Aritmética Computacional Invierno 2005 Francisco Rodríguez Henríquez Aritmética Computacional...
Transcript of Aritmética Computacional Invierno 2005 Francisco Rodríguez Henríquez Aritmética Computacional...
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Aritmética Computacional
Francisco Rodríguez HenríquezCINVESTAV
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Anuncios Importantes
• 1 examen 30 puntos
• Proyecto: propuesta, avance y Presentación 70 puntos
• Quizzes [1punto cada uno]
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Teoría elemental de números:definiciones y teoremas
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Definiciones
El conjunto de enteros {…, -3, -2, -1, 0, 1, 2, 3, …} se
dentoa por el símbolo Z.
Sean a, b dos enteros positivos. Entonces se dice que a
divide a b si existe un entero c tal que b = ac. El
hecho que a divida a b se denota como a|b.
Ejemplos: -3|18, puesto que 18 = (-3)(-6); cualquier
entero a divide a 0, a|0, puesto que 0 = (a)(0).
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Definiciones: enteros
Las siguientes son algunas propiedades elementales de la divisibilidad:
Resultado: (propiedades de la divisibilidad) Para todo a, b, c, Z, se cumple lo siguiente:
i. a|a
ii. Si a|b y b|c, entonces a|c
iii. Si a|b y a|c, entonces a|(bx+cy) para todo x, y Z.
iv. Si a|b y b|a, entonces a = ±b
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Definiciones: división enteraDefinición (algoritmo de división entera) Si a y b son
enteros con b≥1, entonces la división entera de a por b define los enteros q (el cociente) y r (el residuo) tal que
a = qb+r, donde 0 ≤ r <bDonde q y r son únicos. El residuo de una divisón se
denota como a mod b, mientras que el cociente se denota como a div b.
Definición Un entero c es un divisor común de a y b si c|a y c|b.
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Definiciones: MCDDefinición Se dice que un entero no negativo d es el máximo
común divisor de los enteros a y b, i.e. d = MCD(a, b), Si:i. d es un divisor común de a y b; yii. Si existe un número c tal que c|a and c|b, entonces c|d.De manera equivalente, MCD(a, b) es el entero positivo más
grande que divide tanto a a como a b, con la excepción de MCD(0,0) = 0.
Definición Se dice que dos enteros a y b son primos relativos o co-primos si MCD(a, b)=1
Definición Se dice que un entero p≥2 es primo si y sólo si sus únicos divisores positivos son 1 y p. De otra manera, se dice que p es un número compuesto.
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Definiciones: mcm
Definición Un entero no negativo d es el mínimo común múltiplo a y b, i.e. d = mcm(a, b), si
i. a|d y b|d; yii. Para todo a|c y b|c, se cumple que d|c.De manera equivalente, mcm(a, b) es el entero positivo
más pequeño que es divisible tanto por a como por b.
Resultado Si a y b son enteros positivos, entonces mcm(a, b)=a*b/GCD(a, b).
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Definitions: Prime NumbersDefinition An integer p≥2 is said to be prime if its only
positive divisor are 1 and p. Otherwise, p is called composite.
Fact If p is prime and p|ab, then either p|a or p|b or both. (is it true if p is composite?).
Fact There are an infinite number of prime numbers (how can we prove it?)
Fact (prime number theorem) Let (x) denote the number of prime numbers ≤ x. Then
1
ln/lim
xxx
x
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Definitions: Prime Numbers
Fact (upper and lower bounds for (x)). Let (x) denote the number of prime numbers ≤ x. Then for x≥17
and for x > 1,
x
xx
ln
x
xx
ln25506.1
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Fundamental Theorem of Arithmetic
• Every integer n ≥ 2 has a factorization as a product of prime powers:
• Where the pi are distinct primes, and the ei are positive integers. Furthermore, the factorization is unique up to the rearrangement of factors.
