A Secondary Course in Cryptography.

(1)

Abstract

LEONESIO, JUSTIN MICHAEL. A Secondary Course in Cryptography. (Under the direction of Dr. Ernest Stitzinger.)

Cryptography is the practice and study of various techniques used to securely send and receive messages through the processes of encryption and decryption. For thousands of years, cryptography has been implemented both on the personal and the international level. The purpose of this thesis is to create an appropriate curriculum for a secondary mathematics course in cryptography. The infor-mation in this thesis may be used as supplemental material to a secondary course in mathematical modeling or as an independent secondary mathematics elective course.

(2)

(3)

A Secondary Course in Cryptography

by

Justin Michael Leonesio

A thesis submitted to the Graduate Faculty of North Carolina State University

in partial fulfillment of the requirements for the Degree of

Master of Science

Mathematics

Raleigh, North Carolina 2013

APPROVED BY:

Dr. Min Kang Dr. Tom Lada

(4)

Dedication

(5)

Biography

(6)

Acknowledgements

First and foremost, I would like to thank my Lord and Savior, Jesus Christ, for His unyielding love and mercy toward me. It is because of His sacrifice and His grace that I am here today. May He receive the glory for the completion of this project.

To my wife Katelin: Thank you for your constant support, patience, and encouragement along this seemingly neverending journey. May God bless you for your sacrifice. I love you.

To my parents: Thank you for sacrificing on so many levels to provide me with countless opportu-nities for growth and success. The completion of this project is a testament to your continuous support throughout my life. Thank you for teaching me to value the qualities of diligence and perseverance. Your love and encouragement have influenced me to become the man that I am today.

To my high school math teacher, Mr. Michael Jones: Thank you for your passion for and com-mittment to teaching which cultivated within me a desire to become an educator. Your teaching methods during my high school career have truly influenced my classroom today. You inspired me to answer the calling of God on my life, and I count it a privilege to partner with you as a fellow teacher of mathematics.

To the members of my thesis committee: Thank you, Dr. Lada and Dr. Kang, for being willing to play a part in the completion of this project. I am extremely grateful for the time and energy that both of you have sacrificed in helping me to continue my graduate education at N.C. State University through the independent reading courses that you were willing to offer to me. Your love for mathe-matics is evident and contagious.

(7)

Table of Contents

List of Tables. . . vii

Chapter 1 Introduction . . . 1

1.1 Terminology . . . 1

1.2 Background . . . 2

Chapter 2 Number Theory . . . 3

2.1 Divisibility . . . 3

2.1.1 Definitions and Basic Properties . . . 3

2.1.2 The Greatest Common Divisor . . . 5

2.1.3 The Divison and Euclidean Algorithms . . . 6

2.1.4 Divisibility Exercises . . . 10

2.2 Factorization . . . 10

2.2.1 Properties of Positive Integers . . . 11

2.2.2 The Unique Factorization Theorem . . . 13

2.2.3 Factorization Exercises . . . 14

2.3 Congruence . . . 15

2.3.1 Congruence Classes . . . 15

2.3.2 Algebraic Properties of Congruence . . . 19

2.3.3 Congruence Exercises . . . 22

2.4 Applications of Congruence . . . 23

2.4.1 The Ring of Z/nZ . . . 23

2.4.2 The Field of Z/pZ . . . 25

2.4.3 Linear Congruence . . . 29

2.4.4 Systems of Linear Congruence . . . 35

2.4.5 Applications of Congruence Exercises . . . 42

Chapter 3 Ciphers . . . 44

3.1 The Shift Cipher . . . 44

3.1.1 Cryptography of the Shift Cipher . . . 44

3.1.2 Cryptanalysis of the Shift Cipher . . . 45

3.1.3 Shift Cipher Exercises . . . 48

3.2 The Affine Cipher . . . 49

3.2.1 Cryptography of the Affine Cipher . . . 49

3.2.2 Cryptanalysis of the Affine Cipher . . . 53

3.2.3 Affine Cipher Exercises . . . 57

3.3 The Vigenère Cipher . . . 58

3.3.1 Cryptography of the Vigenère Cipher . . . 59

3.3.2 Cryptanalysis of the Vigenère Cipher . . . 64

3.3.3 Vigenère Cipher Exercises . . . 64

3.4 The Playfair Cipher . . . 65

(8)

