Section 20 – Fermat’s and Euler’s theorems

Fermat’s theoremEuler’s generalization

Application to cryptography

Instructor: Yifan Yang

Spring 2007

Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

The multiplicative group of nonzero elements in a field

Theorem

The nonzero elements of a field form a group under the fieldmultiplication.

Proof.

Straightforward. See Exercise 37 of Section 18.

Notation

The mutliplicative group of nonzero elements in a field F will bedenoted by F×.

Theorem

Proof.

Notation

Theorem

Proof.

Notation

Fermat’s theorem

Theorem (20.1, Little theorem of Fermat)

Let p be a prime. Then for all integers a not divisible by p, wehave

ap−1 ≡ 1 mod p.

Proof.

The group Z×p has p − 1 elements. Then by the Lagrange

theorem (Theorem 10.10), for all a ∈ Z×p , ap−1 ≡ 1 mod p.

Fermat’s theorem

Theorem (20.1, Little theorem of Fermat)

Let p be a prime. Then for all integers a not divisible by p, wehave

ap−1 ≡ 1 mod p.

Proof.

The group Z×p has p − 1 elements. Then by the Lagrange

theorem (Theorem 10.10), for all a ∈ Z×p , ap−1 ≡ 1 mod p.

Corollary and examples

Corollary (20.2)

Let p be a prime. Then

ap ≡ a mod p

for all a ∈ Z.

Example 1. Let us compute the remainder of 7103 whendivided by 17.

Solution. By Fermat’s theorem, we have 716 ≡ 1 mod 17.Thus,

7103 = 76×16+7 = (716)6(77) ≡ 77 = 7(73)2

= 7(343)2 ≡ 7 · 9 ≡ 12 mod 17.

Corollary (20.2)

ap ≡ a mod p

for all a ∈ Z.

7103 = 76×16+7 = (716)6(77) ≡ 77 = 7(73)2

= 7(343)2 ≡ 7 · 9 ≡ 12 mod 17.

Corollary (20.2)

ap ≡ a mod p

for all a ∈ Z.

7103 = 76×16+7 = (716)6(77) ≡ 77 = 7(73)2

= 7(343)2 ≡ 7 · 9 ≡ 12 mod 17.

Examples

Example 2. Prove that n33 − n is divisible by 15 for all n.

Solution. We need to show that n33 − n is divisible by both 3and 5. Here we demonstrate n33 − n ≡ 0 mod 5, and leaven33 − n ≡ 0 mod 3 as an exercise.If 5|n, then n33 is clearly congruent to n modulo 5. If 5 - n, then

n33 − n = n(n32 − 1) = n((n4)8 − 1) ≡ n(1− 1) = 0 mod 5.

Examples

n33 − n = n(n32 − 1) = n((n4)8 − 1) ≡ n(1− 1) = 0 mod 5.

Examples

n33 − n = n(n32 − 1) = n((n4)8 − 1) ≡ n(1− 1) = 0 mod 5.

Examples

n33 − n = n(n32 − 1) = n((n4)8 − 1) ≡ n(1− 1) = 0 mod 5.

Euler’s generalization

Theorem (20.6)

The set Z×n of nonzero elements of Zn that are not zero divisors

forms a group.

Proof.• closed:

• Suppose that a and b are not 0 nor zero divisors. We needto show that ab is neither 0 nor a zero divisor.

• Since a and b are not 0 nor zero divisors, ab 6= 0.• Now suppose that (ab)c = 0.• Then a(bc) = 0. Since a is not 0 nor a zero divisors,

bc = 0.• By the same token bc = 0 implies c = 0. Thus ab is not a

zero divisor.

Theorem (20.6)

forms a group.

Proof.• closed:

zero divisor.

Theorem (20.6)

forms a group.

Proof.• closed:

zero divisor.

Theorem (20.6)

forms a group.

Proof.• closed:

zero divisor.

Theorem (20.6)

forms a group.

Proof.• closed:

zero divisor.

Theorem (20.6)

forms a group.

