5 Number Theory

Chapter 5
Number Theory

5.1 Divisibility and Primes
5.2 Modular Arithmetic
5.3 Fermat’s and Euler’s Theorems
5.4 Discrete Logarithms
5.5 Computationally Hard Problems

File: crypto/number.tex, r1963

This chapter introduces basic concepts of number theory. These concepts are useful when studying several aspects of cryptography, especially public key cryptosystems.

Presentation slides that accompany this chapter can be downloaded in the following formats: slides only (PDF); slides with notes (PDF, ODP, PPTX).

5.1 Divisibility and Primes

Definition 5.1 (Divides). $b$ divides $a$ if $a = m b$ for some $m$ , where $a$ , $b$ and $m$ are integers. We can also say $b$ is a divisor of $a$ , or $b | a$ .

Example 5.1 (Divides). 3 divides 12, since $12 = 4 \times 3$ . Also, 3 is a divisor of 12, or $3 | 12$ .

Definition 5.2 (Greatest Common Divisor). $\gcd (a, b)$ returns the greatest common divisor of integers $a$ and $b$ . There are efficient algorithms for finding the gcd, i.e. Euclidean algorithm.

Example 5.2 (Greatest Common Divisor). $\gcd (12, 20) = 4$ , since the divisors of 12 are (1, 2, 3, 4, 6, 12) and the divisors of 20 are (1, 2, 4, 5, 10, 20).

Definition 5.3 (Relatively Prime). Two integers, $a$ and $b$ , are relatively prime if $\gcd (a, b) = 1$ .

Example 5.3 (Relatively Prime). $\gcd (7, 12) = 1$ , since the divisors of 7 are (1, 7) and the divisors of 12 are (1, 2, 3, 4, 6, 12). Therefore 7 and 12 are relatively prime to each other.

Exercise 5.1 (Relatively Prime). How many positive integers less than 10 are relatively prime with 10?

Solution 5.1 (Relatively Prime). There are 9 positive integers less than 10, i.e. $1, 2, 3, \dots, 9$ . For an integer $a$ to be relatively prime to 10, then $\gcd (a, 10) = 1$ . The divisors of 10 are 1, 2, 5 and 10. As the even integers have a divisor of 2, then they cannot be relatively prime with 10. That leaves 1, 3, 5, 7 and 9. $\gcd (5, 10) = 5$ and therefore 5 is not relatively prime with 10. The integers 1, 3, 7 and 9 cannot be divided by 3, 5 or 10, and therefore all have a greatest common divisor with 10 of 1. Hence 1, 3, 7 and 9 are less than 10 and relatively prime with 10. The answer is 4.

Video: Divisibility, Greatest Common Divisor and Relatively Prime (10 min; Apr 2021)

Definition 5.4 (Prime Number). An integer $p > 1$ is a prime number if and only if its only divisors are $+ 1$ , $- 1$ , $+ p$ and $- p$ .

Example 5.4 (Prime Number). The divisors of 13 are (1, 13), that is, 1 and itself. Therefore 13 is a prime number. The divisors of 15 are (1, 3, 5, 15). Since the divisors include numbers other than 1 and itself, 15 is not prime.

Credit: Wikipedia, https://en.wikipedia.org/wiki/List_of_prime_numbers, CC BY-SA 3.0

Figure 5.1: First 300 Prime Numbers

Definition 5.5 (Prime Factors). Any integer $a > 1$ can be factored as:

a = p_{1}^{a_{1}} \times p_{2}^{a_{2}} \times \dots \times p_{t}^{a_{t}}

where $p_{1} < p_{2} < \dots < p_{t}$ are prime numbers and where each $a_{i}$ is a positive integer

Example 5.5 (Prime Factors). The following are examples of integers expressed as prime factors:

\begin{array}{rcl} 13 = 1 3^{1} \\ 15 = 3^{1} \times 5^{1} \\ 24 = 2^{3} \times 3^{1} \\ 50 = 2^{1} \times 5^{2} \\ 560 = 2^{4} \times 5^{1} \times 7^{1} \\ 2800 = 2^{4} \times 5^{2} \times 7^{1} \end{array}

Exercise 5.2 (Integers as Prime Factors). Find the prime factors of 12870, 12936 and 30607.

