II-UNIT

Number Theory and Cryptography

• Number theory will use to generate pseudorandom numbers, to assign memory
locations to computer files, and to find check digits used to detect errors in various
kinds of identification numbers. We also introduce the subject of cryptography.

• Number theory plays an essentially role both in classical cryptography and modern
cryptography, which plays an essential role in electronic communication. We will
show how the ideas we develop can be used in cryptographical protocols, introducing
protocols for sharing keys and for sending signed messages.

• Number theory, once considered the purest of subjects, has become an essential tool
in providing computer and Internet security.
Divisibility and Modular Arithmetic
Division of an integer by a positive integer produces a quotient and a remainder.
Working with these remainders leads to modular arithmetic, which plays an important
role in mathematics and which is used throughout computer science including
generating pseudorandom numbers, assigning computer memory locations to files,
constructing check digits, and encrypting messages

• If a and b are integers with a = 0, we say that a divides b if there is an integer c such
that b = ac, or equivalently, if b a is an integer . When a divides b we say that a is a
factor or divisor of b, and that b is a multiple of a. The notation a | b denotes that a
divides b. We write a | b when a does not divide b.

Example: Determine whether 3 | 7 and whether 3 | 12.

Solution: We see that 3| 7, because 7/3 is not an integer. On the other hand, 3 | 12
because 12/3 = 4.
• Let a, b, and c be integers, where a = 0. Then
(i) if a | b and a | c, then a | (b + c);
(ii) if a | b, then a | bc for all integers c;
(iii) if a | b and b | c, then a | c.

THE DIVISION ALGORITHM: Let a be an integer and d a positive integer. Then there are
unique integers q and r, with 0 ≤ r.
• In the equality given in the division algorithm, d is called the divisor, a is called the
dividend, q is called the quotient, and r is called the remainder. This notation is used
to express the quotient and remainder: q = a div d, r = a mod d.

Example: What are the quotient and remainder when 101 is divided by 11?
Solution: We have 101 = 11 · 9 + 2.
Hence, the quotient when 101 is divided by 11 is 9 = 101 div 11, and the remainder is 2
= 101 mod 11.
Division algorithm(a: integer, d: positive integer)
q := 0
r := |a|
while r ≥ d
r := r − d
q := q + 1
if a < 0 and r > 0 then
r := d − r
q := −(q + 1)
return (q, r) {q = a div d is the quotient, r = a mod d is the remainder}
Example: What are the quotient and remainder when −11 is divided by 3?
Solution: We have −11 = 3(−4) + 1.
Hence, the quotient when −11 is divided by 3 is −4 = −11 div 3, and the remainder is 1 =
−11 mod 3.
Note that the remainder cannot be negative. Consequently, the remainder is not −2,
even though
−11 = 3(−3) − 2,
because r = −2 does not satisfy 0 ≤ r < 3.
Modular Arithmetic
• If a and b are integers and m is a positive integer, then a is congruent to b modulo m
if m divides a − b. We use the notation a ≡ b (mod m) to indicate that a is congruent
to b modulo m. We say that a ≡ b (mod m) is a congruence and that m is its modulus
(plural moduli). If a and b are not congruent modulo m, we write a ≡ b (mod m).

• Let a and b be integers, and let m be a positive integer. Then a ≡ b (mod m) if and only
if a mod m = b mod m.
Example: Determine whether 17 is congruent to 5 modulo 6 and whether 24 and 14 are
congruent modulo 6.
Solution: Because 6 divides 17 − 5 = 12, we see that 17 ≡ 5 (mod 6). However, because
24 − 14 = 10 is not divisible by 6, we see that 24 ≡ 14 (mod 6).

• Let m be a positive integer. If a ≡ b (mod m) and c ≡ d (mod m), then a + c ≡ b + d

(mod m) and ac ≡ bd (mod m).