3.4.2 Cryptanalysis of the Playfair Cipher . . . 69

3.4.3 Playfair Cipher Exercises . . . 71

3.5 The Hill Cipher . . . 72

3.5.1 Matrix Operations Review . . . 72

3.5.2 Cryptography of the Hill Cipher . . . 75

3.5.3 Cryptanalysis of the Hill Cipher . . . 82

3.5.4 Hill Cipher Exercises . . . 85

3.6 Exponentiation Cipher . . . 85

3.6.1 Cryptography of the Exponentiation Cipher . . . 86

3.6.2 Cryptanalysis of the Exponentiation Cipher . . . 90

3.6.3 Exponentiation Cipher Exercises . . . 91

Chapter 4 Public-Key Cryptography. . . 92

4.1 Introduction . . . 92

4.2 The Diffie-Hellman Key Exchange . . . 93

4.2.1 Procedures and Examples . . . 93

4.2.2 Diffie-Hellman Key Exchange Exercises . . . 96

4.3 The RSA Encryption Method . . . 97

4.3.2 RSA Exercises . . . 100

4.4 Fermat Factorization . . . 101

4.4.2 Fermat Factorization Exercises . . . 103

4.5 The ElGamal Encryption Method . . . 104

4.5.2 ElGamal Exercises . . . 107

4.6 The Kangaroo Algorithm . . . 107

4.6.2 Kangaroo Method Exercises . . . 113

References . . . 114

Appendix . . . 115

Appendix A Cryptography Labs . . . 116

A.1 Frequency Analysis Lab . . . 116

(9)

List of Tables

Table 3.1 The Caesar Cipher . . . 45

Table 3.2 Shift Cipher Cryptanalysis Example . . . 46

Table 3.3 Numerical Analogues to the English Alphabet . . . 47

Table 3.4 Numerical Equivalents toattack at dawn . . . 50

Table 3.5 Probability of Occurrence for Each of the Twenty-Six English Letters . . . 53

Table 3.6 Frequency Analysis of the Ciphertext Message . . . 54

Table 3.7 Vigenère Cipher Example 1 . . . 59

Table 3.8 Vigenère Cipher Example 2 . . . 60

Table 3.9 Vigenère Table Example . . . 61

Table 3.10 The Vigenère Table A-M . . . 62

Table 3.11 The Vigenère Table N-Z . . . 63

Table 3.12 Playfair Table 1 with Keywordsecret . . . 66

Table 3.13 Playfair Table 2 with Keywordsecret . . . 67

Table 3.14 Playfair Table 1 with Keywordplayfair. . . 68

Table 3.15 Playfair Table 2 with Keywordplayfair. . . 69

Table 3.16 Playfair Table with Keywordblack. . . 70

Table 3.17 Playfair Table with Keywordcryptography . . . 70

Table 4.1 Hash Function Example 1 . . . 109

(10)

Chapter

1

Introduction

The purpose of this introductory chapter is to familiarize the reader with the terminology associ-ated with the study of cryptography. We present several definitions that will be used throughout the course as well as the basic premise for the field of cryptography.

1.1 Terminology

(11)

1.2 Background

One can clearly see that cryptology can be practiced on an individual scale as well as a global scale. Famous figures throughout history such as Julius Cesar and Franklin D. Roosevelt have been known to have used coded messages in both personal journals and communication with others. Currently, governments around the world use cryptology for the purposes of international intelligence and national security.

Throughout history, the outcomes of major battles and even wars have hinged on a nation’s superiority in the area of cryptology. One of the most notable cases in which cryptology was used to affect the overall outcome of a major world event occurred in 1917. Several years into World War I, a German foreign minister named Arthur Zimmerman sent an encrypted message to Mexico. Within his message, Zimmerman explained Germany’s future plans in the war as well as its intentions to reward Mexico with land from Arizona, New Mexico, and Texas if Mexico joined the Central Powers and attacked the United States. The message was intercepted and deciphered by British intelligence cryptanalysists who immediately notified President Woodrow Wilson. Until that moment, the United States had remained reluctant to enter the war; however, this new information provoked America into action. One year after the United States joined the Allies, the war ended with Germany and the other Central Powers defeated. The decryption of Zimmerman’s message not only provided the Ally forces with intelligence regarding enemy plans but also affected the momentum of the war and eventually helped shape the nature of global civilization both during that time and afterward[4, pg. 8].