,2121
kek
ee pppn
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Fundamental Theorem of Arithmetic
• Proof: existence [sketch] Suppose there exist positive integers that are not product of primes. Let n be the smallest such integer. Then n cannot be 1 or a prime, so n must be composite. Therefore n = ab with 1 < a, b < n. Since n is the smallest positive integer that is not a product of primes, both a and b are product of primes. But a product of primes times a product of primes is a product of primes, so n = ab is a product of primes. Therefore, every positive integer is a product of primes.
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Fundamental Theorem of Arithmetic
• Proof: uniqueness [sketch] If p is a prime and p divides a product of integers ab, then either p|a or p|b (or both!),
Suppose that an integer n can be written as a product of primes in two different ways:
• If a prime occurs in both factorizations divide both sides by it to obtain a shorter relation. Now take a prime that occurs on the left side, say p1. Since p1 divides n then it must divide one of the factors of the right side, say qj. But since p1 is prime, we are forced to write p1= qj, which is a contradiction with the original hyphotesis.
,21212121
ts at
aaas
aa qqqpppn
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Prime Numbers: How many?
Fact There are an infinite number of prime numbers (how can we prove it?)
Euclid did it! But how?Should we have a quizz????Hint: Follow the same line of reasoning used for FTA…
Any idea???
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Fundamental Theorem of Arithmetic
• Fact If
where each ei ≥ 0 and fi ≥ 0, then
, , 21212121
kk fk
ffek
ee pppbpppa
ki
i
fei
fek
fefe
ki
i
fei
fek
fefe
iikk
iikk
ppppbalcm
ppppba
1
,max,max,max2
,max1
1
,min,min,min2
,min1
2211
2211
,
and
,gcd
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Fundamental Theorem of Arithmetic
Example: Let a = 4864 = 2819,
b = 3458 = 2 7 13 19.
Then gcd(4864, 3458) = 2 19 = 38 and,
lcm(4864, 3458)= 287 13 19 = 442624
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Definitions: Euler phi Function
Definition For n ≥ 1, let (n) denote the number on
integers in the interval [1, n], which are relatively
prime to n. The function is called the Euler phi
function (or the Euler totient function).
Fact (properties of Euler phi function)
i. If p is a prime, then (p) = p-1.
ii. The Euler phi function is multiplicative. That is, if
gcd(m, n) = 1, then (mn) = (m)(n).
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Definitions: Euler phi Function
iii. If is the prime factorization of n, then
iv. For all integers n ≥ 5,
,2121
kek
ee pppn
kpppnn
11
11
11
21
n
nn
lnln6
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Máximo común divisor• El máximo común divisor (a,b) de a y b es el entero más grande que divide
exactamente a ambos números. Se usa el algoritmo de Euclides para hallar el máximo común divisoe (mcd) de dos números a y n, a<n
Observación: Si a y b tienen un divisor d también lo tienen a-b, a-2b.
mcd (a,n) puede ser hallado como:
Sea g0=n; g1=a;
gi+1 = gi-1 mod gi
Cuando gi=0 then (a,n) = gi-1
Ejemplo: hallar (56,98)
g0 = 98; g1=56;
g2 = 98 mod 56 = 42;
g3 = 56 mod 42 = 14;
g4 = 42 mod 14 = 0;
Entonces (56,98)=14.
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
m , n gcd(m,n)
Fact If a and b are positive integers with a>b, thengcd(a,b)=gcd(b, a mod b);
gcd(m, n)x = m, y = nwhile(y > 0)
r = x mod yx = yy = r
return x
EuclideanAlgorithm
Euclidean algorithm
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Example The following are the division steps for computing gcd(4864, 3458) = 38:
4864 = 1*3458 + 1406
3458 = 2*1406 + 646
1406 = 2*646 + 114
646 = 5*114 + 76
114 = 1*76 + 38
76 = 2*38 + 0 (Which method is more efficient and why??)
