mod d)x ≡ c2 (mod m′2)x ≡ c2 (mod d)

If here c1 6≡ c2 (mod d), then there is no solution, otherwise oneof the congruences can be deleted.



Chinese remainder theorem

Theorem (Chinese remainder theorem)Let 1 < m1,m2 . . . ,mn be relative prime numbers, c1, c2, . . . , cnintegers. Then the

x ≡ c1 (mod m1)x ≡ c2 (mod m2)...

x ≡ cn (mod mn)

system of congruences can be solves, and the solutions arecongruent to each other modulo m1 ·m2 · · ·mn.



Chinese remainder theoremx ≡ c1 (mod m1), x ≡ c2 (mod m2), . . ., x ≡ cn (mod mn). x =?Proof.Let m = m1m2. Using the extended euclidean algorithm solve them1x1 + m2x2 = 1 equation. Let c1,2 = m1x1c2 + m2x2c1. Thenc1,2 ≡ cj (mod mj) (j = 1, 2). If x ≡ c1,2 (mod m), then x is thesolution of the first two congruences. Converse: if x is a solution ofthe first two congruences, then m1 and m2 are divisors of x − c1,2,therefore their product is also a divisor: x ≡ c1,2 (mod m). Thisgives us an equivalent system of congruences to the original:

x ≡ c1,2 (mod m1m2)x ≡ c3 (mod m3)...

x ≡ cn (mod mn)

Then induction by n provides us with the proof.




Example (Simultaneous congruences)Solve the following system of congruences:

x ≡ 2 (mod 3)x ≡ 3 (mod 5)

I Let us solve the 3x1 + 5x2 = 1 equation.I The solution: x1 = −3, x2 = 2 ⇒

c1,2 = 3 · (−3) · 3 + 5 · 2 · 2 = −27 + 20 = −7.I All the solutions: {−7 + 15k : k ∈ Z} = {8 + 15k : k ∈ Z}.




Example (Example)

x ≡ 2 (mod 3)x ≡ 3 (mod 5)x ≡ 4 (mod 7)

c1,2=8=⇒

{x ≡ 8 (mod 15)x ≡ 4 (mod 7)

Example (Example)

I Let us solve the 15x1,2 + 7x3 = 1 equation.I Solutions: x1,2 = 1, x3 = −2. ⇒

c1,2,3 = 15 · 1 · 4 + 7 · (−2) · 8 = 60− 112 = −52.I All the solutions:{−52 + 105` : ` ∈ Z} = {53 + 105` : ` ∈ Z}.


Residue classes

Residue classesOften, the solution is not just one integer (family of integers), butan entire set (set of families):

I 2x ≡ 5 (mod 7), sol.: {6 + 7k : k ∈ Z}I 10x ≡ 8 (mod 22), sol.: {14 + 22k : k ∈ Z},{3 + 22k : k ∈ Z}.

Definition (Residue classes)For a fixed modulus m and integer a, the integers congruent to aconstitute the residue (or congruence) class represented by a:a = {x ∈ Z : x ≡ a (mod m)} = {a + km : k ∈ Z}. The set of allresidue classes is denoted by Zm = {a : 0 ≤ a < m}.

Example (Residue class)The solution of 2x ≡ 5 (mod 7): 6The solution of 10x ≡ 8 (mod 22): 14, 3.With modulus m = 7, 2 = 23 = {. . . ,−5, 2, 9, 16, 23, 30, . . . }Generally: a = b ⇔ a ≡ b (mod m).


Residue classes

Complete residue system

Definition (Complete residue system)For a fixed modulus m, the complete residue system modulo m is aset containing exactly one element from each congruence classmodulo m.

Example (CRS){33,−5, 11,−11,−8} is a complete residue system modulo 5.A popular choices for complete residue systems:

I Least non-negative residue system modulo m:I {0, 1, . . . ,m − 1};

I Least absolute value residue system modulo m:I{0,±1, . . . ,±m−1

2}, if 2 - m;

I{0,±1, . . . ,±m−2

2 , m2}, if 2 | m.


Residue classes

Reduced residue system

RemarkIf one element of a congruence class is relative prime to themodulus, then all the elements are too:: (a + `m,m) = (a,m) = 1.

Definition (Reduced residue system)For a fixed modulus m, the reduced residue system modulo m is aset containing exactly one element from all the congruence classeswith elements relative prime to m.For a fixed modulus m, if (a,m) = 1, then the residue class arepresented by a is a reduced residue class. The set of reducedresidue classes is denoted by Z∗m = {a : 1 ≤ a < m, (a,m) = 1}.

