Phiên bản YAINTT này có một sự nhấn mạnh đặc biệt về các kết nối với mật mã học. Tài liệu mật mã xuất hiện trong Chương 4 và § § 5.5 và 5.6, phát sinh một cách tự nhiên (tôi hy vọng) từ lý thuyết số xung quanh. Các ứng dụng mật mã chính là hệ thống mật mã RSA, trao đổi khóa DiffieHellman và hệ thống mật mã ElGamal xuất hiện rất tự nhiên từ những cân nhắc của Định lý Euler, gốc rễ nguyên thủy và chỉ ra rằng nó thể hiện sự khẳng định khá mỉa mai của GH Hardy Har05 và không thể áp dụng vĩnh viễn của lý thuyết số.
Yet Another Introductory Number Theory Textbook (Cryptology Emphasis Version) Jonathan A Poritz after Wissam Raji Department of Mathematics and Physics Colorado State University, Pueblo 2200 Bonforte Blvd Pueblo, CO 81001, USA E-mail: jonathan.poritz@gmail.com Web: www.poritz.net/jonathan 07 MAY 2014 11:04MDT Preface This is a first draft of a free (as in speech, not as in beer, [Sta02]) (although it is free as in beer as well) undergraduate number theory textbook It was used for Math 319 at Colorado State University –Pueblo in the spring semester of 2014 Thanks are hereby offered to the students in that class – Megan Bissell, Tennille Candelaria, Ariana Carlyle, Michael Degraw, Daniel Fisher, Aaron Griffin, Lindsay Harder, Graham Harper, Helen Huang, Daniel Nichols, and Arika Waldrep – who offered many useful suggestions and found numerous typos I am also grateful to the students in my Math 242 Introduction to Mathematical Pro- gramming class in that same spring semester of 2014 – Stephen Ciruli, Jamen Cox, Graham Harper, Joel Kienitz, Matthew Klamm, Christopher Martin, Corey Sullinger, James Todd, and Shelby Whalen – whose various programming projects produced code that I adapted to make some of the figures and examples in the text The author gratefully acknowledges the work An Introductory Course in Elementary Number Theory by Wissam Raji [see www.saylor.org/books/] from which this was initially adapted Raji’s text was released under the Creative Commons CC BY 3.0 license, see creativecommons.org/licenses/by/3.0 This work is instead released under a CC BY-SA 4.0 license, see creativecommons.org/licenses/by-sa/4.0 (The difference is that if you build future works off of this one, you must also release your derivative works with a license that allows further remixes over which you have no control.) This version: 07 May 2014 11:04MDT Note this text will be frequently updated and improved as the author has time, particularly during and immediately after semesters in which it is being used in a class Therefore please check back often to the website, which is www.poritz.net/jonathan/share/yaintt This work is dedicated to my insanely hardworking colleagues at Colorado State University – Pueblo whose dedication to their students, their scholarship, and their communities is an inspiration While I was working on the first version of this book, those colleagues stood up to some of the most benighted, ignorant administrative nonsense I have seen in the more than thirty years I have been involved in higher education As MLK said, “The arc of the moral universe is long, but it bends towards justice.” – It is selfless, intelligent, hard work like yours that is doing the bending Jonathan A Poritz, May 2014, Pueblo, CO, USA iii Release Notes This version of YAINTT has a particular emphasis on connections to cryptology The cryptologic material appears in Chapter and §§ 5.5 and 5.6, arising naturally (I hope) out of the ambient number theory The main cryptologic applications – being the RSA cryptosystem, Diffie-Hellman key exchange, and the ElGamal cryptosystem – come out so naturally from considerations of Euler’s Theorem, primitive roots, and indices that it renders quite ironic G.H Hardy’s assertion [Har05] of the purity and eternal inapplicability of number theory Note, however, that once we broach