πŸ“Ž

Number theory basics

ElGamal

NNο»Ώ positive integer

ppο»Ώ prime number

greatest common divisor GCD

The highest number that is shared by the factorization of two numbers.

Modular inverse

If gcd(x,N)=1\text{gcd}(x,N) = 1ο»Ώ then βˆƒxβˆ’1:xβ‹…xβˆ’1=1\exists x^{-1}: x \cdot x^{-1} = 1ο»Ώ

Set of invertible elements inZN\Z_Nο»Ώ

ZNβˆ—:={x∈ZN∣gcd⁑(x,N)=1} \mathbb{Z}^{*}_N:=\left\{\mathrm{x} \in \mathbb{Z}_{N} \mid \operatorname{gcd}(x, N)=1\right\} ο»Ώ

for prime numbers:Zpβˆ—=Zp/{0}={1,2,…,pβˆ’1} \mathbb{Z}^{*}_{p} = \mathbb{Z}_{p} /\{0\}=\{1,2, \ldots, p-1\} ο»Ώ

Euler's Theorem

βˆƒg∈Zpβˆ—:Zpβˆ—={g0,g1,g2,…} \exists g\in \mathbb{Z}^{*}_{p} :\mathbb{Z}^{*}_{p}=\{g^0, g^1, g^2,\dots \} ο»Ώ(that can express every element)

This is not true for all elements. Someggο»Ώcan not express the entireZpβˆ—\mathbb{Z}^{*}_{p}ο»Ώ.

Example:

g=3g=3ο»Ώ

⟨3⟩=Z7βˆ—={30,31,32,33,34,35}={1,3,2,6,4,5} \lang3\rang=\mathbb{Z}^{*}_{7}=\{3^0, 3^1, 3^2,3^3,3^4,3^5 \} = \{1,3,2,6,4,5\} ο»Ώ

Order ofggο»Ώ

∣⟨g⟩∣=ordp(g)|\lang g\rang| = ord_p(g)

ord7(3)=6ord_7(3) =6ο»Ώ (= ∣Z7βˆ—βˆ£|\Z^*_7|ο»Ώ )

Lagrange Theorem

βˆ€g∈Zpβˆ—:(pβˆ’1)modordp(g)=0 \forall g \in \mathbb{Z}^{*}_{p}: (p-1) \bmod \text{ord}_{p}(g) = 0 ο»Ώ

βˆ€g∈Zpβˆ—:(pβˆ’1)=0\forall g \in \mathbb{Z}^{*}_{p}: (p-1) = 0ο»ΏinZordp(g)\Z_{\text{ord}_{p}(g)}ο»Ώ

Fermat's little theoreminZpβˆ—\Z_p^*ο»Ώ

βˆ€p,x∈Zpβˆ—:\forall p,x \in \Z_p^*:ο»Ώ

xpβˆ’1=1x^{p-1} = 1ο»Ώ

xordp(x)=x0=1x^{\text {ord}_{p}(x)} = x^0 = 1ο»Ώ

Example:47βˆ’1mod7=14^{7-1} \bmod 7 = 1ο»Ώ

Discrete logarithm - Dlog

We want a function with the following property

In Zpβˆ—\mathbb{Z}^{*}_{p}ο»Ώ :

Let prime p>2p > 2ο»Ώ and ordp(g)=qord_p(g) = qο»Ώ

Let f(x)=gxf(x) = g^xο»Ώ

Let fβˆ’1=Dlogg(gx)=xf^{-1}= Dlog_g(g^x) = xο»Ώ where x∈{0,…,qβˆ’2}x \in\{0, \ldots, q-2\}ο»Ώ

Example:

Z11βˆ—\Z_{11}^*ο»Ώ1,2,3,4,5,6,7,8,9,101,2,3,4,5,6,7,8,9,10ο»Ώ

Dlog2(β‹…)Dlog_2(\cdot)ο»Ώ0,1,8,2,4,9,7,3,6,50,1,8,2,4,9,7,3,6,5ο»Ώ

There is no easy way to find a function for DlogDlogο»Ώ .

Best known algorithm: GNFS has O(en3)O(e^{\sqrt[3]{n}})ο»Ώ - only for small numbers

RSA

Factorization

For prime numbers p,qp,qο»Ώ

Easy to compute: N=pβ‹…qN=p \cdot qο»Ώ

Hard to compute: The factors behind the result NNο»Ώ

Euler'sφ\varphifunction (Euler's totient function)

Ο†(N):=∣ZNβˆ—βˆ£\varphi(N):=\left|\mathbb{Z}_{N}^{*}\right|ο»ΏforN∈NN\in \Nο»Ώ

The size of a group, only with members that have an inverse in ZN\Z_Nο»Ώ .

Examples:

Ο†(N)=(pβˆ’1)(qβˆ’1)\varphi(N)=(p-1)(q-1)ο»ΏwhereN=pβ‹…qN=p \cdot qο»Ώ

for primes: Ο†(p)=pβˆ’1\varphi(p)=p-1ο»Ώ

Eulers Theorem (Generalization of Fermat)

βˆ€x∈ZNβˆ—:xΟ†(N)=1\forall x \in \mathbb{Z}_{N}^{*}: x^{\varphi(N)}=1ο»ΏinZN\Z_Nο»Ώ

That means x∣ZNβˆ—βˆ£=1x^{|\mathbb{Z}_{N}^{*}|}=1ο»ΏinZN\Z_Nο»Ώ

Chinese Remainder Theorem CRT

Let p=ΜΈqp \not = qο»Ώ be primes and N=pβ‹…qN = p\cdot qο»Ώ

βˆ€a,b∈Z:(a=bmodN)⇔(a=bmodp)∧(a=bmodq) \forall a,b \in \Z: ~~ (a = b \bmod N) \Lrarr (a=b \bmod p) \wedge (a=b \bmod q) ο»Ώ