Euclidean algorithm
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
integer euclid(m, n)x = m, y = nwhile( y > 0)
r = x mod yx = yy = r
return x
K +
¿? ( O (1) +
K
+ O (1) + O (1) )
+ O (1)
= ¿? K O(1)
Where “¿?” is the number of while-loop iterations.
Assuming mod operation complexity is K:
gcd: Computational Complexity
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Facts: (x’ = next value of x, etc. )1. x can only be less than y at very beginning of
algorithm –once x > y, x’ = y > y’ = x mod y2. When x > y, two iterations of while loop guarantee
that new x is < ½ original x –because x’’ = y’ = x mod y. Two cases:
I. y > ½ x x mod y = x – y < ½ xII. y ≤ ½ x x mod y < y ≤ ½ x
gcd: Computational Complexity
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
(1&2) After first iteration, size of x decreases by factor > 2 every two iterations.
i.e. after 2i+1 iterations,
x < original_x / 2i
Q: When –in terms of number of iterations i– does this process terminate?
gcd: Computational Complexity
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
After 2i+1 steps, x < original_x / 2i
A: While-loop exits when y is 0, which is right before “would have” gotten x = 0. Exiting while-loop happens when 2i > original_x, (why??) so definitely by:
i = log2 ( original_x )Therefore running time of algorithm is:
O(2i+1) = O(i) = O (log2 (max (a, b)) )
gcd: Computational Complexity
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Measuring input size in terms of n = number of digits of max(a,b):
n = (log10 (max(a,b)) ) = (log2 (max(a,b)) )Therefore running time of algorithm is:
O(log2 (max(a,b)) ) = O(n)(Except fot the mod operation complexity K, which in
general is operand-size dependant)A more formal derivation of the complexity of Euclidean
gcd can be found in section 4.5.3, Volume II of Knuth’s “The Art of Computing Programming”
gcd: Computational Complexity
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Properties: i. By definition gcd(0, 0) = 0.ii. gcd(u, v) = gcd(v, u)iii. gcd(u, v) = gcd(-u, v)iv. gcd(u, 0) = |u|v. gcd(u, v)w = gcd(uw, vw) if w ≥0vi. lcm(u, v)w = lcm(uw, vw) if w ≥0vii. uv = gcd(u, v) lcm(u, v) if u, v ≥0viii. gcd(lcm(u, v), lcm(u, w)) = lcm(u, gcd(v, w));ix. lcm(gcd(u, v), gcd(u, w)) = gcd(u, lcm(v, w))
Euclidean gcd: Revisited
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Binary Properties:
i. If u and v are both even, then
gcd(u, v) = 2 gcd(u/2, v/2);
i. If u is even and v is odd, then
gcd(u, v) = gcd(u/2, v);
i. gcd(u, v) = gcd(u-v, v).
ii. If u and v are both odd, then u-v is even and |u-v| < max(u, v).
Euclidean gcd Revisited
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Input: u, v positive integers, such that u > v.Output: w = gcd(u, v).1. for (k = 0; u, v both even; k++) {
u /= 2; v /= 2; }; /* [Find power of 2] */
2. [Initialize] if (u is odd) t =-v else t = u;3. [halve t] while (t is even) t /= 2;4. if (t > 0) u = t else v = -t;5. [Subtract] t = u-v. If t ≠ 0 go back to 3,
otherwise output w = u2k.
Binary gcd algorithm
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Binary gcd algorithm: ExampleExample find the gcd of u =40902, v = 24140.
t u v
- 40902 24140
-12070, -6035 20451 6035
+14416, +901 20451 6035
-5134, -2567 901 6035
-1666, -833 901 2567
+68, +34, +17 901 833
-816, -51 17 833
-34, -17 17 51
0 17 17
w=17*21=34
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
The Euclidean algorithm can be extended so
that it not only yields the greatest common
divisor d of two integers a and b, but also
generates x and y satisfying
ax +by = d.
Extended Euclidean Algorithm
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
THM1: e has an inverse modulo N if and only if e and N are relatively prime.
This will follow from the following useful fact.