Example (RRS){1, 2, 3, 4} is a reduced residue system modulo 5.{1,−1} is a reduced residue system modulo 3.{1, 19, 29, 7} is a reduced residue system modulo 8.{0, 1, 2, 3, 4} is not a reduced residue system modulo 5.


Residue classes

Operations on residue classesOperations between residue classes can be defined in a natural way:

Definition (Addition and multiplication)For a fixed modulus m, and a, b integers let:

a + b def= a + b; a · b def= a · b

PropositionThis definition is meaningful, because if a = a∗, b = b∗, thena + b = a∗ + b∗, and a · b = a∗ · b∗

Proof.Since a = a∗, b = b∗ ⇒ a ≡ a∗ (mod m), b ≡ b∗ (mod m) ⇒a + b ≡ a∗ + b∗ (mod m) ⇒ a + b = a∗ + b∗ ⇒ a + b = a∗ + b∗.Similar proof applies to the multiplication.


Residue classes

Residue classes

Operations between residue classes can be defined in a naturalway: a + b = a + b; a · b = a · b.

Definition (Operations)For a fixed modulus m, let Zm be the set of residue classes modulom. Then addition and multiplication can be defined on this set.

Example (Z3,+)

+ 0 1 20 0 1 21 1 2 02 2 0 1

Example (Z3, ·)

· 0 1 20 0 0 01 0 1 22 0 2 1


Residue classes

Example

Example (Z4,+)

+ 0 1 2 30 0 1 2 31 1 2 3 02 2 3 0 13 3 0 1 2

Example (Z4, ·)

· 0 1 2 30 0 0 0 01 0 1 2 32 0 2 0 13 0 3 2 1


Residue classes

Residue classes

Theorem (Multiplicative group)

I Let m > 1 be an integer. If 1 < (a,m) < m, then a is a zerodivisor in Zm: for a there exists a b 6= 0, so a · b = 0

I If (a,m) = 1, then a has a reciprocal (multiplicative inverse)in Zm: for a there exists a x, so a · x = 1.

I Ergo, if m is prime, division by any non-zero prime is possible.

Example (Zero divisors and multiplicative inverse)Let m = 9. 6 · 3 = 18 = 0. (2, 9) = 1, so 2 · 5 = 10 = 1.

Proof.Let d = (a,m). Then a · m

d = ad ·m ≡ 0 (mod m), which if

b = m/d then a · b = 0.If (a,m) = 1, then using the ext.euc.alg. we can obtain x , yintegers, such that ax + my = 1. Then ax ≡ 1 (mod m) i.e.a · x = 1.


Euler-Fermat theorem and the totient function

Euler’s totient ϕ function

Definition (Totient function)For a m > 0 integer, let ϕ(m) be the number of positive integersless then and relative prime to m:ϕ(m) = |{i : 0 < i < m, (m, i) = 1}|.

Example (Totient function)

I ϕ(5) = 4: integers relative prime to 5: 1, 2, 3, 4;I ϕ(6) = 2: integers relative prime to 6: 1, 5;I ϕ(12) = 4: integers relative prime to 12: 1, 5, 7, 11.I ϕ(15) = 8: integers relative prime to 15:

1, 2, 4, 7, 8, 11, 13, 14.

Remark: ϕ(m) is the number of reduced congruence classesmodulo m.



Euler functionϕ(m) = |{i : 0 < i < m, (m, i) = 1}|Theorem (Calculating the ϕ(n))Let the factorization of m be m = pe1

1 pe22 · · · p

e`` . Then

ϕ(m) = m ·∏̀i=1

(1− 1

pi

)=∏̀i=1

(pei

i − pei−1i

)=∏̀i=1

pei−1i (pi − 1)

Example (Calculating the ϕ(n))

I ϕ(5) = 5(1− 1

5

)= 4;

I ϕ(6) = 6(1− 1

2

) (1− 1

3

)= 2;

I ϕ(12) = 12(1− 1

2

) (1− 1

3

)= 4;

I ϕ(15) = 15(1− 1

3

) (1− 1

5

)= 8.



Euler-Fermat theorem

Theorem (Euler-Fermat)Let m > 1 be an integer, a an integer for which (a,m) = 1. Thenaϕ(m) ≡ 1 (mod m).

