NETWORK SECURITY

CS G513 & SS G513

Basic Concepts in Number Theory

Ashutosh Bhatia
BITS Pilani
ashutosh.bhatia@pilani.bits-pilani.ac.in
 Set of Integers and CRYPTO
 The set of integers, denoted by Z, contains all integral numbers (with
no fraction) from negative infinity to positive infinity
𝑍 = . . . , −2, −1, 0, 1, 2, . . .

We also have 𝑍𝑛 , 𝑍𝑛∗ , 𝑍𝑝 , 𝑍𝑝∗

 In cryptography, we are interested in three binary operations applied

to the set of integers. A binary operation takes two inputs and creates
one output.
( +, - and ×)
 Review of Algebraic Structures
 Cryptography requires sets of integers and specific operations that are
defined for those sets. The combination of the set and the operations that
are applied to the elements of the set is called an algebraic structure.

 Algebraic structure: <set, operations, constants>

 carrier set
 operations: binary, unary
 constants: identity, zero

 Every operation is a function

 binary operation: 𝑂: S x S → T
 unary operation: ∆∶ 𝑆 → 𝑇
 Closed 𝑇 ⊆ S

 Is subtraction closed on 𝒁+ ?
Binary Operation Properties
 Commutativity
∀ 𝑎, 𝑏 ∈ 𝑆, 𝑎 ∘ 𝑏 = 𝑏 ∘ 𝑎

 Associativity

∀ 𝑎, 𝑏, 𝑐 ∈ 𝑆, 𝑎 ∘ 𝑏 ∘ 𝑐 = (𝑎 ∘ 𝑏) ∘ 𝑐

Example:
O∶ 𝑍 ×𝑍 →𝑍
𝑎 ∘ 𝑏 = 𝑎 + 𝑏 − 3𝑎𝑏
 Constants
 Identity element: 𝑥 ∘ 1 = 1 ∘ 𝑥 = 𝑥 (right and left identities)

 Zero element: 𝑥 ∘ 0 = 0 ∘ 𝑥 = 0 (right and left zeros)

 Example
 Identity for < 𝑁, 𝑚𝑎𝑥 > =
 Zero for < 𝑁, 𝑚𝑖𝑛 > =
 Zero for < 𝑍 + , 𝑚𝑖𝑛 > =
∘ a b c
 Homework: Find out left identity and
a a b b
right zero for the given relation b a b c
c a b a
 Semigroups, Monoids and Groups
 Semigroup: < 𝑆,∘>
 ∀a, b, c ∈ S a ∘ b ∘ c = a ∘ b ∘ c
 Ex: Set of strings of length at least one, over string concatenation

 Monoid: < 𝑆,∘, 1 >

 ∀a, b, c ∈ S a ∘ b ∘ c = a ∘ b ∘ c
 ∀𝑎 ∈ 𝑆 𝑎 ∘ 1 = 1 ∘ 𝑎 = 𝑎
 Ex: Set of strings any length over string concatenation

 Group: < 𝑆,∘, 1 >

 ∀a, b, c ∈ S a ∘ b ∘ c = a ∘ b ∘ c
 ∀𝑎 ∈ 𝑆 𝑎 ∘ 1 = 1 ∘ 𝑎 = 𝑎
 ∀𝑎 ∈ 𝑆, ∃ 𝑎−1 ∈ 𝑆 𝑎 ∘ 𝑎−1 = 𝑎−1 ∘ 𝑎 = 1
 EX: < 𝑍, +, 0 >, < 𝑄, . , 1 >
 Finite Groups, Subgroup and Cyclic Group
 Finite group: a group with finite number of elements
 Order of Group (|G|) is the number of elements in the group
 Subgroup : A subset H of a group G is a subgroup if H it self if a group with respect to the
operation on G
 Is 𝐻 = < 𝑍10 , +) is the subgroup of 𝐻 = < 𝑍12 , +)
 Cyclic Subgroups: If the subgroup of a group can be generated using an power of an
element the subgroup is called cyclic subgroup
 Give the example of cyclic subgroup of the group < 𝒁𝟔 , +)
 Cyclic group is a group that is its own cyclic subgroup
 The element that generates all the elements of the cyclic group is called generator
 Lagrange theorem: |H| divides |G|
 Order of an element a (ord(a)) is the smallest integer such that 𝑎𝑛 = 𝑒
 Rings
 Ring: < 𝑆, +, . 0 >