the subject of these cryptologic algorithms, we take the time to make careful definitions for many cryptological concepts and to develop some related ideas of cryptology which have much more tenuous connections to the topic of number theory This material therefore has something of a different flavor from the rest of the text – as is true of all scholarly work in cryptology (indeed, perhaps in all of computer science), which is clearly a discipline with a different culture from that of “pure” mathematics Obviously, these sections could be skipped by an uninterested reader, or remixed away by an instructor for her own particular class approach Caution: In good Bourbaki1 style, where this symbol appears in the text below, it indicates a place where the reasoning is intricate and difficult to follow, or calls attention to a common misinterpretation of some point This version, in PDF form, can be found at http://www.poritz.net/jonathan/share/yaintt.pdf while all the files to create custom versions can be found at http://www.poritz.net/jonathan/share/yaintt/ – have fun with it, that’s the point of the Creative Commons! A fictional mathematician and author of many (non-fictional – they really exist) fine mathematics texts, such as [Bou04] v Contents Preface iii Release Notes v Chapter Well-Ordering and Division 1.1 The Well-Ordering Principle and Mathematical Induction 1.2 Algebraic Operations with Integers 1.3 Divisibility and the Division Algorithm 1.4 Representations of Integers in Different Bases 1.5 The Greatest Common Divisor 1.6 The Euclidean Algorithm 1 13 17 Chapter Congruences 2.1 Introduction to Congruences 2.2 Linear Congruences 2.3 The Chinese Remainder Theorem 2.4 Another Way to Work with Congruences: Equivalence Classes 2.5 Euler’s φ Function 21 21 27 30 33 37 Chapter Prime Numbers 3.1 Basics and the FTA 3.2 Wilson’s Theorem 3.3 Multiplicative Order and Applications 3.4 Another Approach to Fermat’s Little and Euler’s Theorems 41 41 45 47 51 Chapter Cryptology 4.1 Some Speculative History 4.2 The Caesar Cipher and Its Variants 4.3 First Steps into Cryptanalysis: Frequency Analysis 4.4 Public-Key Crypto: the RSA Cryptosystem 4.5 Digital Signatures 4.6 Man-in-the-Middle Attacks, Certificates, and Trust 55 55 60 64 73 81 86 Chapter Indices = Discrete Logarithms 5.1 More Properties of Multiplicative Order 89 91 vii viii CONTENTS 5.2 5.3 5.4 5.5 5.6 A Necessary Digression: Gauss’s Theorem on Sums of Euler’s Function Primitive Roots Indices Diffie-Hellman Key Exchange The ElGamal Cryptosystem 94 97 103 107 111 Bibliography 115 Index 117 CHAPTER Well-Ordering and Division 1.1 The Well-Ordering Principle and Mathematical Induction In this chapter, we present three basic tools that will often be used in proving properties of the integers We start with a very important property of integers called the well-ordering principle We then state what is known as the pigeonhole principle, and then we proceed to present an important method called mathematical induction 1.1.1 The Well-Ordering Principle D EFINITION 1.1.1 Given a set S of numbers (of any kind), we say that ℓ ∈ S is a least element of S if ∀x ∈ S, either x = ℓ or ℓ < x THE WELL-ORDERING PRINCIPLE Every non-empty set of natural numbers has a least element This principle is often taken as an axiom 1.1.2 The Pigeonhole Principle T HEOREM 1.1.2 The Pigeonhole Principle: Let s, k ∈ N satisfy s > k If s objects are placed in k boxes, then at least one box contains more than one object PROOF Suppose that none of the boxes contains more than one object Then there are at most k objects This leads to a contradiction with the fact that there are s objects for s > k Q 1.1.3 The Principle of Mathematical Induction We now present a valuable tool for proving results about integers This tool is the principle of mathematical induction THEOREM 1.1.3 The First