(12)

Chapter

2

Number Theory

In order to understand and appreciate the role that mathematics plays in the field of cryptology, one must first be familiar with several number theory principles. These concepts are regarded as tools that are necessary for the encryption and decryption methods that we will investigate in Chapters 3 and 4. In this chapter, we will discuss the ideas of divisibility, congruence, factorization, rings, and fields. We will also explore certain famous number theory concepts such as the Euclidean Algo-rithm, the Unique Factorization Theorem, and the Chinese Remainder Theorem. Student exercises are provided at the conclusion of each section as opportunities to practice with the tools that are discussed.

2.1 Divisibility

2.1.1 Definitions and Basic Properties

The idea of divisibility permeates all of cryptology. In many cases within the fields of number theory and cryptography, it is important to easily determine whether or not an integer divides evenly into another integer. Given two integersa andb, we say thata dividesb (orb isdivisiblebya) if there exists an integerd such thatb = (a)(d). In this case, we may also describea as adivisor ofb. The notation that we will use for divisibility isa|b [6, pg. 12]. The following are a few brief examples regarding divisibility: 6|48, because 48= (6)(8); 15| −60, because−60= (15)(4); −3|15, because 15= (−3)(−5); 51|0, because 0= (51)(0); and finally 3-5, because no integern exists such that 5= (3)(n).

Of course, several different integers may divide a given value. For instance, let’s consider the integer 48. Think of the integers that divide 48 based upon our divisibility definition.

(13)

(2)(24) =48

(3)(16) =48

(4)(12) =48

(6)(8) =48

From the equations above, we know that 1, 2, 3, 4, 6, 8, 12, 16, 24, and 48 divide 48. However, these values are not exhaustive. Remember that integers can be divisible by negative values also. With this in mind, we can now offer a complete list of values that divide 48. They are 1, 2, 3, 4, 6, 8, 12, 16, 24, 48, -1, -2, -3, -4, -6, -8, -12, -16, -24, and -48. Other concepts can be easily derived from the definition of

divisibility. The following theorems address a few of those principles. Theorem 2.1[2, pg. 2]

Ifd|a, andd|b, thend|(a±b).

Proof: Based upon the definition of divisibility and the fact thatddivides botha and b, we know that there exist integersqandr such that

a= (d)(q) and b= (d)(r).

Therefore,

a±b= (d)(q)±(d)(r). Through factoring, we arrive at

a±b= (d)(q±r).

Since bothq andrare integers,q±rmust also be an integer. By the divisibility definition, d|(a±b).

An example of Theorem 2.1 would be if 7|777 and 7|49, then 7|(777+49)or 7|826. By the definition of divisibility, 777= (7)(111)and 49= (7)(7). Therefore, 826=777+49= (7)(11) + (7)(7) = (7)(11+7) =

(7)(19). Using Theorem 2.1, we can determine whether or not an integera divides another integerb by attempting to breakb into a sum of smaller integers that are all divisible byb. If this is possible, thena|b; if not, thena-b. Although this theorem is beneficial, it can be remarkably generalized with the following idea.

Theorem 2.2[2, pg. 3]

Ifd|a1,d|a2, ...,d|an, thend|(c1·a1+c2·a2+...+cn·an)for any integers

(14)

Proof: Using the definition of divisibility, there must exist integersq1,q2, ...,qnsuch

that the following is true:

a1= (d)(q1) a2= (d)(q2)

. . . an= (d)(qn).

Therefore,

c1·a1+c2·a2+...+cn·an=c1·d·q1+c2·d·q2+...+cn·d·qn=d(c1·q1+c2·q2+...+cn·qn).