Example: 7 ≡ 2 (mod 5) and 11 ≡ 1 (mod 5)

Solution: 18 = 7 + 11 ≡ 2 + 1 = 3 (mod 5) and that
77 = 7 · 11 ≡ 2 · 1 = 2 (mod 5).
Arithmetic Modulo m
• Addition of these integers, denoted by +m by a +m b = (a + b) mod m, where the
addition on the right-hand side of this equation is the ordinary addition of integers.
• we define multiplication of these integers, denoted by ·m by a ·m b = (a · b) mod m,

Example: Use the definition of addition and multiplication in Zm to find 7 +11 9 and 7 ·11 9.
Solution: Using the definition of addition modulo 11, we find that 7 +11 9 = (7 + 9) mod
11 = 16 mod 11 = 5, and 7 ·11 9 = (7 · 9) mod 11 = 63 mod 11 = 8.
Hence 7 +11 9 = 5 and 7 ·11 9 = 8.
The operations +m and ·m satisfy the properties.

• Closure: If a and b belong to Zm, then a +m b and a ·m b belong to Zm.

• Associativity: If a, b, and c belong to Zm, then (a +m b) +m c = a +m (b +m c) and (a ·m b)
·m c = a ·m (b ·m c).
• Commutativity: If a and b belong to Zm, then a +m b = b +m a and a ·m b = b ·m a.
• Identity elements: The elements 0 and 1 are identity elements for addition and
multiplication modulo m, respectively. That is, if a belongs to Zm, then a +m 0 = 0 +m a
= a and a ·m 1 = 1 ·m a = a.
• Additive inverses: If a = 0 belongs to Zm, then m − a is an additive inverse of a
modulo m and 0 is its own additive inverse. That is a +m (m − a) = 0 and 0 +m 0 = 0.
• Distributivity: If a, b, and c belong to Zm, then a ·m (b +m c) = (a ·m b) +m (a ·m c) and (a
+m b) ·m c = (a ·m c) +m (b ·m c).
Primes
Primes have become essential in modern cryptographic systems, and we will develop
some of their properties important in cryptography. For example, finding large primes is
essential in modern cryptography. The length of time required to factor large integers
into their prime factors is the basis for the strength of some important modern
cryptographic systems.

• An integer p greater than 1 is called prime if the only positive factors of p are 1 and
p. A positive integer that is greater than 1 and is not prime is called composite.
Prime factorization

Every integer greater than 1 can be written uniquely as a prime or as the product of two
or more primes where the prime factors are written in order of nondecreasing size.

Example: The prime factorizations of 100, 641, 999, and 1024 are given by
100 = 2 · 2 · 5 · 5 = 2252,
641 = 641,
999 = 3 · 3 · 3 · 37 = 33 · 37,
1024 = 2 · 2 · 2 · 2 · 2 · 2 · 2 · 2 · 2 · 2 = 210.
prime factorization of 7007=72 · 11 · 13
Mersenne primes

Because there are infinitely many primes, given any positive integer there are primes
greater than this integer. There is an ongoing quest to discover larger and larger prime
numbers; for almost all the last 300 years, the largest prime known has been an integer
of the special form 2p − 1, where p is also prime. Such primes are called Mersenne
primes.

Example: The numbers 22 − 1 = 3, 23 − 1 = 7, 25 − 1 = 31 and 27 − 1 = 127 are Mersenne

primes, while 211 − 1 = 2047 is not a Mersenne prime because 2047 = 23 · 89.

• The largest Mersenne prime known is 243,112,609 − 1, a number with nearly 13 million
decimal digits, which was shown to be prime in 2008.
PRIMES AND ARITHMETIC PROGRESSIONS Every odd integer is in one of the two
arithmetic progressions 4k + 1 or 4k + 3, k = 1, 2,.... This was provided by the German
mathematician G. Lejeune Dirichlet, The primes 5, 13, 17, 29, 37, 41,... are in the
arithmetic progression 4k + 1; the primes 3, 7, 11, 19, 23, 31, 43,... are in the
arithmetic progression 4k + 3.