Principle of Mathematical Induction: Let S ⊂ N be a set satisfying the following two properties: (1) ∈ S; and (2) ∀k ∈ N, k ∈ S ⇒ k + ∈ S Then S = N More generally, if P(n) is a property of natural numbers which may or may not be true for any particular n ∈ N, satisfying (1) P(1) is true; and WELL-ORDERING AND DIVISION (2) ∀k ∈ N, P(k) ⇒ P(k + 1) then ∀n ∈ N, P(n) is true PROOF We use the well-ordering principle to prove this first principle of mathematical induction Let S be the set from the first part of the theorem and let T be the set of natural numbers not in S We will use a proof by contradiction, so assume T is non-empty Then, by the well-ordering principle, T contains a least element ℓ Note that ∈ S, so ∈/ T and thus ℓ > Therefore ℓ − is a natural number Since ℓ is the least element of T , ℓ − is not in T , it is therefore in S But by the defining properties of S, since ℓ − ∈ S, ℓ = ℓ − + ∈ S, which contradicts the fact that ℓ is a least element of T , so in T , so not in S This contradiction implies that the assumption that T is non-empty is false, hence S = N For the second part of the theorem, let S = {n ∈ N | P(n) is true} and apply the first part Q EXAMPLE 1.1.4 We use mathematical induction to show that ∀n ∈ N 116 [Sta02] [WY05] BIBLIOGRAPHY Richard Stallman, Free Software, Free Society: Selected Essays of Richard M Stallman, Lulu com, 2002 Xiaoyun Wang and Hongbo Yu, How to break md5 and other hash functions, Advances in Cryptology–EUROCRYPT 2005, Springer, 2005, pp 19–35 Index additive inverse, Adleman, Leonard, 75 al-Haytham, Ibn, 45 al-Kindi, 65 ASCII, 78 associativity of addition and multiplication, asymmetric cipher/cryptos ystem/encrypt ion, 74 Augustus, 60 authentication , 56 base b, 10 binary representation , 10 bit, 11 brute-force attack, 64 CA, 87 Ca e s a r c i p h e r c r a c k i n g , definition, 60 certifica te authorit y, 87 Chinese Remain der Theore m, 30, 38, 79 cipher, 57 cipherte xt, 57 cleartext , 57 collision resistan ce, 82 commut ativity of addition and multipli cation, composi te definition, 41 of smallest factor, 41 confide ntiality, 56 congrue nce classes addition, 34 addition and multiplicat ion welldefined, 34 definition, 33 multiplication, 34 representatives , 34 c o o s n e gr t, u e n C c r es e divi a ding t both i side s, v 24 e exis tenc C e o and m num m ber o of n solu tions s, , 27, 28 i i num beri cryptogr aphic hash function, 82 cryptogr aphy, 55 cryptology, 55 c r y p t o s y s t e m , 5 c of y c c solu tionr l s y i whe p c n t RHa s S isn u a b 24 l g 1c y r 1o s o 7n gr i u u s p e , nt basi d e c prop f c ertie i s, r 21 y n defip e t d nitio n, o , 21 , c u s e d , , 107, 111 Diffie-Hellman problem, 109 d i g i t a l c e D r i t f i f i f e i , c W a h i t t e f , i e l d , d i D g i i f t f i a e l H s e l i l g m n a a n k t e u y r e e x ElGamal, 112 c h RSA, 83 a Diophantine equation, 27 n discrete log, 111 g e discrete logarithm, 104 , Disquisitiones Arithmeticae, v 21 , distance between frequency distributions, 67 distributivity of multiplication over addition, divisibility definition, of linear combinations, 11 INDEX transitivity, with relativel y prime factors, 23 Divisio n Algorith m statement, used, 6, 9, 25, 34, 79, 91 divisor, domain, 99 ElGama l cryptos ystem, v, 111 encrypti on, 57 eq u i v a l e n c e c l a s s e s d e f i n i t i o n , 3 d i s j o i n t o r e q u a l , 3∗ e x a m p l e : Q , 3 example: congruence classes, 33 r epr ese nta tiv e, 33 eq uiv ale nc e rel ati on r i t h m definition, 33 reflexivity, 33 symmetry, 33 t r a n s i t i v i t y , s t a t e m e n t , 3 E u c l i d ’ s L e m m a statement, 24 used, 24, 42, 52, 92 Eu c l i d e a n A l g o used, 28, 77, 78, 80 Euler’s φ/totie nt functio n counts elements of (Z/nZ) , 37 definition, 37 is multiplicative for relatively prime integers, 37 used, 37, 48, 49, 