Appealing to the divisibility definition, we have now shown thatd|(c1·a1+c2·a2+...+ cn·an)wherec1,c2, ...,cn are any integers.

2.1.2 The Greatest Common Divisor

In many cases within cryptology, one may be interested in determining values that divide multiple integers simultaneously. The largest of these values, known as the greatest common divisor, is of particular importance. Ifa andb are integers that are not both zero, then thegreatest common divisororgcdofa andb is the natural numberd such thatd|a,d|b, anddis greater than or equal to any other common divisor ofa andb. The notation that we will use isg=g c d(a,b)[4, pg. 4]. When determining theg c d of two integers, it is helpful to identify the divisors of each integer. Since the g c d must be a natural number, we focus only on the positive divisors. Clearly, the largest divisor that the integers have in common is ourg c d. Now let us consider a few examples.

Determine theg c d(6, 16). Considering only the positive divisors of 6, we have 1|6, 2|6, 3|6, and 6|6. With 16, we have 1|16, 2|16, 4|16, 8|16, and 16|16. Writing the positive divisors of each integer as a set, we haveD6={1, 2, 3, 6}andD16={1, 2, 4, 8, 16}. The largest value in the intersection of these two sets is 2. Therefore, theg c d(6, 16) =2.

Now determine theg c d(64, 132). When considering larger integers, it is helpful to utilize the definition of divisibility to determine the positive divisors of each value.

64= (1)(64)

(15)

64= (4)(16) 64= (8)(8)

Therefore, the set of all positive divisors of 64 isD64={1, 2, 4, 8, 16, 32, 64}. Concerning 132, we have

132= (1)(132) 132= (2)(66) 132= (3)(44) 132= (4)(33) 132= (6)(22) and 132= (11)(12).

Thus, the positive divisors of 132 areD132={1, 2, 3, 4, 6, 11, 12, 22, 33, 44, 66, 132}. Considering both sets, we can easily determine that theg c d(64, 132) =4.

Finally, determine theg c d(161, 153). By computing the positive divisors of 161, we find 161= (1)(161) and 161= (7)(23).

Therefore,D161={1, 7, 23, 161}. Also,

153= (1)(153), 153= (3)(51), and 153= (9)(17). Thus,D153={1, 3, 9, 17, 51, 153}and theg c d(161, 153) =1.

The two integers in the last example, 161 and 153, exhibit a characteristic known asrelative primalitythat is frequently implemented in cryptology. If theg c d(a,b) =1 for two integersa and b, then those integers arerelatively prime. The idea of relative primality is not to be confused with primality. Primality typically refers to the divisibility properties of a single positive integer, whereas relative primality refers to the greatest common divisor between at least two integers. In fact, the previous example proved that it is possible for two integers who are not prime to still be relatively prime with each other. The concept of primality will be discussed in the next section and will be used extensively in Chapter 4.

2.1.3 The Divison and Euclidean Algorithms

(16)

a considerable amount of time would be spent identifying all of the positive divisors. A more efficient method is needed. We will discuss the solution to this predicament momentarily, but we must first address two additional principles that will be useful in the future.

Theorem 2.3 - The Division Algorithm[2, pg. 5]

Leta andb be two positive integers wherea ≥b >0. There exist unique integersqandrwith 0≤r<bsuch that

a= (b)(q) +r (2.1)

The Division Algorithm represents the traditional idea of division between two quantities where a andb represent thedividendanddivisor, respectively, whileq andr represent thequotientand remainder, respectively. Using our understanding of the division process, it should be apparent why

0≤r<b. The remainder can never be greater than or equal to the divisor value. If it were, then the quotient value would change due to the fact thatb would divideaat least one additional time, which would, in turn, alter the remainder value. Of course, a remainder value of 0 would occur only when b|a. Let us now explore two examples of the Division Algorithm.

What areq andr ifa =75 andb=24? Clearly,b -a; therefore,r >0. We must find an integer q such that 75= (24)(q) +r where 0<r <24. Notice that sincer >0, then 75>(24)(q). Clearly

(24)(3) =72<75 while(24)(4) =96>75; therefore, 3 seems to be a respectable candidate forq. Now if q=3, then 75= (24)(3) +r. Solving forr yieldsr=3 and 0<r<24. Thus,q=3 andr=3.