THM2: If a and b are positive integers, the gcd of a and b can be expressed as an integer combination of a and b. I.e., there are integers s, t for which
gcd(a,b) = sa + tb
Modular Inverses
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Proof of THM1 using THM2:
If an inverse d exists for e modulo N, we have
de 1 (mod N) so that for some k, de = 1 +kN, so 1 = de – kN. This equation implies that any number dividing both e and N must divide 1, so must be 1, so e,N are relatively prime.
Modular Inverses
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
On the other hand, suppose that e,N are relatively prime. Using THM2, write1 = se + tN. Rewrite this as se = 1-tN. Evaluating both sides mod N gives
se 1 (mod N) .Therefore s is seemingly the inverse e except that it may be in the wrong range so set d = s mod N. �
Modular Inverses
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
A constructive version of THM2 which gives s and t will give explicit inverses. This is what the extended Euclidean algorithm does.
The extended Euclidean algorithm works the same as the regular Euclidean algorithm except that we keep track of more details –namely the quotient q = x/y in addition to the remainder r = x mod y. This allows us to backtrack and write the gcd(a,b) as a linear combination of a and b.
Extended Euclidean Algorithm
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
gcd(244,117):Step x = qy + r x y gcd = ax+by
0 - 244 117
Extended Euclidean Algorithm
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
gcd(244,117):Step x = qy + r x y gcd = ax+by
0 - 244 117
1 244=2·117+10 117 10
Extended Euclidean Algorithm
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
gcd(244,117):Step x = qy + r x y gcd = ax+by
0 - 244 117
1 244=2·117+10 117 10
2 117=11·10+7 10 7
Extended Euclidean Algorithm
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
gcd(244,117):Step x = qy + r x y gcd = ax+by
0 - 244 117
1 244=2·117+10 117 10
2 117=11·10+7 10 7
3 10=7+3 7 3
Extended Euclidean Algorithm
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
gcd(244,117):Step x = qy + r x y gcd = ax+by
0 - 244 117
1 244=2·117+10 117 10
2 117=11·10+7 10 7
3 10=7+3 7 3
4 7=2·3+1 3 1
Extended Euclidean Algorithm
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
gcd(244,117):Step x = qy + r x y gcd = ax+by
0 - 244 117
1 244=2·117+10 117 10
2 117=11·10+7 10 7
3 10=7+3 7 3
4 7=2·3+1 3 1
5 3=3·1+0 1 0
Extended Euclidean Algorithm
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
gcd(244,117):Step x = qy + r x y gcd = ax+by
0 - 244 117
1 244=2·117+10 117 10
2 117=11·10+7 10 7
3 10=7+3 7 3
4 7=2·3+1 3 1 1=7-2·3
5 3=3·1+0 1 0 Solve for r. Plug it in.
Extended Euclidean Algorithm
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
gcd(244,117):Step x = qy + r x y gcd = ax+by
0 - 244 117
1 244=2·117+10 117 10
2 117=11·10+7 10 7
3 10=7+3 7 31=7-2·(10-7)
= -2·10+3·7
4 7=2·3+1 3 1 1=7-2·3
5 3=3·1+0 1 0 Solve for r. Plug it in.
Extended Euclidean Algorithm
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
gcd(244,117):Step x = qy + r x y gcd = ax+by
0 - 244 117
1 244=2·117+10 117 10
2 117=11·10+7 10 71=-2·10+3·(117-11·10)
= 3·117-35·10
3 10=7+3 7 31=7-2·(10-7)
= -2·10+3·7
4 7=2·3+1 3 1 1=7-2·3
5 3=3·1+0 1 0 Solve for r. Plug it in.
Extended Euclidean Algorithm
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
gcd(244,117):Step x = qy + r x y gcd = ax+by
0 - 244 117
1 244=2·117+10 117 101= 3·117-35·(244- 2·117)
= -35·244+73·117
2 117=11·10+7 10 71=-2·10+3·(117-11·10)
= 3·117-35·10
3 10=7+3 7 31=7-2·(10-7)
= -2·10+3·7
4 7=2·3+1 3 1 1=7-2·3
5 3=3·1+0 1 0 Solve for r. Plug it in.