Proof.• closed:

zero divisor.

Proof of Theorem 20.6, continued

• associativity: obvious.

• identity: 1 is the multiplicative identity.• inverse:

• We will argue along the same line as the proof of Theorem19.11 that every finite integral domain is a field.

• Let a1, . . . , ak be the elements of Z×n . For a ∈ Z×n , weconsider aa1, . . . , aak .

• Suppose that aai = aaj . Then a(ai − aj) = 0.• Since a is not 0 nor a zero divisor, we have ai − aj = 0 or

equivalently ai = aj .• This shows that aa1, . . . , aak are all distinct, and thus one of

them must be 1.• This shows that a has an inverse in Z×n .

Euler’s φ-function

Definition

The Euler’s φ-function φ(n) is defined as the number ofelements in Z×

n . (By Theorem 19.3,φ(n) = {1 ≤ k ≤ n : gcd(k , n) = 1}.)

Example

1 Z×12 = {1, 5, 7, 11}. Thus φ(12) = 4.

2 Z×15 = {1, 2, 4, 7, 8, 11, 13, 14}, and φ(15) = 8.

Remark

In general, φ(n) = n∏

p|n,p primes(1− 1/p).

Definition

Example

1 Z×12 = {1, 5, 7, 11}. Thus φ(12) = 4.

2 Z×15 = {1, 2, 4, 7, 8, 11, 13, 14}, and φ(15) = 8.

Remark

Definition

Example

1 Z×12 = {1, 5, 7, 11}. Thus φ(12) = 4.

2 Z×15 = {1, 2, 4, 7, 8, 11, 13, 14}, and φ(15) = 8.

Remark

Definition

Example

1 Z×12 = {1, 5, 7, 11}. Thus φ(12) = 4.

2 Z×15 = {1, 2, 4, 7, 8, 11, 13, 14}, and φ(15) = 8.

Remark

Euler’s theorem

Theorem (20.8, Euler’s theorem)

Let n be a positive integer. Then for all integers a relativelyprime to n, we have

aφ(n) ≡ 1 mod n.

Proof.

Similar to the proof of Fermat’s theorem. (Apply the Lagrangetheorem to the group Z×

Example

Let us compute 499 mod 35. We have 4φ(35) ≡ 1 mod 35, i.e.,424 ≡ 1 mod 35. Thus, 499 ≡ 43 = 64 ≡ 29 mod 35.

Euler’s theorem

aφ(n) ≡ 1 mod n.

Proof.

Example

Euler’s theorem

aφ(n) ≡ 1 mod n.

Proof.

Example

Euler’s theorem

aφ(n) ≡ 1 mod n.

Proof.

Example

Euler’s theorem

aφ(n) ≡ 1 mod n.

Proof.

Example

In-class exercises

1 Find the remainder of 31105, when divided by 23.2 Find the remainder of 29980, when divided by 37.3 Find the remainder of 23000, when divided by 35.4 Find the remainder of 21000, when divided by 27.

Finding a−1 modulo n using the Euclidean algorithm

Example. Find the multiplicative inverse of 11 modulo 29.

Solution. We have

29 = 2× 11 + 7

11 = 1× 7 + 4

7 = 1× 4 + 3

4 = 1× 3 + 1.

1 = 4− 1× 3

= 4− 1× (7− 1× 4) = 2× 4− 1× 7

= 2× (11− 1× 7)− 1× 7 = 2× 11− 3× 7

= 2× 11− 3× (29− 2× 11) = 8× 11− 3× 29.

We see that the multiplicative inverse of 11 modulo 29 is 8.Instructor: Yifan Yang Section 20 – Fermat’s and Euler’s theorems

Solution. We have

29 = 2× 11 + 7

11 = 1× 7 + 4

7 = 1× 4 + 3

4 = 1× 3 + 1.

1 = 4− 1× 3

= 4− 1× (7− 1× 4) = 2× 4− 1× 7

= 2× (11− 1× 7)− 1× 7 = 2× 11− 3× 7

= 2× 11− 3× (29− 2× 11) = 8× 11− 3× 29.