 ∀a, b, c ∈ S a + b + c = a + b + c
 ∀𝑎 ∈ 𝑆 𝑎 + 0 = 0 + 𝑎 = 𝑎
 ∀𝑎 ∈ 𝑆, ∃ 𝑎−1 ∈ 𝑆 𝑎 + 𝑎−1 = 𝑎−1 + 𝑎 = 0
 ∀𝑎, 𝑏 ∈ 𝑆, 𝑎 + 𝑏 = 𝑏 + 𝑎
 ∀𝑎, 𝑏, 𝑐 ∈ 𝑆, 𝑎 . 𝑏 . 𝑐 = 𝑎 . 𝑏. 𝑐
 ∀𝑎, 𝑏, 𝑐 ∈ 𝑆 𝑎 . 𝑏 + 𝑐 = 𝑎. 𝑏 + 𝑎. 𝑐
 Fields
 Field: < 𝑆, +, . 0, 1 >
 All properties of rings
 ∀𝑎, 𝑏 ∈ 𝑆 𝑎 . 𝑏 = 𝑏. 𝑎
 ∀𝑎, ∈ 𝑆 𝑎 . 1 = 1. 𝑎 = 𝑎
 ∀𝑎 ∈ 𝑆, ∃ 𝑎−1 ∈ 𝑆 𝑎 . 𝑎−1 = 𝑎−1 . 𝑎 = 1

 Alternate Definition:
 <S, +> is an additive abelian group
 <S – {0}, . > is a multiplicative abelian group
 ∀𝑎, 𝑏, 𝑐 ∈ 𝑆 𝑎 . 𝑏 + 𝑐 = 𝑎. 𝑏 + 𝑎. 𝑐

 Example: Set of Rational Numbers, Set of Real Numbers together

with usual addition and multiplication.
Galois Field
 Finite Fields (Galois Field) : A Galois field, GF(𝑝𝑛 ), is a finite field
with 𝑝𝑛 elements.
 Galois showed that for a field to be finite, the number of
elements should be 𝑝𝑛 , where p is a prime and n is a positive
integer.
 When n = 1, we have GF(p) field. This field can be the set Zp, {0,
1, …, p − 1}, with two arithmetic operations.
 We can define GF(5) on the set Z5 (5 is a prime) with addition
and multiplication operators.
 𝑛
GF(2 )
 In cryptography, we often need to use four operations (addition,
subtraction, multiplication, and division). In other words, we need to
use fields. We can work in GF(2𝑛 ) and uses a set of 2𝑛 elements. The
elements in this set are n-bit words.

 Ex: Let us define a GF(22) field in which the set has four 2-bit words:
{00, 01, 10, 11}. We can redefine addition and multiplication for this
field in such a way that all properties of these operations are satisfied.
 Divisors
 An integer 𝑏 ≠ 0 is a divisor of 𝑎 if 𝑎 = 𝑚𝑏, where 𝑎, 𝑏 and 𝑚 are integers.
 Notation: 𝑏|𝑎 is used to define that b is a divisor of s or b divides a.
 Properties:
 If 𝑎|1, then 𝑎 = ±1
 If 𝑎|𝑏 and 𝑏|𝑎 then 𝑏 = ±𝑎
 Any 𝑏 ≠ 0 divides 0
 For any integer 𝑎, 1/a
 If 𝑟| 𝑎 + 𝑏 and 𝑟|𝑎 then 𝑟|𝑏 (prove it !)
 If 𝑏|𝑔 and 𝑏|h then 𝑏|(𝑚𝑔 + 𝑛ℎ) for arbitrary integers m and n (prove it !)
 Quotients and Remainders
 Given any positive integer 𝑛 and an integer 𝑎, we get a quotient and remainder 𝑟 such
that 𝑎 = 𝑞𝑛 + 𝑟, 0 ≤ 𝑟 ≤ 𝑛 and q = 𝑎/𝑛 , where 𝑥 is the largest integer less than
or equal to x.
 Exercise: a = -5 and n=2
 For any integer 𝑎 and 𝑛 ≥ 1, 𝑟 and 𝑞 are unique.
 Remainder 𝑟 is also known as residue and defined to be a mod n.
 𝑎 = 𝑞𝑛 + 𝑟 can be rewritten as 𝑎 = 𝑎/𝑛 𝑛 + 𝑎 𝑚𝑜𝑑 𝑛
 Greatest Common Divisor (GCD)
 Greatest Common Divisor (GCD) of two integers 𝑎 and 𝑏 denoted as gcd(𝑎, 𝑏) is defined as
positive integer that satisfies gcd 𝑎, 𝑏 = max{𝑘: 𝑘 𝑎 & 𝑘 𝑏}
 GCD Theorem: Let 𝑎; 𝑏 be nonzero integers. Let 𝑔 = gcd(a,b). Then there exist integers 𝑠
and 𝑡 and such that 𝑔 = 𝑎𝑠 + 𝑏𝑡 (Homework)