However, it is possible to prove special cases of Dirichlet’s theorem 3k + 2 and 4k + 3,

where k is a positive integer. We have explained that every arithmetic progression ak
+ b, k = 1, 2,..., where a and b have no common factor greater than one, contains
infinitely many primes.

Goldbach’s Conjecture In 1742, Christian Goldbach, in a letter to Leonhard Euler,

conjectured that every odd integer n, n > 5, is the sum of three primes.

5 = 22 + 1, 17 = 42 + 1, 37 = 62 + 1,
The Twin Prime Conjecture
Twin primes are pairs of primes that differ by 2, p and p + 2 such as 3 and 5, 5 and 7, 11
and 13, 17 and 19, and 4967 and 4969.

Relatively prime
The integers a and b are relatively prime if their greatest common divisor is 1.
Example: The integers 17 and 22 are relatively prime, because gcd(17, 22) = 1.

pairwise relatively prime

In a set of numbers if the GCD of each prime is same then we say it as pairwise
relatively prime.
Example: Determine whether the integers 10, 17, and 21 are pairwise relatively
prime and whether the integers 10, 19, and 24 are pairwise relatively prime.
Solution: Because gcd(10, 17) = 1, gcd(10, 21) = 1, and gcd(17, 21) = 1, we conclude
that 10, 17, and 21 are pairwise relatively prime. Because gcd(10, 24) = 2 > 1, we see
that 10, 19, and 24 are not pairwise relatively prime.
pseudoprimes

Let b be a positive integer. If n is a composite positive integer, and bn−1 ≡ 1 (mod n),
then n is called a pseudoprime to the base b.

Example: The integer 341 is a pseudoprime to the base 2 because it is composite (341 =
11 · 31) and as 2340 ≡ 1 (mod 341).
We can use an integer other than 2 as the base when we study pseudoprimes.
Greatest Common Divisors and Least Common Multiples
Let a and b be integers, not both zero. The largest integer d such that d | a and d | b is
called the greatest common divisor of a and b. The greatest common divisor of a and b
is denoted by gcd(a, b).
Example: What is the greatest common divisor of 24 and 36?
Solution: The positive common divisors of 24 and 36 are 1, 2, 3, 4, 6, and 12. Hence,
gcd(24, 36) = 12.

Example: Because the prime factorizations of 120 and 500 are

120 = 23 · 3 · 5 and 500 = 22 · 53,
the greatest common divisor is gcd(120, 500) = 2min(3, 2) 3min(1, 0) 5min(1, 3) = 223051 = 20.
The least common multiple of the positive integers a and b is the smallest positive
integer that is divisible by both a and b. The least common multiple of a and b is
denoted by lcm(a, b).
Example : What is the least common multiple of 233572 and 2433?
Solution: We have lcm(233572, 2433) = 2max(3, 4) 3max(5, 3) 7max(2, 0) = 243572
Let a and b be positive integers. Then ab = gcd(a, b) · lcm(a, b).

The Euclidean Algorithm Computing the greatest common divisor of two integers
directly from the prime factorizations of these integers is inefficient. The reason is that
it is time-consuming to find prime factorizations. We will give a more efficient method
of finding the greatest common divisor, called the Euclidean algorithm.
ALGORITHM: The Euclidean Algorithm.
procedure gcd(a, b: positive integers)
x := a
y := b
while y = 0
r := x mod y
x := y
y := r
return x{gcd(a, b) is x}
Example: Find the greatest common divisor of 414 and 662 using the Euclidean
algorithm.
Solution: Successive uses of the division algorithm give:
662 = 414 · 1 + 248
414 = 248 · 1 + 166
248 = 166 · 1 + 82
166 = 82 · 2 + 2
82 = 2 · 41.
Hence, gcd(414, 662) = 2, because 2 is the last nonzero remainder.
Pseudorandom Numbers

Randomly chosen numbers are often needed for computer simulations. Different
methods have been devised for generating numbers that have properties of randomly
chosen numbers. Because numbers generated by systematic methods are not truly
random, they are called pseudorandom numbers.