Solution. We have

29 = 2× 11 + 7

11 = 1× 7 + 4

7 = 1× 4 + 3

4 = 1× 3 + 1.

1 = 4− 1× 3

= 4− 1× (7− 1× 4) = 2× 4− 1× 7

= 2× (11− 1× 7)− 1× 7 = 2× 11− 3× 7

= 2× 11− 3× (29− 2× 11) = 8× 11− 3× 29.

Solution. We have

29 = 2× 11 + 7

11 = 1× 7 + 4

7 = 1× 4 + 3

4 = 1× 3 + 1.

1 = 4− 1× 3

= 4− 1× (7− 1× 4) = 2× 4− 1× 7

= 2× (11− 1× 7)− 1× 7 = 2× 11− 3× 7

= 2× 11− 3× (29− 2× 11) = 8× 11− 3× 29.

Solution. We have

29 = 2× 11 + 7

11 = 1× 7 + 4

7 = 1× 4 + 3

4 = 1× 3 + 1.

1 = 4− 1× 3

= 4− 1× (7− 1× 4) = 2× 4− 1× 7

= 2× (11− 1× 7)− 1× 7 = 2× 11− 3× 7

= 2× 11− 3× (29− 2× 11) = 8× 11− 3× 29.

Solution. We have

29 = 2× 11 + 7

11 = 1× 7 + 4

7 = 1× 4 + 3

4 = 1× 3 + 1.

1 = 4− 1× 3

= 4− 1× (7− 1× 4) = 2× 4− 1× 7

= 2× (11− 1× 7)− 1× 7 = 2× 11− 3× 7

= 2× 11− 3× (29− 2× 11) = 8× 11− 3× 29.

Solution. We have

29 = 2× 11 + 7

11 = 1× 7 + 4

7 = 1× 4 + 3

4 = 1× 3 + 1.

1 = 4− 1× 3

= 4− 1× (7− 1× 4) = 2× 4− 1× 7

= 2× (11− 1× 7)− 1× 7 = 2× 11− 3× 7

= 2× 11− 3× (29− 2× 11) = 8× 11− 3× 29.

Solution. We have

29 = 2× 11 + 7

11 = 1× 7 + 4

7 = 1× 4 + 3

4 = 1× 3 + 1.

1 = 4− 1× 3

= 4− 1× (7− 1× 4) = 2× 4− 1× 7

= 2× (11− 1× 7)− 1× 7 = 2× 11− 3× 7

= 2× 11− 3× (29− 2× 11) = 8× 11− 3× 29.

Solution. We have

29 = 2× 11 + 7

11 = 1× 7 + 4

7 = 1× 4 + 3

4 = 1× 3 + 1.

1 = 4− 1× 3

= 4− 1× (7− 1× 4) = 2× 4− 1× 7

= 2× (11− 1× 7)− 1× 7 = 2× 11− 3× 7

= 2× 11− 3× (29− 2× 11) = 8× 11− 3× 29.

Solution. We have

29 = 2× 11 + 7

11 = 1× 7 + 4

7 = 1× 4 + 3

4 = 1× 3 + 1.

1 = 4− 1× 3

= 4− 1× (7− 1× 4) = 2× 4− 1× 7

= 2× (11− 1× 7)− 1× 7 = 2× 11− 3× 7

= 2× 11− 3× (29− 2× 11) = 8× 11− 3× 29.

Solution. We have

29 = 2× 11 + 7

11 = 1× 7 + 4

7 = 1× 4 + 3

4 = 1× 3 + 1.

1 = 4− 1× 3

= 4− 1× (7− 1× 4) = 2× 4− 1× 7

= 2× (11− 1× 7)− 1× 7 = 2× 11− 3× 7

= 2× 11− 3× (29− 2× 11) = 8× 11− 3× 29.

Solution. We have

29 = 2× 11 + 7

11 = 1× 7 + 4

7 = 1× 4 + 3

4 = 1× 3 + 1.