 Euclidean Algorithm : gcd (a, 0) = a; gcd (a, b) = gcd (b, r), where r is the remainder of
dividing a by b

 Let 𝑔 = gcd(a,b). An integer n can be expressed in the form 𝑎𝑠 + 𝑏𝑡 with 𝑠, 𝑡 ∈ 𝑍, if and

only if 𝑛 is a multiple of 𝑔 .

 The extended Euclidean algorithm can calculate the gcd (a, b) and at the same time
calculate the value of s and t.
Euclidean Algorithm
• an efficient way to find the GCD(a,b)

• Euclidean Algorithm to compute GCD(a,b) is:

EUCLID(a,b)

1. A = a; B = b
2. if B = 0 return A = gcd(a, b)
3. R = A mod B
4. A = B
5. B = R
6. goto 2
Example GCD(1970,1066)
1970 = 1 x 1066 + 904 gcd(1066, 904)
1066 = 1 x 904 + 162 gcd(904, 162)
904 = 5 x 162 + 94 gcd(162, 94)
162 = 1 x 94 + 68 gcd(94, 68)
94 = 1 x 68 + 26 gcd(68, 26)
68 = 2 x 26 + 16 gcd(26, 16)
26 = 1 x 16 + 10 gcd(16, 10)
16 = 1 x 10 + 6 gcd(10, 6)
10 = 1 x 6 + 4 gcd(6, 4)
6 = 1 x 4 + 2 gcd(4, 2)
4 = 2 x 2 + 0 ?????????
GCD
 Modular Arithmetic
 If 𝑎 = 𝑞𝑛 + 𝑟, then 𝑎 𝑚𝑜𝑑 𝑛 = ?
 𝑎 𝑚𝑜𝑑 𝑛 is always an integer 𝑘 such that 0 ≤ 𝑘 ≤ 𝑛 − 1.
 Hence, we can have arithmetic in the set of integers 0,1,2, … … 𝑛 − 1 in
which all arithmetic operators are modulo 𝑛.
 Therefore, the result will always be in the set 0,1,2, … … 𝑛 − 1 .
 The set 0,1,2, … … 𝑛 − 1 is referred as residue modulo 𝑛 and it is denoted
by 𝑍𝑛 .
 Modular Arithmetic: Properties
1. a + b mod n = a mod n + b mod n mod n
2. a − b mod n = a mod n − b mod n mod n
3. ab mod n = a mod n ) (b mod n mod n (𝐻𝑜𝑚𝑒𝑤𝑜𝑟𝑘)
4. Commutative, Associate, Distributive
5. Identities
1. 0 + 𝑎 𝑚𝑜𝑑 𝑛 = 𝑎 𝑚𝑜𝑑 𝑛
2. 1 ∗ 𝑎 𝑚𝑜𝑑 𝑛 = 𝑎 𝑚𝑜𝑑 𝑛
 Congruent Modulo Operator (≡)
 An integer 𝑎 is congruent to and integer 𝑏 modulo 𝑛, denoted by