51, 76– 79, 89–91, 97–100 v a l u e s , , 7 E u l e r ’ 12 0s Federal Inf or ma tio n Pr oc ess ing Sta nd ard s, US , 83 T h e o r e m , v statement, 48, 51 used, 77, 89 even integer, exhaustive search, 64 factor of an integer, fast modular exponentiatio n, 78, 104, 108, 109 feasible computation definition, 77 used, 77, 78, 80, 82, 104, 108– 111 INDEX s t a t e m e n t , statement, 49, 51 used, 50, 99 fingerprint, 82 frequency analysis, 65 Fun d a m e nt al T h e o re m o f A ri th m et ic st at e m e nt , used, 95 Fe r m a t ’ s L i t t l e T h e o r e m a l t e r n a t e G a u s s ’ s T h e o r e m s t a t e m e n t , used, 100 G a u s s , C a r l F r i e d r i c h , t c o m m o n G n u P G , 8 g r a p h [ γ ρ α ´ ϕ ω , G r e e k r o o t ] , 5 g r e a t e s d i v i s o r af te r th e m di vi si o n al g o ri th m , d ef in it io n, defin ition for more than two integ ers, 14 exam ples, 13, 14, 16, 18, 19, 24, 28 properties, 13, 14, 16, 19 used, 13, 15, 24, 27, 30, 34, 35, 37, 38, 42, 47–49, 51, 52, 76, 77, 79, 80, 91, 92, 94, 95, 98, 100, 103, 104, 112 hacker, 55 Hellman, Martin, 107 hex, 11 hexadecimal, 11 index, v basic properties, 104 definition, 103 e x a m p l e s , n = , e x a m p l e s , s m a l l n , inf or m ati on se cu rit y, 56 inf or m ati on th eo ret ica lly se cu re, 61 int eg rit y, 56 Julius Caesar, 60 K12 e2 r c k h o f f ’ s P r i n c i p l e , k e y , INDEX INDEX 119 12 4key s t distribution, 62 key-signing party, 88 keyspace, 64 kryptos [κρυπτoς, Greek root], 55 s q u a r e s , Lagrange’s Theorem, 89 statement, 47 u s e d , 0 l e a s t e l e m e n t d e f i n i t i o n , l e a letter frequenc ies, English, 66 linear congrue nce, 98 definition, 27 unique solution, 28, 98 used, 98 logos [λo´γoς, Greek root], 55 man-in-the-middle attack, 86 md5, 82 mechanical turk, 65 messagespace, 65 m u l t i p l e , m u l t i p l i INDEX c a t i v e pa i r w i s e i n v e r s e r e l a t i v e l y in Z, mod n, 28, 45 multiplicative order in mod n, 91, 97– 100 definition, 47 divides φ(n), 47 examples, 89, 90 well-defined, 47 mutually relatively prime, 15 p r i m e , National Institute of Standards and Technology, US [NIST], 83 National Security Agency, US [NSA], 83 nonrepudiation, 56 octal, 11 Octavian (Augustus), 60 odd integer, one-time pad, 61 one-way function, 75, 104, 109, 111 OpenPGP, 88 order, see also multiplicative order in mod n d e f i n i t i o n , Pi g e o n h o l e P r i n c i p l e s t a t e m e n t , used, 47, 85 PKI, 88 plaintext, 57 p o l y n o m i a l s i n m o d p , – 0 u c t , , p r e i m a g e 9 p r i m e r e s i s t a n c e , c o u n t i n g p r i m e definition, 41 d i v i d i n g a p r o d f u n c t i o n , 7 P r i m e N u m b e r T h e o r e m , 7 primitive root, v, 97, 98, 100, 107, 108, 111 Principle of Mathematical Induction, first version statement, used, Principle of Mathe matic al Induct ion, secon d versio n statement, used, 42 private key, 74 probabilistic polynomial-time Turing machine, 61 pseudorandom, 62 public key, 74 p u b l i c k e y quotient, 12 i6 n f r a s t r u c t u r e , 8 p u b l i c k e y c r y p t o s y s t e m , quantum computer, 75, 109 INDEX Rivest, Ron, 75, 82 R O T , r e l a t i v e l y p r i m e , R S A cryptosystem, v, 75, 107 exponent, 76 modulus, 75 d e f i n i t i o n , scytale, 57 second pre-image resistance, 82 l in ea r co m bi na tio n gi vi ng 1, 14 re m nd er definition, 12 security through obscurity, 58 sexagesimal, 11 SHA-1, 83 SHA-2, 83 SHA-256, 83 Shamir, Adi, 75 signing key, 84 Sophie Germain prime definition, 108 examples, 109 square error, 67 symmetric cipher/cryptosystem/encryption, 73 trusted third party, 87 Unicode, 78 verification key, 84 Vernam Cipher, 61 Vigene`re cipher, 60 web of trust, 88 Well-Ordering Principle statement, used, 2, 7, 47 Wilson’s Theorem, 45, 102 yfesdrype, 56 zero product property, 99 INDEX