1 = 4− 1× 3

= 4− 1× (7− 1× 4) = 2× 4− 1× 7

= 2× (11− 1× 7)− 1× 7 = 2× 11− 3× 7

= 2× 11− 3× (29− 2× 11) = 8× 11− 3× 29.

Solving ax ≡ b mod n

Theorem (20.10)

Let n be a positive integer and let a ∈ Zn be relatively prime ton. Then for each b ∈ Zn, the equation ax = b has a uniquesolution in Zn.

Proof.

Let a−1 be the multiplicative inverse of a in Zn. Then a−1b isthe unique solution of ax = b in Zn.

Solving ax ≡ b mod n

Theorem (20.10)

Let n be a positive integer and let a ∈ Zn be relatively prime ton. Then for each b ∈ Zn, the equation ax = b has a uniquesolution in Zn.

Proof.

Let a−1 be the multiplicative inverse of a in Zn. Then a−1b isthe unique solution of ax = b in Zn.

Theorem (20.12)

Let n be a positive integer and let a, b ∈ Zn. Let d = gcd(a, n).The equation ax = b has a solution in Zn if and only if d dividesb. When d divides b, the equation has exactly d solutions in Zn.

Proof.• d - b. For all integers c, all elements in the residue class

ac + nZ = {ac + kn : k ∈ Z} are all multiples ofd = gcd(a, n). They cannot be congruent to b modulo n ifb is not a multiple of d .

Theorem (20.12)

• d |b.

• Observe that n|(ax − b) ⇐⇒( n

) ∣∣∣ [( ad

)x − b

], that is, x

is a solution of ax ≡ b mod n if and only if x is a solution of(a/d)x ≡ (b/d) mod (n/d).

• Now a/d and n/d are relatively prime. Thus, by Theorem20.10, there is a unique residue class s modulo n/d thatsatisfies (a/d)s ≡ b/d mod n/d .

• Among all the residue classes modulo n, the residueclasses represented by

s, s + n/d , · · · , s + (d − 1)n/d

are precisely the solutions of ax = b mod n.

• d |b.

) ∣∣∣ [( ad

)x − b

], that is, x

s, s + n/d , · · · , s + (d − 1)n/d

• d |b.

) ∣∣∣ [( ad

)x − b

], that is, x

s, s + n/d , · · · , s + (d − 1)n/d

• d |b.

) ∣∣∣ [( ad

)x − b

], that is, x

s, s + n/d , · · · , s + (d − 1)n/d

Examples

Example 1. Solve 12x ≡ 27 mod 18 in integers.

Solution. The gcd of 12 and 18 is 6, which does not divide 27.Thus the equation has no solutions in integer.

Examples

Example 1. Solve 12x ≡ 27 mod 18 in integers.

Solution. The gcd of 12 and 18 is 6, which does not divide 27.Thus the equation has no solutions in integer.

Examples

Example 2. Find all solutions of 15x ≡ 27 mod 18 in integers.

Solution.• An integer a satisfies 15a ≡ 27 mod 18 if and only if it

satisfies 5a ≡ 9 mod 6.

• The multiplicative inverse of 5 modulo 6 is 5. Thus if5a ≡ 9 mod 6, then a ≡ 5× 9 ≡ 3 mod 6.

• The solutions are 3 + 6k for k ∈ Z.

• Note that the integers 3 + 6k fall in three residue classes3 + 18Z, 9 + 18Z, and 15 + 18Z modulo 18.

Examples

Example 3. Find all solutions of 123x ≡ 78 mod 1671.

Solution.• The gcd of 123 and 1671 is 3, and an integer a is a

solution of 123x ≡ 78 mod 1671 if and only if it is asolution of 41x ≡ 26 mod 557.

• Using the Euclidean algorithm, we find the inverse of 41modulo 557 is 394.

• Thus, The solution set of 41x ≡ 26 mod 557 is{26× 394 + 557k : k ∈ Z} = {218 + 557k : k ∈ Z}.