 𝑎 ≡ b mod n, iff 𝑎 𝑚𝑜𝑑 𝑛 = 𝑏 𝑚𝑜𝑑 𝑛, i.e they have the same

remainders.
 It is wrong to interpret 𝑎 ≡ 𝑏 𝑚𝑜𝑑 𝑛 as 𝑎 ≡ 𝑏 𝑚𝑜𝑑 𝑛 , instead it is
semantically equivalent to 𝑎 ≡ 𝑏 𝑚𝑜𝑑 𝑛, nevertheless parenthesis is
generally not used.
 Properties of (≡)
𝑖𝑓𝑓
1. 𝑎 ≡ 𝑏 𝑚𝑜𝑑 𝑛 𝑛 | (𝑎 − 𝑏)
2. If 𝑎 ≡ 𝑏 𝑚𝑜𝑑 𝑛 𝒂𝒏𝒅 𝑏 ≡ 𝑐 𝑚𝑜𝑑 𝑛 𝒕𝒉𝒆𝒏 𝑎 ≡ 𝑐 𝑚𝑜𝑑 𝑛
3. If 𝑎 ≡ 𝑏 𝑚𝑜𝑑 𝑛 then
1. 𝑎 ≡ 𝑏 𝑚𝑜𝑑 𝑛 𝑚𝑜𝑑 𝑛
2. 𝑘+𝑎 ≡ 𝑘 + 𝑏 𝑚𝑜𝑑 𝑛
3. 𝑘 ∗ 𝑎 ≡ 𝑘 ∗ 𝑏 𝑚𝑜𝑑 𝑛
4. If 𝑎 ≡ 𝑏 𝑚𝑜𝑑 𝑛 𝒂𝒏𝒅 𝑐 ≡ 𝑑 𝑚𝑜𝑑 𝑛 𝒕𝒉𝒆𝒏 (𝐻𝑜𝑚𝑒𝑤𝑜𝑟𝑘)
1. 𝑎𝑐 ≡ 𝑏𝑑 𝑚𝑜𝑑 𝑛 also 𝑎𝑘 ≡ 𝑏 𝑘 𝑚𝑜𝑑 𝑛
2. (𝑎 + 𝑐) ≡ (𝑏 + 𝑑) 𝑚𝑜𝑑 𝑛
3. (𝑎 − 𝑐) ≡ (𝑏 − 𝑑) 𝑚𝑜𝑑 𝑛
 Prime Numbers
 An integer 𝑝 > 1 is a prime number if its only divisors are ±1 and 𝑝
 Any integer can be factored in a unique way as
𝑎 = 𝑝1𝛼1 𝑝2𝛼2 𝑝3𝛼3 ….. 𝑝𝑙𝛼𝑙 = ς𝑝∈𝑃 𝑃𝛼𝑝
where 𝑝1 > 𝑝2 > 𝑝𝑙 are prime numbers and where each 𝛼𝑖 > 0.
 Is the number 211 prime ?
 Prime Numbers
 An integer 𝑝 > 1 is a prime number if its only divisors are ±1 and 𝑝
 Any integer can be factored in a unique way as
𝑎 = 𝑝1𝛼1 𝑝2𝛼2 𝑝3𝛼3 ….. 𝑝𝑙𝛼𝑙 = ς𝑝∈𝑃 𝑃𝛼𝑝
where 𝑝1 > 𝑝2 > 𝑝𝑙 are prime numbers and where each 𝛼𝑖 > 0.
 Is the number 211 prime ?
 Only test prime numbers smaller than the number you are testing as possible
factors.
 Suppose one number is a factor of N and that it is smaller than the square-root
of the number N. Then the second factor must be larger than the square-root.
 Relative Prime Numbers
 Two integers 𝑎 and b are said to be relatively prime if gcd 𝑎, 𝑏 = 1, i.e they have no
prime factors in common.
 Lemma: If 𝑥 is relatively prime to 𝑛, then 𝑥 + 𝑘𝑛 is relatively prime to 𝑛 where 𝑘 is
any integer. (Prove!)
 Lemma: If 𝑥1 , 𝑥2 , … 𝑥𝑘 are relatively prime to 𝑛, then 𝑥1 . 𝑥2 . … 𝑥𝑘 is also relatively prime
to 𝑛.
 More Lemmas
 If gcd 𝑎, 𝑛 = 𝑝 then gcd 𝑎 𝑚𝑜𝑑 𝑛, 𝑛 = 𝑝
 If 𝑎 is relatively prime to 𝑛, then 𝑎 𝑚𝑜𝑑 𝑛 is also relatively prime to 𝑛.
 if 𝑎 is not relatively prime to 𝑛, then 𝑎 𝑚𝑜𝑑 𝑛 is also not relatively prime to 𝑛.
 If 𝑏 𝑚𝑜𝑑 𝑛 = 0 then 𝑎 + 𝑏 𝑚𝑜𝑑 𝑛 = 𝑎 𝑚𝑜𝑑 𝑛
 Inverses
When we are working in modular arithmetic, we often need to find the inverse of a number
relative to an operation. We are normally looking for an additive inverse (relative to an
addition operation) or a multiplicative inverse (relative to a multiplication operation).