Solution 5.2 (Integers as Prime Factors). A naive approach (which works for these small examples) is to check if the number is divisible by primes, in increasing order. For example, is 12870 divisible by 2? Yes, then 2 is a prime factor. Is the result, 6435 divisible by 2? No, then is 6435 divisible by 3? Yes, and so on.

A “cheat” is to use software to find the factors. In Linux command line there is a command called factor.

The answers are:

\begin{array}{rcl} 12870 = 2^{1} \times 3^{2} \times 5^{1} \times 1 1^{1} \times 1 3^{1} \\ 12936 = 2^{3} \times 3^{1} \times 7^{2} \times 1 1^{1} \\ 30607 = 12 7^{1} \times 24 1^{1} \end{array}

Definition 5.6 (Prime Factorization Problem). There are no known efficient, non-quantum algorithms that can find the prime factors of a sufficiently large number.

Example 5.6 (Prime Factorization Problem). RSA Challenge involved researchers attempting to factor large numbers. Largest number measured in number of bits or decimal digits. Some records held over time are:

1991: 330 bits or 100 digits

2005: 640 bits or 193 digits

2009: 768 bits or 232 digits

Equivalent of 2000 years on single core 2.2 GHz computer to factor 768 bit

Current algorithms such as RSA rely on numbers of 1024, 2048 and even 4096 bits in length

Video: Prime Numbers and Prime Factorization (11 min; Apr 2021)

Definition 5.7 (Euler’s Totient Function). Euler’s totient function, $ϕ (n)$ , is the number of positive integers less than $n$ and relatively prime to $n$ . Also written as $φ (n)$ or $Tot (n)$ .

Definition 5.8 (Properties of Euler’s Totient). Several useful properties of Euler’s totient are:

ϕ (1) = 1

For prime p, ϕ (p) = p - 1

For primes p and q, ϕ (p x \times q) = ϕ (p) \times ϕ (q) = (p - 1) \times (q - 1)

Example 5.7 (Euler’s Totient Function). The integers relatively prime to 10, and less than 10, are: 1, 3, 7, 9. There are 4 such numbers. Therefore $ϕ (10) = 4$ .

The integers relatively prime to 11, and less than 11, are: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10. There are 10 such numbers. Therefore $ϕ (11) = 10$ . The property could also be used since 11 is prime.

Since 7 is prime, $ϕ (7) = 6$ .

Since $77 = 7 \times 11$ , then $ϕ (77) = ϕ (7 \times 11) = 6 \times 10 = 60$ .

Video: Euler’s Totient Function (8 min; Apr 2021)

5.2 Modular Arithmetic

Definition 5.9 (Modular arithmetic simple). Modular arithmetic is similar to normal arithmetic (addition, subtraction, multiplication, division) but the answers “wrap around”.

Definition 5.10 (mod operator). If $a$ is an integer and $n$ is a positive integer, then $a mod n$ is defined as the remainder when $a$ is divided by $n$ . $n$ is called the modulus.

Example 5.8 (mod operator). The following are several examples of $mod$ :

3 mod 7 = 3, since 0 \times 7 + 3 = 3

9 mod 7 = 2, since 1 \times 7 + 2 = 9

10 mod 7 = 3, since 1 \times 7 + 3 = 10

(- 3) mod 7 = 4, since (- 1) \times 7 + 4 = - 3

Definition 5.11 (Congruent modulo). Two integers $a$ and $b$ are congruent modulo $n$ if $(a mod n) = (b mod n)$ . The congruence relation is written as:

$a \equiv b (m o d n)$

When the modulus is known from the context, it may be written simply as a $\equiv b$ .

Example 5.9 (Congruent modulo). The following are examples of congruence:

3 \equiv 10 (m o d 7)

14 \equiv 4 (m o d 10)

3 \equiv 11 (m o d 8)

Definition 5.12 (Modular arithmetic). Modular arithmetic with modulus $n$ performs arithmetic operations within the confines of set $Z_{n} = {0, 1, 2, \dots, (n - 1)}$ .