Examples

In-class exercises

1 Find the multiplicative inverse of 37 modulo 53.2 Find the multiplicative inverse of 35 modulo 59.3 Solve 24x ≡ 63 mod 67 in integers.4 Solve 27x ≡ 69 mod 165 in integers.

RSA algorithm.• Invented by Clifford Cocks in 1973. Also by Rivest, Shamir,

and Adleman independently in 1977.

• Is a public-key cryptosystem (meaning that the encryptionkey is open to public).

• Still widely used in electronic commerce.

• Uses the properties that it is easy to determine whether alarge integer is a prime, but it is very difficult to factorize alarge composite number.

RSA algorithm

Key selection.• Choose two large primes p and q, and let n = pq. This n

will be made public.

• Pick a positive integer e < φ(n) such that gcd(e, φ(n)) = 1.This e will be released as the public key.

• Compute d that satisfies de ≡ 1 mod φ(n) (i.e.,de = 1 + kφ(n) for some k ). This d is the private key.

RSA algorithm

Encryption phase.• Alice sends (n, e) to Bob and keeps the private key d in a

safe place.

• Suppose that m is the message that Bob wishes to encryptand send to Alice. He computes c ≡ me mod n and sendc.

Decryption phase.• To decipher the code c, Alice computes cd modulo n.

• Now by Euler’s Theorem, we have

cd ≡ mde = m1+kφ(n) ≡ m mod n.

Thus, Alice does recover the message m.

RSA algorithm

safe place.

RSA algorithm

safe place.

RSA algorithm

safe place.

Example

• Choose p = 13, q = 19, and n = 247. We haveφ(n) = 12× 18 = 216.

• Choose e = 23. We find d = 47 satisfies23× 47 = 1081 ≡ 1 mod φ(n).

• Let m = 90 be the message. We find c ≡ 9023 ≡ 181mod 247.

• Nowcd = 18147 ≡ 90 mod 247,

which is indeed the original message.

Example

• Nowcd = 18147 ≡ 90 mod 247,

Example

• Nowcd = 18147 ≡ 90 mod 247,

Example

• Nowcd = 18147 ≡ 90 mod 247,

Computational aspects of RSA

• To find a large prime number, we can use Fermat’stheorem to test whether an integer n is a prime number.Namely, if there exists an integer a such that an−1 6≡ 1mod n, then by Fermat’s theorem, n cannot be a prime. Onthe other hand, if we randomly choose hundreds ofintegers a and an−1 are all congruent to 1 modulo n, thenthere is a great chance that n is a prime number.

• There are composite numbers n satisfying an−1 ≡ 1mod n for all a with gcd(a, n) = 1. The Fermat primalitytest fails for these integers. These integers are called theCarmichael numbers. Examples of such integers are 561,1729, and so on.

• To determine the integer d such that de ≡ 1 mod φ(n), weuse the Euclidean algorithm. (See earlier slides.)

• To compute me (or cd ) modulo n. We use the successivesquaring method. That is, we compute m20

, m22, m22

, m23,

. . . modulo n first. Write e = a020 + a121 + · · ·+ ak2k ,where ai = 0 or 1. Then

me = ma020+···+ak 2k= (m20

)a0(m21)a1 . . . (m2k

, m22, m22

, m23,

me = ma020+···+ak 2k= (m20

)a0(m21)a1 . . . (m2k

, m22, m22

, m23,

me = ma020+···+ak 2k= (m20

)a0(m21)a1 . . . (m2k

, m22, m22

, m23,

me = ma020+···+ak 2k= (m20

)a0(m21)a1 . . . (m2k

, m22, m22

, m23,

me = ma020+···+ak 2k= (m20

)a0(m21)a1 . . . (m2k

Homowork

Problems 4, 6, 12, 14, 27, 28, 29 of Section 20.

Section 20 – Fermat’s and Euler’s theorems

Documents

Transcript of Section 20 – Fermat’s and Euler’s theorems