Findqandr ifa=75 andb=25. On this occasion,b|a; therefore,r =0. Since 75= (3)(25) +0, q=3 andr=0.

Theorem 2.4[2, pg. 6]

Ifa= (b)(q) +r, theng c d(a,b) =g c d(b,r).

Proof: Letd=g c d(a,b). Using the defintion ofg c d, we know thatd|a andd|b. By rearranging (2.1) tor=a−(b)(q)and using Theorem 2.1, we also know thatd|r. We have now determined thatdis a common divisor of bothbandr; however, we do not currently know ifd is thegreatestcommon divisor ofb andr. To test this idea, let us assume that there exists another common divisor ofbandr which we will denote asc. If we’re able to show thatd≥cfor our arbitrary common divisorc, then we will know thatd =g c d(b,r). Nowc|b andc|r. Using Theorem 2.1 once again, we know that sincea= (b)(q) +r, then c|a. Therefore,cis a common divisor of botha andb. Sinced=g c d(a,b), thend≥c. We have now verified that, in fact,d=g c d(b,r); thusg c d(a,b) =d=g c d(b,r).

(17)

6 yields

16= (1)(16), 16= (2)(8), 16= (4)(4); and

6= (1)(6), 6= (2)(3). Thus,g c d(16, 6) =2. Also,

4= (1)(4) and 4= (2)(2). Therefore,g c d(6, 4) =2; andg c d(16, 6) =g c d(6, 4).

Now, use Theorem 2.4 to findg c d(69, 15). Rather than focusing on the divisors of each integer, let us implement the ideas that we have recently investigated. Becauseg c d(a,b) =g c d(b,r)from (2.1), we should first determine the remainder from the division of 15 into 69. Since, 69= (15)(4)+9, we may now simply focus ong c d(15, 9). Because

15= (1)(15), 15= (3)(5); and

9= (1)(9), 9= (3)(3),

we can determine that sinceg c d(15, 9) =3, theng c d(69, 15) =3. For more difficult examples, Theo-rem 2.4 may be iterated several times to determine the greatest common divisor of two large integers. This idea is evidenced in the following theorem.

Theorem 2.5 - The Euclidean Algorithm[2, pg. 7]

Ifa andbare positive integers such thata ≥b>0, and a= (b)(q) +r, 0≤r<b,

b= (r)(q1) +r1, 0≤r1<r, r= (r1)(q2) +r2, 0≤r2<r1,

. .

rk= (rk+1)(qk+2) +rk+2, 0≤rk+2<rk+1,

(18)

The Euclidean Algorithm greatly reduces the amount of effort involved in finding the greatest common divisor of large integers. By using the Division Algorithm repeatedly, we will move remainders to divisors and divisors to dividends with each successive iteration. Eventually, we will arrive at an iteration of the Division Algorithm that yields a remainder of 0. At that time, the greatest common divisor of our original integers will be the divisor in the final iteration. A few examples are necessary for clarification.

Calculateg c d(343, 280). We begin by applying the Division Algorithm and finding valuesqandr such that 343= (280)(q) +rwhere 0≤r<280. It is clear, thatq=1 and thusr=63. Therefore,

343= (280)(1) +63.

Now, reposition 63 so that it functions as the divisor in the next iteration of the Division Algorithm. Also, reposition 280 to become the new dividend for the next iteration. Thus, we now have the new equation 280= (63)(q1) +r1. We then find the correct values forq1andr1, rememebering that 0≤r<63 for this particular iteration. We can easily determine thatq1=4 andr1=28. Thus, this iteration produces

280= (63)(4) +28.

Next, move the remainder to become the new divisor and move the old divisor to become the new dividend, producing the new equation 63= (28)(q2) +r2. Simple arithmetic yields the results ofq2=2 andr2=7. Therefore,

63= (28)(2) +7.

In our next iteration, we produce the equation 28= (7)(q3) +r3. Clearly, 7|28; thus,q3=4 andr=0. The final iteration equation produced is

28= (7)(4) +0.