Example 5.10 (mod in $Z_{7}$ ). Consider the set:

Z_{7} = {0, 1, 2, 3, 4, 5, 6}

All modular arithmetic operations in mod 7 return answers in $Z_{7}$ .

If $a$ is an integer and $n$ is a positive integer, we define $a mod n$ to be the remainder when $a$ is divided by $n$
$n$ is called the modulus
Two integers $a$ and $b$ are congruent modulo $n$ if $(a mod n) = (b mod n)$ , which is written as $a \equiv b (m o d n)$
$(m o d n)$ operator maps all integers into the set of integers $Z_{n} = {0, 1, \dots, (n - 1)}$
Modular arithmetic performs arithmetic operations within confines of set $Z_{n}$

Definition 5.13 (Modular Addition). Addition in mod $n$ is performed as normal addition, with the answer then mod by $n$ .

Example 5.11 (Modular Addition). The following are several examples of modular addition:

2 + 3 (m o d 7) = 5 (m o d 7) = 5 mod 7 = 5 (m o d 7)

2 + 6 (m o d 7) = 8 (m o d 7) = 8 mod 7 = 1 (m o d 7)

6 + 6 (m o d 7) = 12 (m o d 7) = 12 mod 7 = 5 (m o d 7)

3 + 4 (m o d 7) = 7 (m o d 7) = 7 mod 7 = 0 (m o d 7)

Definition 5.14 (Additive Inverse). $a$ is the additive inverse of $b$ in mod $n$ , if $a + b \equiv 0 (m o d n)$ .

For brevity, AI( $a$ ) may be used to indicate the additive inverse of $a$ . One property is that all integers have an additive inverse.

Example 5.12 (Additive Inverse). In mod 7:

A I (3) = 4, since 3 + 4 \equiv 0 (m o d 7)

A I (6) = 1, since 6 + 1 \equiv 0 (m o d 7)

In mod 12:

A I (3) = 9, since 3 + 9 \equiv 0 (m o d 12)

Definition 5.15 (Modular Subtraction). Subtraction in mod $n$ is performed by addition of the additive inverse of the subtracted operand. This is effectively the same as normal subtraction, with the answer then mod by $n$ .

Example 5.13 (Modular Subtraction). For brevity, the modulus is sometimes omitted and $=$ is used in replace of $\equiv$ . In mod 7:

6 - 3 = 6 + AI (3) = 6 + 4 = 10 = 3 (m o d 7)

6 - 1 = 6 + AI (1) = 6 + 6 = 12 = 5 (m o d 7)

1 - 3 = 1 + AI (3) = 1 + 4 = 5 (m o d 7)

While the first two examples obviously give answers as we expect from normal subtraction, the third does as well. $1 - 3 = - 2$ , and in mod 7, $- 2 \equiv 5$ since $- 1 \times 7 + 5 = (- 2)$ . Recall $Z_{7} = {0, 1, 2, 3, 4, 5, 6}$ .

Video: Modular Addition, Additive Inverse and Modular Subtraction (13 min; Apr 2021)

Definition 5.16 (Modular Multiplication). Modular multiplication is performed as normal multiplication, with the answer then mod by $n$ .

Example 5.14 (Modular Multiplication). In mod 7:

2 \times 3 = 6 (m o d 7)

2 \times 6 = 12 = 5 (m o d 7)

3 \times 4 = 12 = 5 (m o d 7)

Definition 5.17 (Multiplicative Inverse). $a$ is a multiplicative inverse of $b$ in mod $n$ if $a \times b \equiv 1 (m o d n)$ . For brevity, MI( $a$ ) may be used to indicate the multiplicative inverse of $a$ . $a$ has a multiplicative inverse in (mod $n$ ) if $a$ is relatively prime to $n$ .

Example 5.15 (Multiplicative Inverse in mod 7). 2 and 7 are relatively prime, therefore 2 has a multiplicative inverse in mod 7.

2 \times 4 (m o d 7) = 1, therefore M I (2) = 4 and M I (4) = 2

3 and 7 are relatively prime, therefore 3 has a multiplicative inverse in mod 7.

