Data Security

Extended Euclidean Algorithm

a = 42 and b = 30gcd(42, 30) = 6

Table for 42x + 30y :

Data Security

Proof 1

• The proof that follows may be adapted for any Euclidean domain.

• For given nonzero integers a and b there is a nonzero integer d = as + bt of minimal absolute value among all those of the form ax + by with x and y integers; one can assume d > 0 by changing the signs of both s and t if necessary.

• Now the remainder of dividing either a or b by d is also of the form ax + by since it is obtained by subtracting a multiple of d= as + bt from a or b, and on the other hand it has to be strictly smaller in absolute value than d. This leaves 0 as only possibility for such a remainder, so d divides a and b exactly.

• If c is another common divisor of a and b, then c also divides as + bt = d. Since c divides d but is not equal to it, it must be less than d. This means that d is the greatest common divisor of a and b;

• this completes the proof

Data Security

Proof 2

Data Security

Extended Euclidean Algorithm

Data Security

Extended Euclidean Algorithm

Data Security

Extended Euclidean Algorithm Example

• a = 1759 and b = 550• 1759x + 550y = gcd(1759, 550)• 1759x(-111) + 550x355 = -195249 + 195250 = 1

i ri qi xi Yi

–1 1759 1 0 0 550 0 1 1 109 3 1 –3

2 5 5 –5 16 3 4 21 106 –339 4 1 1 –111 355

5 0 4

Result: d = 1; x = –111; y = 355

Data Security

Extended Euclidean Algorithm for Multiplicative Inverse

Data Security

q Divisibility and The Division Algorithmq The Euclidean Algorithm

q Modular Arithmetic

q Prime Numbers

q Fermat’s and Euler’s Theorems

q Testing for Primality

q The Chinese Remainder Theorem

q Discrete Logarithms

Outline

Data Security

Prime Numbers

• Prime numbers only have divisors of 1 and self – they cannot be written as a product of other numbers – note: 1 is prime, but is generally not of interest

• eg. 2,3,5,7 are prime, 4,6,8,9,10 are not• Prime numbers are central to number theory• List of prime number less than 200 is:

2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 101 103 107 109 113 127 131 137 139 149 151 157 163 167 173 179 181 191 193 197 199

• Any integer a > 1 can be factored in a unique way asa = p1 a1 * p2 a2 * . . . * pt at

where p1 < p2 < . . . < pt are prime numbers and where each ai is a positive integer

• This is known as the fundamental theorem of arithmetic

Data Security

Primes Under 2000

Data Security

Prime Factorization

• To factor a number n is to write it as a product of other numbers: n=a × b × c

• Note that factoring a number is relatively hard compared to multiplying the factors together to generate the number

• The prime factorization of a number n is when its written as a product of primes – eg.

Data Security

Representation of Numbers

• Each positive integer can be specified as

Data Security

Multiplication

Data Security

Divisibility

Data Security

GCD

Data Security

Relatively Prime Numbers & GCD

• Two numbers a, b are relatively prime if have no common divisors apart from 1 – eg. 8 & 15 are relatively prime since factors of 8 are 1,2,4,8

and of 15 are 1,3,5,15 and 1 is the only common factor • Conversely can determine the greatest common

divisor by comparing their prime factorizations and using least powers– eg. 150=21×31×52 18=21×32 hence

GCD(18,150)=21×31×50=6

Data Security

Relative Primes

• Two numbers a and n are relative primes if – gcd(a,n)=1

• Consider all integers 0<a <n– How many are relative prime to n?– Equivalently, how many a such that !!" "#$%&%'()*+*

! "#$%&'((#, -!./012131451&627%8%!99%)&+':';*%0<= a < n, -!"./!<%0<= a < n, gcd(a,n)=1}

• All integers in )! that are co-prime with n• Also called reduced residue set mod n

Data Security

Modular Arithmetic for modulo 8

Multiplication modulo 8

Data Security

Modular Arithmetic for modulo 8

Additive and multiplicative inverse modulo 8

w has multiplicative inverse iff w is relative prime to n

Data Security

q Divisibility and The Division Algorithmq The Euclidean Algorithm

q Modular Arithmetic

q Prime Numbers

q Fermat’s and Euler’s Theorems

q Testing for Primality

q The Chinese Remainder Theorem

q Discrete Logarithms

Outline

Data Security

Efficient computing of exponential

• Compute ab mod n efficiently when b, n large?– Example: compute a1024 mod 21024 +1– Simple approach: repetitively time a 1024 times?– Efficient computation:

• Write number b in binary format as xkxk-1xk-2….x2x1x0• Let t1=a mod n. Then compute ti+1= ti * ti mod n for i<k• Then

[ ]a n a n

a n

t n

b x x x x x x

x

i k

ix

i k

k k k

ii

i

mod mod

[ ] mod

mod

....

( )

=

=

=

- -

£ £

£ £

Õ

Õ

1 2 2 1 0

2

0

0

Data Security

Detour: Modular Exponentiation

• ab mod n has b multiplications, each reduced mod n• so # multiplications is O(2|b|), where |b| is the

length of b in bits– pretty bad

• can do better by repeated squaring

Data Security

Modular Exponentiation

To compute ab mod n:d := 1let bk bk-1 … b0 be the binary form of bfor i := k downto 0

d := d2 mod nif bi = 1 then d := da mod n

return d

Example: 37 mod 4