Now that we have completed all of the necessary iterations of the Division Algorthm, we use Theorem 2.4 to arrive at our desired result. Therefore,

g c d(343, 280) =g c d(280, 63) =g c d(63, 28) =g c d(28, 7).

The amount of effort used to calculateg c d(28, 7)is minimal compared to the effort needed to find gcd(343,280) using divisors. Clearly,g c d(28, 7) =7. Therefore,g c d(343, 280) =7.

(19)

442= (136)(3) +34 136= (34)(4) +0. By Theorem 2.4, we know that

g c d(578, 442) =g c d(442, 136) =g c d(136, 34) =34

Thus, in only a few iterations of the Division Algorithm, we can determine thatg c d(578, 442) =34.

2.1.4 Divisibility Exercises

1. Find the quotient and remainder in the Division Algorithm with divisor 17 and the following dividends[8, pg. 39].

a)100 b) −44 c)289 d) −100

2. Find theg c d(48, 92)by determining the divisors of each integer.

3. Calculate theg c d(314, 159)using the Euclidean Algorithm[2, pg. 9].

4. Calculate theg c d(4, 144, 7, 696)using the Euclidean Algorithm[2, pg. 9].

5. Show that ifa|b andb|c, thena|c[2, pg. 2].

6. Show that ifd|a, thend|(c·a)for any integerc[2, pg.3].

7. Show that ifa|m,b|m, andg c d(a,b) =1, then(a·b)|m[2,pg. 9].

2.2 Factorization

(20)

2.2.1 Properties of Positive Integers

Positive integers are of particular importance in the field of number theory. Every positive integer greater than 1 is considered to be either prime or composite. Aprimeis a integer greater than 1 that has no positive divisors other than 1 and itself. Any integer greater than 1 that is not prime is composite. Of course, 1 divides every integer; therefore, determining whether or not an integer greater than 1 divides a given integer (besides itself ) is of great significance when studying the properties of integers. A few examples of prime integers are 5, 23, 67, 223, and 1,171. Examples of composite integers would include 6= (2)(3), 32= (4)(8), 120= (12)(10), 560= (20)(28), and 1, 476= (36)(41). The following theorems directly result from the definitions of prime and composite integers; however, one additional idea is needed. TheWell-Ordering Principlestates that every nonempty set of positive integers contains a least element. Although this property seems trivial, it wil prove useful in the future.

Theorem 2.6[8, pg. 64]

Every integernsuch thatn>1 is divisible by a prime.

Proof: Consider the set of divisors ofnthat are greater than 1 but less thann. This set of divisors must be either empty or non-empty. Let us consider both cases. If the set is empty, thenn must be a prime; therefore,nis divisible by a prime, namely itself. On the other hand, if the set is non-empty, then by the Well-Ordering Principle we have a smallest element in that set. We will denote this particular element asd. Ifd is prime, then we have proven the theorem; but ifd is composite, then we must search further. Let us assume thatd is composite. By the definition of composite,dmust have a divisor greater than 1 and less thand which we will namec. If this is true, thencnot only divides d but alson; however, this contradicts the earlier condition thatdis the smallest divisor ofn. Therefore, we can now conclude thatd is prime and thatn has a prime divisor, namelyd.

Theorem 2.6 may seem fairly trivial; but it affirms that whether an integer is prime or composite, at least one prime integer divides that particular integer. This idea will be fundamental as we continue our study on the factorization properties of integers. In fact, the following theorem builds upon Theorem 2.6 by introducing a specific idea that may be utilized when determining whether a positive integer is composite or prime or when attempting to factor a large integer.

Theorem 2.7[8, pg. 65]

(21)

(a)(a)≤(a)(b). Therefore,n<(a)(b); however, this statement contradicts our original statement ofn= (a)(b). Since our assumption thata >pn led to a contradiction, we must now agree that our assumption was incorrect and thus proceed with the fact that a ≤pn. By Theorem 2.6, we know thata is divisible by a primep. Ifpdividesa, then p≤a. Therefore,p≤a≤pn.