Additive Inverse:
 𝑎, 𝑏 ∈ 𝑍𝑛, , then 𝑏 would be the additive inverse of 𝑎 if 𝑎 + 𝑏 𝑚𝑜𝑑 𝑛 = 0.
 denoted as −𝑎
 𝑎 + 𝑏 ≡ 0 𝑚𝑜𝑑 𝑛
 In modular arithmetic ∀𝑎 ∈ 𝑍𝑛 , ∃ − 𝑎 ∈ 𝑍𝑛 𝑠. 𝑡. 𝑎 + 𝑏 𝑚𝑜𝑑 𝑛 = 0.
 Find all additive inverse pairs in 𝑍8 .

Multiplicative Inverse:
 𝑎, 𝑏 ∈ 𝑍𝑛, , then 𝑏 would be the multiplicative inverse of 𝑎 if 𝑎 ∗ 𝑏 𝑚𝑜𝑑 𝑛 = 1.
 denoted as −𝑎
 𝑎 ∗ 𝑏 ≡ 1 𝑚𝑜𝑑 𝑛
 In modular arithmetic ~∀ 𝑎 ∈ 𝑍𝑛 , ∃ − 𝑎 ∈ 𝑍𝑛 𝑠. 𝑡. 𝑎 ∗ 𝑏 𝑚𝑜𝑑 𝑛 = 1.
 Find all multiplicative inverse pairs in 𝑍8 .
Example: Addition Modulo 8
0 1 2 3 4 5 6 7
+
0 0 1 2 3 4 5 6 7
1 1 2 3 4 5 6 7 0
2 2 3 4 5 6 7 0 1
3 3 4 5 6 7 0 1 2
4 4 5 6 7 0 1 2 3
5 5 6 7 0 1 2 3 4
6 6 7 0 1 2 3 4 5
7 7 0 1 2 3 4 5 6

What is the additive inverse of 4?

Example: Multiplication Modulo 8
0 1 2 3 4 5 6 7
+
0 0 0 0 0 0 0 0 0
1 0 1 2 3 4 5 6 7
2 0 2 4 6 0 2 4 6
3 0 3 6 1 4 7 2 5
4 0 4 0 4 0 4 0 4
5 0 5 2 7 4 1 6 3
6 0 6 4 2 0 6 4 2
7 0 7 6 5 4 3 2 1

What is the multiplicative inverse of 4?

 Multiplicative Inverse in 𝒁𝒏
 If 𝑎 ∈ 𝑍𝑛 is relatively prime to n, then the number ‘b’ s.t. 1 ≤ 𝑏 ≤ 𝑛 is said
to be the multiplicative inverse of a and is denoted as 𝑎− .

 Lemma: Let 𝑍𝑛 = 0, 1, … … , 𝑛 − 1 and 𝑎 ∈ 𝑍𝑛 s.t. 𝑎 ≠ 0 and a is

relatively prime to n, then ∃𝑎 unique element 𝑏 s.t. 𝑏 ∈ 𝑍𝑛 , 𝑏 ≠ 𝑎,
𝑎𝑛𝑑 𝑎𝑏 ≡ 1 𝑚𝑜𝑑 𝑛 .