The most commonly used procedure for generating pseudorandom numbers is the
linear congruential method. We choose four integers: the modulus m, multiplier a,
increment c, and seed x0.

xn+1 = (axn + c) mod m

Example: Find the sequence of pseudorandom numbers generated by the linear
congruential method with modulus m = 9, multiplier a = 7, increment c = 4, and seed x0
= 3.
Solution: We compute the terms of this sequence by successively using the recursively
defined function xn+1 = (7xn + 4) mod 9, beginning by inserting the seed x0 = 3 to find x1.
We find that
x1 = 7x0 + 4 mod 9 = 7 · 3 + 4 mod 9 = 25 mod 9 = 7,
x2 = 7x1 + 4 mod 9 = 7 · 7 + 4 mod 9 = 53 mod 9 = 8,
x3 = 7x2 + 4 mod 9 = 7 · 8 + 4 mod 9 = 60 mod 9 = 6,
x4 = 7x3 + 4 mod 9 = 7 · 6 + 4 mod 9 = 46 mod 9 = 1,
x5 = 7x4 + 4 mod 9 = 7 · 1 + 4 mod 9 = 11 mod 9 = 2,
x6 = 7x5 + 4 mod 9 = 7 · 2 + 4 mod 9 = 18 mod 9 = 0,
x7 = 7x6 + 4 mod 9 = 7 · 0 + 4 mod 9 = 4 mod 9 = 4,
x8 = 7x7 + 4 mod 9 = 7 · 4 + 4 mod 9 = 32 mod 9 = 5,
x9 = 7x8 + 4 mod 9 = 7 · 5 + 4 mod 9 = 39 mod 9 = 3.
Because x9 = x0 and because each term depends only on the previous .
Cryptography
Number theory plays a key role in cryptography, the subject of transforming information
so that it cannot be easily recovered without special knowledge.

Classical Cryptography One of the earliest known uses of cryptography was by Julius
Caesar. He made messages secret by shifting each letter three letters forward in the
alphabet.

Encryption
f (p) = (p + 3) mod 26.
Decryption
f −1(p) = (p − 3) mod 26.
Example: What is the secret message produced from the message “MEET YOU IN THE
PARK” using the Caesar cipher?
Solution: First replace the letters in the message with numbers.
This produces 12 4 4 19 24 14 20 8 13 19 7 4 15 0 17 10.
Now replace each of these numbers p by f (p) = (p + 3) mod 26.
This gives 15 7 7 22 1 17 23 11 16 22 10 7 18 3 20 13. Translating this back to
letters produces the encrypted message “PHHW BRX LQ WKH SDUN.”

shift cipher
There are various ways to generalize the Caesar cipher. For example, instead of shifting
the numerical equivalent of each letter by 3, we can shift the numerical equivalent of
each letter by k, so that f (p) = (p + k) mod 26. Such a cipher is called a shift cipher. Note
that decryption can be carried out using f −1(p) = (p − k) mod 26.
Example: Encrypt the plaintext message “STOP GLOBAL WARMING” using the shift cipher
with shift k = 11.
Solution: To encrypt the message “STOP GLOBAL WARMING” we first translate each letter
to the corresponding element of Z26.
This produces the string 18 19 14 15 6 11 14 1 0 11 22 0 17 12 8 13 6.
We now apply the shift f (p) = (p + 11) mod 26 to each number in this string.
We obtain 3 4 25 0 17 22 25 12 11 22 7 11 2 23 19 24 17.
Translating this last string back to letters, we obtain the ciphertext “DEZA RWZMLW
HLCXTYR.