Now that we have proven Theorem 2.7, let us validate this idea further with a few specific examples. First, we will show that 147 has a prime factor that is less than or equal top147. Nowp147≈12.1; therefore, we only need to consider primes that are less than or equal to 12. The only primes that fit this decription are 2, 3, 5, 7, and 11. A quick divisibility check for each shows that 147= (3)(49)and 147= (7)(21); therefore, both 3 and 7 are prime factors of 147 that are less than or equal top147.

Next, we will show that 319 has a prime factor that is less than or equal top319. Sincep319≈17.86, then we can simply focus on all primes less than or equal to 17, which include the following: 2, 3, 5, 7, 11, 13, and 17. Verifying the divisibility of each of the above primes yields 319= (11)(29). Therefore, 11 is the sole prime factor of 319 that is less than or equal top319.

The following theorem builds upon the foundation that Theorem 2.6 has laid and provides us with the tools necessary to proceed toward the ultimate goal of this section.

Theorem 2.8[2, pg. 11]

Every integernsuch thatn>1 can be written as a product of primes.

Proof: From Theorem 2.6, there exists a primep1 such thatp1|n. Therefore,n =

(p1)(q1)and 1≤q1<n. Ifq1=1, thenn=p1andnis written as a product of primes. If q1>1, then we know once again from Theorem 2.6 that a prime must divideq1. We will call this primep2. Therefore,q1= (p2)(q2)and 1≤q2<q1. Ifq2=1, thenn= (p1)(q1) =

(p1)(p2)andn is once again written as a product of primes. Ifq2>1, then it must be divisible by a primep3. Thus,q2= (p3)(q3)where 1≤q3<q2. Yet again, ifq3=1, then we haven= (p1)(p2)(q2) = (p1)(p2)(p3)andnis written as a product of primes. This process will continue until we arrive at a situation whereqj−1= (pj)(qj)andqj =1. At that time,

we will haven= (p1)(p2)(p3)...(pj−1)(qj−1) = (p1)(p2)(p3)...(pj−1)(pj)andnwill be written

yet again as a product of primes.

As an example of Theorem 2.8, factor 91 into a product of primes. If 91 is composite, then by Theorem 2.7, 91 must have a prime factor that is less than or equal top91≈9.54. These primes include 2, 3, 5, and 7. Now 91= (7)(13). Since both 7 and 13 are prime, then we have written 91 as a product of primes.

(22)

372 is even and divisible by 2. Thus, 372= (2)(186). We know that 186 is also even, and factoring 186 further provides us with 186= (2)(93). Clearly, 93 is divisible by 3; therefore, factoring 93 further gives us 93= (3)(31)and both 3 and 31 are primes. Thus, we now have

372= (2)(186) = (2)(2)(93) = (2)(2)(3)(31).

We have now expressed 372 as a product of primes. In a situation such as this when we are expressing an integer as a product of primes and there are multiplicities of the same prime factor, then we will use exponents in our final product expression. Therefore, the proper way to express the above product is

372= (22)(3)(31).

2.2.2 The Unique Factorization Theorem

Although Theorem 2.8 will be useful in our study of integers, it begs the following question: Is it possible to factor an integer into more than one product of primes, excluding commutativity? The following theorem answers this particular question and is recognized as one of the most prolific ideas within the realm of number theory. In fact, it is known by many as the Fundamental Theorem of Arithmetic.

Theorem 2.9 - The Unique Factorization Theorem[8, pg. 90]

Every integern such thatn >1 can be written as auniqueproduct of primes.

This theorem simply states there is one and only one prime factorization of an integer, excluding commutativity. This result is deceivingly powerful. When dealing with a large integer, several different individuals may begin the factorization of that integer in various ways; however, the Unique Factor-ization Theorem asserts that each should arrive at the same product of primes when the integer is fully and correctly factored. This result will be of particular importance to us as we study modern cryptographic methods in Chapter 4. We will now conclude this section with an example concerning the Unique Factorization Theorem.

Determine the prime factorization of 748. Since 748 is even, we can begin with 748= (2)(374). Since 374 is also even, we can continue with 374= (2)(187). Sincep187≈13.67, reasonable candidates for prime factors of 187 are 3, 7, 11 and 13. We quickly find that 187= (11)(17)and both of these factors are primes. Thus, we have arrived at our prime factorization of 748.