 We can prove this by showing that If 𝑎 ∈ 𝑍𝑛 is relatively prime to n and

𝑏1 , 𝑏2 ∈ 𝑍𝑛 then 𝑎𝑏1 𝑚𝑜𝑑 𝑛 ≠ 𝑎𝑏2 𝑚𝑜𝑑 𝑛

 If p is a prime integer then every non-zero element in the set 𝑍𝑝 is

relatively prime to p and each integer 𝑎 ∈ 𝑍𝑝 𝑠. 𝑡 𝑎𝑎−1 ≡ 𝑚𝑜𝑑 𝑝
Extended Euclid Algorithm
EXTENDED EUCLID(m, b)
1.(A1, A2, A3)=(1, 0, m);
(B1, B2, B3)=(0, 1, b)
2. if B3 = 0
return A3 = gcd(m, b); no inverse
3. if B3 = 1
return B3 = gcd(m, b); B2 = b–1 mod m
4. Q = A3 div B3
5. (T1, T2, T3)=(A1 – Q B1, A2 – Q B2, A3 – Q B3)
6. (A1, A2, A3)=(B1, B2, B3)
7. (B1, B2, B3)=(T1, T2, T3)
8. goto 2
Polynomial Arithmetic
• can compute using polynomials
f(x) = anxn + an-1xn-1 + … + a1x + a0 = ∑ aixi
• not interested in any specific value of x
• which is known as the indeterminate
• several alternatives available
• ordinary polynomial arithmetic
• poly arithmetic with coords mod p
• poly arithmetic polynomials mod m(x)
Ordinary Polynomial Arithmetic

• add or subtract corresponding coefficients

• multiply all terms by each other
• eg
let f(x) = x3 + x2 + 2 and g(x) = x2 – x + 1
f(x) + g(x) = x3 + 2x2 – x + 3
f(x) – g(x) = x3 + x + 1
f(x) x g(x) = x5 + 3x2 – 2x + 2
Polynomial Arithmetic with Modulo Coefficients
• when computing value of each coefficient do calculation modulo
some value
• forms a polynomial ring
• could be modulo any prime
• but we are most interested in mod 2
• ie all coefficients are 0 or 1
• eg. let f(x) = x3 + x2 and g(x) = x2 + x + 1
f(x) + g(x) = x3 + x + 1
f(x) x g(x) = x5 + x2
Polynomial Division
• can write any polynomial in the form:
• f(x) = q(x) g(x) + r(x)
• can interpret r(x) as being a remainder
• r(x) = f(x) mod g(x)
• if have no remainder say g(x) divides f(x)
• if g(x) has no divisors other than itself & 1 say it is irreducible (or
prime) polynomial
• arithmetic modulo an irreducible polynomial forms a field
Modular Polynomial Arithmetic
• can compute in field GF(2n)
• polynomials with coefficients modulo 2
• whose degree is less than n
• hence must reduce modulo an irreducible poly of degree n (for multiplication
only)
• form a finite field
• can always find an inverse
• can extend Euclid’s Inverse algorithm to find
Example GF(23)
Computational Considerations
• since coefficients are 0 or 1, can represent any such polynomial as a
bit string
• addition becomes XOR of these bit strings
• multiplication is shift & XOR
• modulo reduction done by repeatedly substituting highest power
with remainder of irreducible poly (also shift & XOR)
 Computational Example
• in GF(23) have (x2+1) is 1012 & (x2+x+1) is 1112
• so addition is
• (x2+1) + (x2+x+1) = x
• 101 XOR 111 = 0102
• and multiplication is
• (x+1).(x2+1) = x.(x2+1) + 1.(x2+1)
= x3+x+x2+1 = x3+x2+x+1
• 011.101 = (101)<<1 XOR (101)<<0 =
1010 XOR 101 = 11112
• polynomial modulo reduction (get q(x) & r(x)) is
• (x3+x2+x+1 ) mod (x3+x+1) = 1.(x3+x+1) + (x2) = x2
• 1111 mod 1011 = 1111 XOR 1011 = 01002