Example: What letter replaces the letter K when the function f (p) = (7p + 3) mod 26 is
used for encryption?
Solution: First, note that 10 represents K. Then, using the encryption function specified, it
follows that f (10) = (7 · 10 + 3) mod 26 = 21. Because 21 represents V, K is replaced by V
in the encrypted message.
Example: Decrypt the ciphertext message “LEWLYPLUJL PZ H NYLHA ALHJOLY” that was
encrypted with the shift cipher with shift k = 7.
Solution: To decrypt the ciphertext “LEWLYPLUJL PZ H NYLHA ALHJOLY” we first translate
the letters back to elements of Z26. We obtain 11 4 22 11 24 15 11 20 9 11 15 25 7 13
24 11 7 0 0 11 7 9 14 11 24.
Next, we shift each of these numbers by −k = −7 modulo 26 to obtain 4 23 15 4 17 8 4 13 2
4 8 18 0 6 17 4 0 19 19 4 0 2 7 4 17. Finally, we translate these numbers back
to letters to obtain the plaintext. We obtain “EXPERIENCE IS A GREAT TEACHER.”
CRYPTANALYSIS
The process of recovering plaintext from ciphertext without knowledge of both the
encryption method and the key is known as cryptanalysis or breaking codes.

Example: Suppose that we intercepted the ciphertext message ZNK KGXRE HOXJ MKZY
ZNK CUXS that we know was produced by a shift cipher. What was the original plaintext
message?
Solution: Because we know that the intercepted ciphertext message was encrypted
using a shift cipher, we begin by calculating the frequency of letters in the ciphertext.
We find that the most common letter in the ciphertext is K. So, we hypothesize that the
shift cipher sent the plaintext letter E to the ciphertext letter K. If this hypothesis is
correct, we know that 10 = 4 + k mod 26, so k = 6. Next, we shift the letters of the
message by −6, obtaining THE EARLY BIRD GETS THE WORM. Because this message
makes sense, we assume that the hypothesis that k = 6 is correct.
BLOCK CIPHERS Shift ciphers and affine ciphers proceed by replacing each letter of
the alphabet by another letter in the alphabet. Because of this, these ciphers are
called character or monoalphabetic ciphers. Encryption methods of this kind are
vulnerable to attacks based on the analysis of letter frequency in the ciphertext, as
we just illustrated. We can make it harder to successfully attack ciphertext by
replacing blocks of letters with other blocks of letters instead of replacing individual
characters with individual characters; such ciphers are called block ciphers.
A simple type of block cipher, called the Transposition cipher

Example: Using the transposition cipher based on the permutation σ of the set {1, 2, 3,
4} with σ (1) = 3, σ (2) = 1, σ (3) = 4, and σ (4) = 2,
(a)Encrypt the plaintext message PIRATE ATTACK.
(b)Decrypt the ciphertext message SWUE TRAE OEHS, which was encrypted using this
cipher.
Solution: (a) We first split the letters of the plaintext into blocks of four letters. We
obtain PIRA TEAT TACK. To encrypt each block, we send the first letter to the third
position, the second letter to the first position, the third letter to the fourth position,
and the fourth letter to the second position. We obtain IAPR ETTA AKTC.
(b) We note that σ −1, the inverse of σ, sends 1 to 2, sends 2 to 4, sends 3 to 1, and
sends 4 to 3. Applying σ −1(m) to each block gives us the plaintext: USEW ATER HOSE.
CRYPTOSYSTEMS We have defined two families of ciphers: shift ciphers and affine
ciphers. We now introduce the notion of a cryptosystem, which provides a general
structure for defining new families of ciphers.