Extended Euclidean Algorithm
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
gcd(244,117):Step x = qy + r x y gcd = ax+by
0 - 244 117
1 244=2·117+10 117 101= 3·117-35·(244- 2·117)
= -35·244+73·117
2 117=11·10+7 10 71=-2·10+3·(117-11·10)
= 3·117-35·10
3 10=7+3 7 31=7-2·(10-7)
= -2·10+3·7
4 7=2·3+1 3 1 1=7-2·3
5 3=3·1+0 1 0 Solve for r. Plug it in.
inverse of 244modulo 117
Extended Euclidean Algorithm
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Summary: Extended Euclidean algorithm works by keeping track of how remainder r results from dividing x by y. Last such equation gives gcd in terms of last x and y. By repeatedly inserting r into the last equation, one can get the gcd in terms of bigger and bigger values of x,y until at the very top is reached, which gives the gcd in terms of the inputs a,b.
Extended Euclidean Algorithm
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Extended Euclidean Algorithm
Input two positive integers a and b with a ≥ b.Output d = gcd(a, b) and integers x, y satisfying ax+by =d.1. if (b = 0) {
d = a; x = 1; y = 0; return(d, x, y);
}
2. x2 = 1; x1 = 0; y2 = 0; y1 = 1.3. while (b >0) {
}
4. d = a; x = x2; y = y2; return(d, x, y);
;;;;;;
;; ; % ;/
112112
1212
yyyyxxxxrbba
qyyyqxxxbarbaq
Fact: This algorithm has a Running time of O((lg n)2)bit operations.
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Extended Euclidean AlgorithmExample: Let a = 4864 and b = 3458. Hence gcd(a, b) = 38 and(4864)(32) + (3458) (-45) = 38.
q r x y a b x2 x1 y2 y1
- - - - 4864 3458 1 0 0 1
1 1406 1 -1 3458 1406 0 1 1 -1
2 646 -2 3 1406 646 1 -2 -1 3
2 114 5 -7 646 114 -2 5 3 -7
5 76 -27 38 114 76 5 -27 -7 38
1 38 32 -45 76 38 -27 32 38 -45
2 0 -91 128 38 0 32 -91 -45 128
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Quizz !!
1. Prove that there are an infinite number of
prime numbers.
2. Prove that e has an inverse modulo N if
and only if e and N are relatively prime.
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Finite fields: definitions and operations
FP finite field operations : Addition, Squaring,
multiplication and inversionFP
finite field operations : Addition, Squaring, multiplication and inversion
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
What is a Group?
An Abelian group <G, +> is an abstract mathematical object consisting of a set G together with an operation * defined on pairs of elements of G, here denoted by +:
In order to qualify as an Abelian group, the operation has to fulfill the following conditions:
i. Closed:
ii. Associative:
iii. Commutative:
iv. Neutral element:
v. Inverse elements:
babaGGG ,::
GbaGba :,
)(:,, cbacbaGcba abbaGba :,
aaGaG 0:,00:, baGbGa
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
What is a Group?
• Example: The best-known example of an Abelian Group is <Z, +>
• Example: The additive group Z15 uses the integers from 0 to 14. Some examples of
additions in Z15 are:
(10 + 12) mod 15 = 22 mod 15 = 7
• In Z15, 10 + 12 = 7 and 4 + 11 = 0.
Notice that both calculations have answers between 0 and 14.
• Additive Inverses
– Each number x in an additive group has an additive inverse element in the
group; that is an integer -x such that x + (-x) = 0 in the group. In Z15, -4 =11
since (4 + 11) mod 15 = 15 mod 15 = 0.
