Download Computational Number Theory: Homomorphisms, Isomorphisms, and Chinese Remainder Theorem and more Slides Cryptography and System Security in PDF only on Docsity!
Computational
Number Theory 2
2
Homomorphisms
DEF: A function between rings is called a ring homomorphism if for all x, y
• f^ (^ x^ +^ y^ ) =^ f^ (^ x^ ) +^ f^ (^ y^ )
• f^ (^ x^!^ y^ ) =^ f^ (^ x^ )^!^ f^ (^ y^ )
• and^ f^ (^1 ) =^1
Note: it follows that f (0) = 0, f (- x ) = x , and for invertible elements
Example: For M divisible by m defined by f ( n ) = n mod m is homomorphism.
f : R 1 → R 2
f ( x −^1 ) = f ( x )−^1
f : Z M → Z m
3
Isomorphisms
DEF: A homomorphism that is bijective is a called an isomorphism.
Example: Index theorem says that the exponential function defined by is an isomorphism if x is primitive.
NOTE: is viewed as a ring if re-interpret multiplication as addition, exponentiation by index as multiplication, 1 as 0, and x as 1.
f : Z p − 1 → Z∗ p
Z∗ p
f ( i ) = x i^ mod p
4
Chinese Remainder
Theorem
Suppose. There is a homomorphism defined by NOTE: domain and codomain have same size THM: If all the are pairwise relatively prime, then f is an isomorphism. Furthermore, the inverse is given by a linear function
with
f : Z M → Z m 1 × Z m 2 × · · · × Z mr
mi
f ( n ) = ( n mod m 1 ,... , n mod mr )
M = m 1 · m 2 · · · m r
g ( n 1 , n 2 ,... , n r ) = ( c 1 n 1 + c 2 n 2 +... + cr nr ) mod M
ci =
M
mi
[(
M
mi
mod mi
]
Docsity.com
5
Algebraic Implications
Assuming with all pairwise relatively prime.
LEMMA 1 : There is an isomorphism on multiplicative groups
COR:
LEMMA2: A linear transformation on the space (i.e. a k by k square matrix) is invertible iff it is invertible modulo each.
COR:
N = n 1 · n 2 · · · nr ni
Z∗ N ≈ Z∗ n 1 × Z∗ n 2 × · · · × Z∗ nr
!( N ) = !( n 1 ) · !( n 2 ) · · · !( nr )
Z k N
ni
Mk ( N )∗^ ≈ Mk ( n 1 )∗^ × · · · × Mk ( nr )∗
6
Square Roots mod- pq
For Prime Factors p, q
LEMMA: Let n = pq with p, q different odd primes. For each quadratic residue s mod n there are exactly four square roots of s. Furthermore, if , are the square roots of s respectively mod p and mod q , then the square roots of s mod n are all the sums:
THM: Factoring n and taking square roots mod n are equivalent in the class BPP.
± rp ± rq
[± q ( q −^1 mod p ) rp + ± p ( p −^1 mod q ) rq ] mod n
7
Taking e ’th Roots and
Factoring
Recall: for , such that the exponent e is relatively prime to , “ e ’th root” of b calculated by:
RESULT: If factorization of n is known, taking e ’th roots mod n is tractable.
FACT: For n = pq, knowing gives p, q.
PARTIAL CONVERSE: If know e ’th root exponent d then can factor n.
FULL CONVERSE? - Open problem
a ∈ Z∗ n
!( n )
b = ae^ mod n
a = be
− (^1) mod !( n )
mod n
!( n )
8
Miller-Rabin Primality
Let n be an odd number. Let q be the odd part of n -1, so n -1= , and b be any integer in. DEF: n is a strong pseudoprime relative to b if , or for some i < k. THM: For any odd composite n and random b Pr( n is strong pseudoprime rel. b )! ". NOTE: Non-prime pseudoprimes much rarer in practice. Worst case probability for n = 9. Miller-Rabin-Primality-Test(positive integer n ) if ( n == 1 OR n is even) return “NO” choose at random if ( gcd( b,n ) > 1 ) return “NO” return TestIfStrongPseudoPrime( n,b )
2 kq Z n
b ∈ [ 2 , n − 2 ]
b^2
iq
bq^ ≡ n 1 ≡ n − 1
Docsity.com