Definition: A cryptosystem is a five-tuple (P, C, K, E, D), where P is the set of plaintext

strings, C is the set of ciphertext strings, K is the key space (the set of all possible
keys), E is the set of encryption functions, and D is the set of decryption functions.
We denote by Ek the encryption function in E corresponding to the key k and Dk the
decryption function in D that decrypts ciphertext that was encrypted using E k, that is
Dk(Ek(p)) = p, for all plaintext strings p.
Public Key Cryptography All classical ciphers, including shift ciphers and affine ciphers,
are examples of private key cryptosystems. In a private key cryptosystem, once you
know an encryption key, you can quickly find the decryption key. So, knowing how to
encrypt messages using a particular key allows you to decrypt messages that were
encrypted using this key.
To avoid the need for keys to be shared by every pair of parties that wish to
communicate securely, in the 1970s cryptologists introduced the concept of public key
cryptosystems. When such cryptosystems are used, knowing how to send an encrypted
message does not help decrypt messages. In such a system, everyone can have a
publicly known encryption key. Only the decryption keys are kept secret, and only the
intended recipient of a message can decrypt it.
The RSA Cryptosystem
In 1976, three researchers at the Massachusetts Institute of Technology—Ronald Rivest,
Adi Shamir, and Leonard Adleman—introduced to the world a public key cryptosystem,
known as the. RSA system, from the initials of its inventors.
In the RSA cryptosystem, each individual has an encryption key (n, e) where n = pq, the
modulus is the product of two large primes p and q, say with 200 digits each, and an
exponent e that is relatively prime to (p − 1)(q − 1).
RSA Encryption
To encrypt messages using a particular key (n, e), we first translate a plaintext message
M into sequences of integers. To do this, we first translate each plaintext letter into a
two-digit number, using the same translation we employed for shift ciphers, with one
key difference. That is, we include an initial zero for the letters A through J, so that A is
translated into 00, B into 01, ... , and J into 09.
Encryption
C = Me mod n.
Example: Encrypt the message STOP using the RSA cryptosystem with key (2537, 13).
Note that 2537 = 43 · 59, p = 43 and q = 59 are primes, and
gcd(e, (p − 1)(q − 1)) = gcd(13, 42 · 58) = 1.
Solution: To encrypt, we first translate the letters in STOP into their numerical
equivalents. We then group these numbers into blocks of four digits (because 2525 <
2537 < 252525), to obtain
1819 1415.
We encrypt each block using the mapping C = M13 mod 2537.
Computations using fast modular multiplication show that 181913 mod 2537 = 2081 and
141513 mod 2537 = 2182. The encrypted message is 2081 2182
RSA Decryption
The plaintext message can be quickly recovered from a ciphertext message when the
decryption key d, an inverse of e modulo (p − 1)(q − 1), is known. [Such an inverse exists
because gcd(e, (p − 1)(q − 1)) = 1.] To see this, note that if de ≡ 1 (mod (p − 1)(q − 1)),
there is an integer k such that de = 1 + k(p − 1)(q − 1). It follows that
Cd ≡ (Me ) d = Mde = M1+k(p−1)(q−1) (mod n).

By Fermat’s little theorem

Cd ≡ M · (Mp−1) k(q−1) ≡ M · 1 = M (mod p)
and
Cd ≡ M · (Mq−1) k(p−1) ≡ M · 1 = M (mod q).
Because gcd(p, q) = 1, it follows by the Chinese remainder theorem that
Cd ≡ M (mod pq).
Example: We receive the encrypted message 0981 0461.What is the decrypted
message if it was encrypted using the RSA cipher from previous Example?
Solution: The message was encrypted using the RSA cryptosystem with n = 43 · 59 and
exponent 13. d = 937 is an inverse of 13 modulo 42 · 58 = 2436. We use 937 as our
decryption exponent. Consequently, to decrypt a block C,
we compute M = C937 mod 2537.
To decrypt the message, we use the fast modular exponentiation algorithm to compute
0981937 mod 2537 = 0704 and 0461937 mod 2537 = 1115. Consequently, the numerical
version of the original message is 0704 1115. Translating this back to English letters, we
see that the message is HELP.