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Rings (1/2)
A ring <R, +, *> consists of a set R with 2 operations defined on its elements, here denoted by + and *. In order to qualify as a ring, the operations have to fulfill the following conditions:
1. The structure <R, +> is an Abelian group.
2. The operations * is closed, and associative over R. There is a neutral element for * in R.
3. The two operations + and * are related by the law of distributivity:
4. A ring <R, +. *> is called a commutative ring if the operation * is commutative.
cbcacbaRcba :,,
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Rings (2/2)
• The integer numbers, the rational numbers, the real numbers and the complex numbers are all rings.
• An element x of a ring is said to be invertible if x has a multiplicative inverse in R, that is, if there is a unique such that:
• 1 is called the unit element of the ring.
Re
1uxxu
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
What is a Field?
• A structure <F, +, *> is called a field if F is a ring in which the multiplication
is commutative and every element except 0 has a multiplicative inverse. We
can define the field F with respect to the addition and the multiplication if:
F is a commutative group with respect to the addition.
• is a commutative group with respect to the
multiplication.
The distributive laws mentioned for rings, hold.
0F
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
What is a Field?
• A field is a set of elements with two custom-defined arithmetic
operations: most commonly, addition and multiplication. The elements
of the field are an additive abelian group, and the non-zero elements of
the field are a multiplicative abelian group. This means that all elements
of the field have an additive inverse, and all non-zero elements have a
multiplicative inverse.
• A field is called finite if it has a finite number of elements. The most
commonly used finite fields in cryptography are the field Fp (where p is
a prime number) and the field F2m.
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Finite Fields
• A finite field or Galois field denoted by GF(q=pn), is a field with
characteristic p, and a number q of elements. As we have seen, such a
finite field exists for every prime p and positive integer n, and contains a
subfield having p elements. This subfield is called ground field of the
original field.
• For the rest of this class, we will consider only the two most used cases
in cryptography: q=p, with p a prime and q=2m. The former case, GF(p),
is denoted as the prime field, whereas the latter, GF(2m), is known as the
finite field of characteristic two or simply binary field.
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Finite Fields
• A finite field is a field with a finite number of elements. The
number of elements in a finite field is called the order of the
field. Fields of the same order are isomorphic: they display
exactly the same algebraic structure differing only in the
representation of the elements.
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
The field Fp
• The finite field Fp (p a prime number) consists of the numbers from 0 to p-
1. Its operations are addition and multiplication. All calculations must be
reduced modulo p.
• It is mandatory to select p as a prime number in order to guarantee that all
the non-zero elements of the field have a multiplicative inverse.
• Other operations in Fp (such as division, subtraction and exponentiation)
can be derived from the definitions of addition and multiplication.
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
The field Fp
Example:
Some calculations in the field F23 include
10*4 - 11 mod 23 = 29 mod 23 = 6
7-1 mod 23 = 10 (since 7 * 10 mod 23= 70 mod 23 = 1)
(29) / 7 mod 23 = 512 / 7 mod 23
= 6 * 7-1 mod 23
= 6 * 10 mod 23 = 14
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Congruences
Definition: Let a, b, n be integers with n ≠ 0. We say that
, (read: a is congruent to b mod n). If (a-b) is a
multiple (positive or negative) of n, i.e., a = b + nk, for some
integer k. Examples: 32=7 mod 5, -12 = 37 mod 7.
Proposition: Let a, b, c, d, n be integers with n ≠ 0.
i. a = 0 mod n iff n|a.ii. a = a mod n; a = b mod n iff a = b mod n.iii. If a = b mod n and b = c mod n, then a = c mod n.iv. a = b mod n and c = d mod n. Then a ± c = b ± d mod n,
ac = bd mod n
nba mod
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Fermat’s Petit Theorem
Theorem: Let p be a prime.
i.
ii. If
In other words, when working modulo a prime p, exponents can be reduced modulo p-1.
iii. In particular
papa p mod1 then ,1),gcd( If 1
apaapsr sr ,mod then ,1mod
apaa p ,mod
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Euler Theorem
Theorem: Let n ≥ 2 be an integer.