Theorem (Fermat)Let p be a prime, p - a. Then ap−1 ≡ 1 (mod p), or if is anarbitrary integer a then ap ≡ a (mod p). (A direct consequence ofthe E-F thm)

Example (Euler Fermat theorem)

I ϕ(6) = 2 ⇒ 52 = 25 ≡ 1 (mod 6);I ϕ(12) = 4 ⇒ 54 = 625 ≡ 1 (mod 12); 74 = 2401 ≡ 1

(mod 12).I Caution! 24 = 16 ≡ 4 6≡ 1 (mod 12), because

(2, 12) = 2 6= 1.



The proof of Euler-Fermat theorem

LemmaLet m > 1 be an integer, a1, a2 . . . , am a complete residue systemmodulo m. Then for each integer a, b, if (a,m) = 1, then a · a1 +b,a · a2 + b . . . , a · am + b is also a complete residue system.Further, if a1, a2, . . . , aϕ(m) is a reduced residue system modulom, then a · a1, a · a2 . . . , a · aϕ(m) is also a reduced residue system.

Proof.If i 6= j then aai + b ≡ aaj + b (mod m) ⇔ aai ≡ aaj (mod m).Since (a,m) = 1, we divide by a: ai ≡ aj (mod m). So a · a1 + b,a · a2 + b . . . , a · am + b are pairwise incongruent. Since we havem different numbers, it is a complete residue system.If (ai ,m) = 1, then (a,m) = 1 ⇒ (a · ai ,m) = 1. Further a · a1,a · a2 . . . , a · aϕ(m) are pairwise incongruent, their number is ϕ(m)⇔ reduced residue system.



The proof of Euler-Fermat theorem

Theorem (Euler-Fermat)(a,m) = 1 ⇒ aϕ(m) ≡ 1 (mod m).

ProofLet a1, a2, . . . , aϕ(m) be a reduced residue system modulo m.Since (a,m) = 1 ⇒ a · a1, a · a2 . . . , a · aϕ(m) is also a reducedresidue system. Therefore

aϕ(m)ϕ(m)∏j=1

aj =ϕ(m)∏j=1

a · aj ≡ϕ(m)∏j=1

aj (mod m)

Because∏ϕ(m)

j=1 aj is relative prime to m, we can simplify:

aϕ(m) ≡ 1 (mod m)



Euler-Fermat theorem

Theorem (Euler-Fermat)(a,m) = 1 ⇒ aϕ(m) ≡ 1 (m)

Example (E-F theorem)I What is the last digit of 3111 in the decimal number system?

I What is 3111 mod 10?I ϕ(10) = 4 ⇒ 3111 = 34·27+3 =

(34)27 · 33 ≡ 127 · 33 = 27 ≡ 7

(10)I Solve the 2x ≡ 5 (mod 7) congruence!

I ϕ(7) = 6. Multiply both sides by 25. ThenI 5 · 25 ≡ 26x ≡ x (mod 7). And now

5 · 25 = 5 · 32 ≡ 5 · 4 = 20 ≡ 6 (mod 7).I Solve the 23x ≡ 4 (mod 211) congruence!

I ϕ(211) = 210. Multiply both sides by 2209. ThenI 4 · 23209 ≡ 23210x ≡ x (mod 211). And now 4 · 23209 ≡ . . .

(mod 211).



Exponentiation by squaring (fast exponentiation)Let m, a, n be positive integers, m > 1. We would like to calculateefficiently the remainder an mod m.Write n in the base 2 (binary) numeral system:

n =k∑

i=0εi2i = (εkεk−1 . . . ε1ε0)(2) where ε0, ε1, . . . , εk ∈ {0, 1}

Let nj (0 ≤ j ≤ k) be the number defined by the first j + 1 digits:nj = bn/2k−jc = (εkεk−1 . . . εk−j+1)(2)Then for each j the remainder xj ≡ anj (mod m):n0 = ε0 = 1, x0 = a. nj = 2 · nj−1 + εj ⇒

xj = aεjx2j−1 mod m =

{x2

j−1 mod m, if εj = 0aεjx2

j−1 mod m, if εj = 0

⇒ xk = an mod m.The correctness follows from the following formula (Proof HW):an =

∏ki=0(a2i )εi where n =

∑ki=0 εi2i .