3 \times 5 (m o d 7) = 1, therefore M I (3) = 5 and M I (5) = 3

$ϕ (7) = 6$ , meaning 1, 2, 3, 4, 5 and 6 are relatively prime with 7, and therefore all of those numbers have a MI in mod 7.

Example 5.16 (Multiplicative Inverse in mod 8). 3 and 8 are relatively prime, therefore 3 has a multiplicative inverse in mod 8.

3 \times 3 (m o d 8) = 1, therefore M I (3) = 3

4 and 8 are NOT relatively prime, therefore 4 does not have a multiplicative inverse in mod 8. $ϕ (8) = 4$ , and therefore only 4 numbers (1, 3, 5, 7) have a MI in mod 8.

Definition 5.18 (Modular Division). Division in mod $n$ is performed as modular multiplication of the multiplicative inverse of 2nd operand. Modular division is only possible when the 2nd operand has a multiplicative inverse, otherwise the operation is undefined.

Example 5.17 (Modular Division). In mod 7:

5 \div 2 = 5 \times M I (2) = 5 \times 4 = 20 \equiv 6

In mod 8:

7 \div 3 = 7 \times M I (3) = 7 \times 3 = 21 \equiv 5

$7 \div 4$ is undefined, since 4 does not have a multiplicative inverse in mod 8.

Definition 5.19 (Properties of Modular Arithmetic).

(a mod n) mod n = a mod n

[(a mod n) + (b mod n)] mod n = (a + b) mod n

[(a mod n) - (b mod n)] mod n = (a - b) mod n

[(a mod n) \times (b mod n)] mod n = (a \times b) mod n

Commutative, associative and distributive laws similar to normal arithmetic also hold.

Video: Modular Multiplication, Multiplicative Inverse (6 min; Apr 2021)

5.3 Fermat’s and Euler’s Theorems

Definition 5.20 (Fermat’s Theorem 1). If $p$ is prime and $a$ is a positive integer not divisible by $p$ , then:

a^{p - 1} \equiv 1 (m o d p)

Definition 5.21 (Fermat’s Theorem 2). If $p$ is prime and $a$ is a positive integer, then:

a^{p} \equiv a (m o d p)

There are two forms of Fermat’s theorem—use whichever form is most convenient.

Example 5.18 (Fermat’s theorem). What is $2 7^{42}$ mod 43? Since 43 is prime and $42 = 43 - 1$ , this matches Fermat’s Theorem form 1. Therefore the answer is 1.

Example 5.19 (Fermat’s theorem). What is $64 0^{163} mod 163$ ? Since 163 is prime, this matches Fermat’s Theorem form 2. Therefore the answer is 640, or simplified to $640 mod 163 = 151$ .

Definition 5.22 (Euler’s Theorem 1). For every $a$ and $n$ that are relatively prime:

a^{ϕ (n)} \equiv 1 (m o d n)

Definition 5.23 (Euler’s Theorem 2). For positive integers $a$ and $n$ :

a^{ϕ (n) + 1} \equiv a (m o d n)

Note that there are two forms of Euler’s theorem—use the most relevant form.

Example 5.20 (Euler’s theorem). Show that $3 7^{40} mod 41 = 1$ . Since $n$ = 41, which is prime, then $ϕ (41) = 40$ . As 37 is also prime, 37 and 41 are relatively prime. Therefore Euler’s Theorem form 1 holds.

Example 5.21 (Euler’s theorem). What is $1379 4^{4621} mod 4757$ ? Factoring 4757 into primes gives $67 \times 71$ . Therefore $ϕ (4757) = ϕ (67) x \times ϕ (71) = 66 \times 70 = 4620$ . Therefore, this follows Euler’s Theorem form 2, giving an answer of 13794.

Video: Fermat’s and Euler’s Theorems (16 min; Apr 2021)

5.4 Discrete Logarithms

Definition 5.24 (Modular Exponentiation). As exponentiation is just repeated multiplication, modular exponentiation is performed as normal exponentiation with the answer mod by $n$ .

Example 5.22 (Modular Exponentiation).