Then,
If n is a product of distinct primes, and if
In other words, when working modulo such an n, exponents can be reduced modulo (n).
A special case of Euler’s theorem is Fermat’s petit theorem.
nana n mod1 then ,1),gcd( If
naansr sr mod then ,mod
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Euler and Fermat’s theorems examples Examples:
1. What are the last three digits of 7803
Equivalent to work mod 1000 (why?).
Since (1000)=1000(1-1/2)(1-1/5)=400, we have
7803 = (7400)273=(1) 273=73=343 mod 1000. (why?)
2. Compute 23456 mod 5. From Fermat’s petit theorem we know that 24=1 mod 5. Therefore,
23456 = (24)864 = (1) 864 = 1 mod 5
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
The order of an element in the field Fp
Using the above result, one can easily prove that the order of any element
in F must divide (p)=p-1, i.e., ord ( )| (p)= ord ( )| p-1.
,mod11 ppp
The order of an element in F, is defined as the smallest positive integer k
such that k=1 mod p. Any finite field always contains at least one element,
called a primitive element, which has order p-1. From Euler’s theorem we
know that for any element in F,
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Fact: Suppose that is a primitive element in F. Then b = i mod n is also a primitive element in F iff gcd(i, (n))=1. It follows that the number of primitive elements in F is
((n)).
Example: Consider the powers of 3 mod 7:
31=3;32=2; 33=6;34=4;35=5;36=1.
There are ((7)) = 2 primitive elements in F7
Primitive Elements: how many?
¿Cuál es el otro?
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Fairy Tale: Chinese Emperor used to count his army by giving a series of tasks.
1. All troops should form groups of 3. Report back the number of soldiers that were not able to do this.
2. Now form groups of 5. Report back.3. Now form groups of 7. Report back.4. Etc.At the end, if product of all group numbers is sufficiently
large, can ingeniously figure out how many troops.
Chinese Remainder Theorem
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Chinese Remainder Theorem
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
mod 3:
N mod 3 = 1
Chinese Remainder Theorem
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
mod 5:
N mod 5 = 2
Chinese Remainder Theorem
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
mod 7:
N mod 7 = 2
Chinese Remainder Theorem
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Secret inversion formula (for N < 105 = 3·5·7):N a (mod 3)N b (mod 5)N c (mod 7)
Implies that N = (-35a + 21b + 15c) mod 105.So in our case a = 1, b = 2, c = 2 gives:N = (-35·1 + 21·2 + 15·2) mod 105
= (-35 + 42 + 30) mod 105= 37 mod 105 = 37
Chinese Remainder Theorem
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
How can we find the secret formula?For any x, a, b, and c satisfying
x a (mod 3)x b (mod 5)x c (mod 7)
Chinese Remainder Theorem says that this is enough information to uniquely determine x modulo 3·5·7. Proof, gives an algorithm for finding x –i.e. the secret formula.
Chinese Remainder Theorem
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
Chinese Remainder TheoremTheorem: Suppose that gcd(m, n) = 1. Given a and b, there exists
exactly one solution x (mod mn) to the simultaneous congruences
Proof [sketch]: There exist integers s, t such that ms+nt=1 (why?). Then ms=1 mod n and nt =1 mod m (why?). Let x = bms +ant. Then,
Suppose x1 is another solution, then c = (x-x1) is a multiple of both, m and n (why?). But then provided that m and n are relatively primes then c is also a multiple of mn. Hence, any two solutions x to the system of congruences are congruent mon mn as claimed.
n. mod b x,mod max
nbbmsxmaantx mod ,mod
Aritmética ComputacionalInvierno 2005
Francisco Rodríguez Henríquez
THM (CRT): Let m1, m2, … , mn be pairwise relatively prime positive integers. Then there is a unique solution x in [0,m1·m2···mn-1] to the system of congruences:
x a1 (mod m1 )
x a2 (mod m2 )
x an (mod mn )
Chinese Remainder Theorem