Fast exponentiation

Example (Fast exponentiation)How much is 3111 mod 10? (Euler-Fermat ⇒ 7)111(10) = 1101111(2) here k = 6, a = 3.

j nj xj = aεj · x2j−1 xj mod 10

0 1 – 31 1 x1 = 3 · 32 72 0 x2 = 72 93 1 x3 = 3 · 92 34 1 x4 = 3 · 32 75 1 x5 = 3 · 72 76 1 x6 = 3 · 72 7



Fast exponentiation

Example (Lin.cong. with fast exponentiation)Let us solve the congruence 23x ≡ 4 (mod 211). Euler-Fermat ⇒x ≡ 4 · 23209 ≡ . . . (mod 211). How much is 23209 mod 211?209(10) = 11010001(2) itt k = 7, a = 23.

j nj xj = aεj · x2j−1 xj mod 211

0 1 – 231 1 x1 = 23 · 232 1402 0 x2 = 1402 1883 1 x3 = 23 · 1882 1404 0 x4 = 1402 1885 0 x5 = 1882 1076 0 x6 = 1072 557 1 x6 = 23 · 552 156

x ≡ 4 · 23209 ≡ 4 · 156 ≡ 202 (mod 211).


The multiplicative group

Generators

Theorem (Generating the multiplicative group)Let p be a prime. Then in Z∗p there exists a generator (primitiveroot), i.e. there is an integer 1 < g < p, which yields everyreduced congruence class when raised to different powers ofinteger: {g0 = 1, g , g2, . . . , gp−1} = Z∗p, i.e.{1 = g0, g mod p, g2 mod p, . . . , gp−1 mod p} = {1, 2, . . . , p − 1}.

Example (3 is a generator modulo 7)

31 = 3 = 30 · 3 ≡ 1 · 3 = 3 ≡ 3 mod 732 = 9 = 31 · 3 ≡ 3 · 3 = 9 ≡ 2 mod 733 = 27 = 32 · 3 ≡ 2 · 3 = 6 ≡ 6 mod 734 = 81 = 33 · 3 ≡ 6 · 3 = 18 ≡ 4 mod 735 = 243 = 34 · 3 ≡ 4 · 3 = 12 ≡ 5 mod 736 = 729 = 35 · 3 ≡ 5 · 3 = 15 ≡ 1 mod 7


The multiplicative group

Generator

Example (2 mod 11 and mod 7)

I 2 is a generator modulo 11

n 1 2 3 4 5 6 7 8 9 102n mod 11 2 4 8 5 10 9 7 3 6 1

I 2 is not a generator modulo 7

n 1 2 3 4 5 62n mod 7 2 4 1 2 4 1


Discrete logarithm

Discrete logarithm

Definition (Discrete logarithm)Let p be a prime, g a generator modulo p. Then the a ∈ Z: (p - a)g base discrete logarithm (or index) of a is:

logg a = n : a ≡ gn mod p, 0 ≤ n < p − 1.

Example (3 is a gen. mod7)

n 1 2 3 4 5 63n 3 2 6 4 5 1

3n 3 2 6 4 5 1n 1 2 3 4 5 6

Example (Discrete logarithm)

a 3 2 6 4 5 1log3 a 1 2 3 4 5 6

a 1 2 3 4 5 6log3 a 6 2 1 4 5 3


Discrete logarithm

Discrete logarithm

Example (a)2 is a generator modulo 11

n 1 2 3 4 5 6 7 8 9 102n mod 11 2 4 8 5 10 9 7 3 6 1

Table of logarithms:

a 1 2 3 4 5 6 7 8 9 10log2 a 10 1 8 2 4 9 7 3 6 2

Theorem (Properties of the discrete logarithm)Let p be a prime, g a generator p, 1 ≤ a, b < p, n ∈ Z. Then

logg(a · b) ≡ logg a + logg b (mod p − 1)logg (an) ≡ n · logg a (mod p − 1)


Applications

Applications

Field of applications of number theory:I Cryptography

I encryption of messages;I digital signatures;I authentication and authorization,

I Code theory


Applications

Caesar cipher (code)Julius Caesar communicated with his soldiers using the followingcipher:Let us match the letters of the (English) alphabet with the set{0, 1, . . . , 25} :

a 7→ 0b 7→ 1c 7→ 2...z 7→ 25

I Encryption key s ∈ {0, 1, . . . , 25}.I Encryption For a ∈ {0, 1, . . . , 25} encrypt a

using the a 7→ a + s mod 26 map. Theencryption is letter-wise.

I Decryption For b ∈ {0, 1, . . . , 25} decrypt busing the b 7→ a − s mod 26 map. Decryption isletter-wise.