2^{3} mod 7 = 8 mod 7 = 1

3^{4} mod 7 = 81 mod 7 = 4

3^{6} mod 8 = 729 mod 8 = 1

Video: Modular Exponentiation (1 min; Apr 2021)

Definition 5.25 (Normal Logarithm). If $b = a^{i}$ , then:

i = \log_{a} (b)

read as “the log in base $a$ of $b$ is index (or exponent) i”.

The above definition is for normal arithmetic, not for modular arithmetic. Logarithm in normal arithmetic is the inverse operation of exponentiation. In modular arithmetic, modular logarithm is more commonly called discrete logarithm. Note we replace $n$ with $p$ —the reason will become apparent shortly.

Definition 5.26 (Discrete Logarithm). If $b = a^{i} (m o d p)$ , then:

i = {dlog}_{a, p} (b)

A unique exponent $i$ can be found if $a$ is a primitive root of the prime $p$ .

Video: Normal and Discrete Logarithms (3 min; Apr 2021)

Definition 5.27 (Primitive Root). If $a$ is a primitive root of prime $p$ then $a_{1}, a_{2}, a_{3}, \dots a_{p - 1}$ are distinct in mod $p$ .

The integers with a primitive root are: 2, 4, $p^{α}$ , $2 p^{α}$ where $p$ is any odd prime and $α$ is a positive integer.

Example 5.23 (Primitive Root). Consider the prime $p = 7$ :

$a = 1 : 1^{2} mod 7 = 1, 1^{3} mod 7 = 1, . . . (not distinct)$

$a = 2 : 2^{2} mod 7 = 4, 2^{3} mod 7 = 1, 2^{4} mod 7 = 2, 2^{5} mod 7 = 4, . . . (not distinct)$

$a = 3 : 3^{2} mod 7 = 2, 3^{3} mod 7 = 6, 3^{4} mod 7 = 4, 3^{5} mod 7 = 5, 3^{6} mod 7 = 1 (distinct)$

Therefore 3 is a primitive root of 7 (but 1 and 2 are not).

Figure 5.2: Powers of Integers, modulo 7

From the above table we see 3 and 5 are primitive roots of 7.

Figure 5.3: Discrete Logs, modulo 7

Discrete logarithms to the base 3, modulo 7 are distinct since 3 is a primitive root of 7. Discrete logarithms to the base 5, modulo 7 are distinct since 5 is a primitive root of 7.

Figure 5.4: Powers of Integers, modulo 17

We see that 3, 5, 6, 7, 10, 11, 12 and 14 are primitive roots of 17.

Figure 5.5: Discrete Logarithms, modulo 17

The discrete logarithm in modulo 17 can be calculated for the 8 primitive roots.

5.5 Computationally Hard Problems

There are several problems in number theory that are considered computationally hard. That means, when sufficiently large numbers are used, solving the problems are practically impossible. These computationally hard problems are used to provide security in cryptographic mechanisms, especially in public key cryptography. Three important problems considered impossible to solve with conventional computers follow.

Definition 5.28 (Hard Problem: Integer Factorisation). If $p$ and $q$ are unknown primes, given $n = p q$ , find $p$ and $q$ .

Also known as prime factorisation. While someone that knows $p$ and $q$ can easily calculate $n$ , if an attacker knows only $n$ they cannot find $p$ and $q$ .

Definition 5.29 (Hard Problem: Euler’s Totient). Given composite $n$ , find $ϕ (n)$ .

While it is easy to calculate Euler’s totient of a prime, or of the multiplication of two primes if those primes are known, an attacker cannot calculate Euler’s totient of sufficiently large non-prime number. Solving Euler’s totient of $n$ , where $n = p q$ , is considered to be harder than integer factorisation.

Definition 5.30 (Hard Problem: Discrete Logarithms). Given $b$ , $a$ , and $p$ , find $i$ such that $i = {dlog}_{a, p} (b)$ .

While modular exponentiation is relatively easy, such as calculating $b = a^{i} mod p$ , the inverse operation of discrete logarithms is computationally hard. The complexity is considered comparable to that of integer factorisation.
When studying RSA and Diffie-Hellman, you will see how these hard problems in number theory are used to secure ciphers.

Video: Computationally Hard Problems for Cryptography (4 min; Apr 2021)

[prev] [prev-tail] [front] [up]

Chapter 5Number Theory