Example (Caesar - Rot13)Encryption of hello using s = 13 as the key:hello → 7 4 11 11 14 encryption→ 20 17 24 24 1 → uryyburyyb: Decryption with the key s = 13:uryyb → 20 17 24 24 1 decryption→ 7 4 11 11 14 → hello


Applications

Caesar cipher (code)For the key s = 13 we have: Rot13.Encryption and decryption is done with the same key: −13 ≡ 13(mod 26).This cipher is not secure: it can be cracked by analyzing thefrequency of occurrence of letters (al-Kindi 9 century a.d. )If we use a different (random) keys at different positions in themessage ⇒ security is mathematically proven.In practice: One Time Pad – OTP

I Message: binary form: m = 100100101I Key: binary sequence: s = 010110110I Encryption: bitwise XOR (mod2 addition):

m = 100100101XOR s = 010110110

c = 110010011Crucial point: transferring the secret key s.


Applications

RSARon Rivest, Adi Shamir and Leonard Adleman suggested thefollowing method in 1977:RSA encryption

I Generating the keys: Let p, q be two (big, ~1024 bit) primes,n = p · q.

I Let e ∈ {1, . . . , ϕ(n)}, so that (e, ϕ(n)) = 1.I Let d be the solution of the congruence ex ≡ 1 (mod ϕ(n)).I Keys: public key (n, e) and private (secret) key d .I Encryption of the message 0 ≤ m < n: c = me mod n.I Decryption for an encrypted message 0 ≤ c < n:

m = cd mod n.

Correctness of the algorithmcd ≡ (me)d = me·d = mk·ϕ(n)+1 E-F≡ m (mod n)


Applications

RSAActually m just a key for another encryption.The procedure is secure, because we can not efficiently factorizethe n = p · q product.Problem

I Find the divisors of the following numbers.

RSA-100 =522605027922533360535618378132637429718068114961380688657908494580122963258952897654000350692006139RSA-2048 =25195908475657893494027183240048398571429282126204032027777137836043662020707595556264018525880784406918290641249515082189298559149176184502808489120072844992687392807287776735971418347270261896375014971824691165077613379859095700097330459748808428401797429100642458691817195118746121515172654632282216869987549182422433637259085141865462043576798423387184774447920739934236584823824281198163815010674810451660377306056201619676256133844143603833904414952634432190114657544454178424020924616515723350778707749817125772467962926386356373289912154831438167899885040445364023527381951378636564391212010397122822120720357


Applications

RSA

Factorization of RSA-2048:I Trial-division (the sieve of Eratosthenes): for a number n

about ∼√n divisions are needed:

I RSA-2048 ∼ 22048, ∼ 21024 divisions.I For ∼ 109 ≈ 230 divisions per second ⇒ 21024/230 = 2994

seconds are needed to factorise.I 2994 seconds ≈ 2969 years.

I The same with 2 computers: 2968 years.I The same with the best (known) algorithm:

2500000000000000000000000000000 years (= 2, 5 · 1030)I The age of the universe: 1, 38 · 1010 years.


Applications

RSA

Example (RSA)I Generating the keys:

I Let p = 61, q = 53 and n = 61 · 53 = 3233, ϕ(3233) = 3120.I Let e = 17. Using the extended euclidean algorithm: d = 2753I Public key: (n = 3233, e = 17);I Private (secret) key: d = 2753.

I Encryption: Let m = 65.I c = 2790 ≡ 6517 (mod 3233)

I Decryption: If c = 2790:I 27902753 ≡ 65 (mod 3233)

Digital signatureI e and d change rolls (Separate keys are needed for

encryption):I Signature: Let s = md mod n, then the signed message:

(m, s).

I Verification: m ?≡ se (mod n).


Applications

Diffie-Hellman key exchange protocolThe first public key cryptography system was developed byWhitfield Diffie and Martin Hellman, and published in 1976.

Alice Bobchooses: a ∈R {0, 1, . . . , p − 2} chooses: b ∈R {0, 1, . . . , p − 2}ga−→

gb←−

calculates:(gb)a

calculates: (ga)b

common key: gab common key: gab

I Public parameters:I p (large) prime, g generator modp.

I Keys:I Alice’s private key a: 1 ≤ a < p − 1, public key ga mod pI Bob’s private key b: 1 ≤ a < p − 1, public key gb mod p

I Common key: gab mod p.


Applications

Diffie-Hellman key exchange protocol

The protocol is secure, because calculating the discrete logarithmis hard.If p ∼ 22048 (2048 bits), calculating the discrete logarithm takes∼ 1030 years.

Example (Diffie-Hellman)

I Public parameters: Let p = 11, g = 2.I Keys:

I Alice’s private key a = 4, public key 24 mod p = 5I Bob private key b = 8, public key 28 mod p = 3

I Common key:(gb)a

= 34 mod p = 4, (ga)b = 58mod = 4.

Discrete mathematics I - Number...

Documents

Transcript of Discrete mathematics I - Number...