(23)

Rather than initially focusing on the fact that 748 is an even integer, we could have considered all primes that are less than or equal top748≈27.35 as potential factors. These integers include 2, 3, 5, 7, 11, 13, 17, 19, and 23. If we would have first considered 17 as a factor, then we would have found that 748= (17)(44). Now 44= (11)(4) = (11)(2)(2). Therefore, we now have our prime factorization of 748:

748= (17)(44) = (17)(11)(4) = (17)(11)(2)(2) = (17)(11)(22).

One can clearly see that this is the same result that we received in our first factorization of 748; however the factors have simply commuted. Obviously, other methods of prime factorization are possible for 748, but each will result in the same factors with their respective powers.

As a sidenote, we will conclude this section by addressing an idea that will be useful in Chapter 4. The following theorem once again refers to the unique expression of an integer; however, rather than expressing a positive integer as a product of primes, we will invesigate a different method of integer expression.

Theorem 2.10[8, pg. 44]

Every positive integer may be expressed as the sum of distinct powers of 2.

As an example of Theorem 2.10, express 42 as a sum of distinct powers of 2. Firstly, find the highest power of 2 that is less than or equal to 42. The result is 25₌_{32. Now, determine the difference between} 42 and 32 and repeat the process with this result. Since 42−32=10, we must now find the highest power of 2 that is less than or equal to 10. This is 23₌_{8. Now, determine the difference between 10} and 8, which is 2. Finally, find the highest power of 2 that is less than or equal to 2. This result is 21₌_2. Once the difference between 2 and 2 is determined, we arrive at 0 and there are no additional terms that are needed in our expression. Thus, 42 can be expressed as follows:

42=32+8+2=25+23+21

Now, express 77 as a sum of distinct powers of 2. Since 26₌_{64, we now have 77}₋₆₄₌_{13 remaining.} Also, 23₌_{8; therefore, we now have 13}₋₈₌_{5 remaining. Next, 2}2₌_{4; thus, we now have 5}₋₄₌₁ remaining. Finally, 20₌_{1. Therefore, the expression of 77 as a sum of distinct powers of 2 is}

77=64+8+4+1=26+23+22+20

2.2.3 Factorization Exercises

(24)

2. Find the prime factorization of 111,111[2, pg. 19].

3. Find the prime factorization of 7,950.

4. Determine whether 6,497 is prime or composite. If it is composite, give its prime factorization.

5. Determine whether 6,491 is prime or composite. If it is composite, give its prime factorization.

6. Find the smallest integer divisible by 2 and 3 which is simultaneously a square and a fifth power [2, pg.19].

7. Ifpis prime andp|(a·b), prove that eitherp|a orp|b[7, pg. 15].

8. Ifpis prime andp|an_{, prove that}_pn_|_an_{, where}_a_{is an integer and}_n_{is a natural number}

[7, pg. 15].

9. Express 381 as a sum of distinct powers of 2.

2.3 Congruence

In this section, we will build upon the idea of divisibility by discussing the number theory concept of congruence, which was invented by the great mathematician Leonhard Euler and later thoroughly developed by one of the greatest mathemtical minds to have ever existed, Carl Gauss. The idea of congruence has greatly influenced the field of cryptology and thus will be foundational to this course. In Chapters 3 and 4, we will dicuss the cryptography methods throughout history that have implemented the principle of congruence.

2.3.1 Congruence Classes

(25)

Firstly, 82≡1 (mod 3), because 3|(82−1). Next, 16≡ −6 (mod 11), because 16−(−6) =22 and 11|22. Finally, determine if the following is true: 13≡5 (mod 7). Now 13−5=8 and 7-8; therefore, 136≡5 (mod 7).

One can clearly see that many integers can be congruent to a particular integer modulon for a given natural numbern. For instance, 49≡5 (mod 11), because 11|(49−5). Now 11 divides an infinite amount of integers; therefore, we simply need to locate values that when subtracted from 49 provide us with one of these integers. One such case occurs when we subtract -17 from 49. Thus, 49−(−17) =66 and 11|66. We can now state that 49≡ −17 (mod 11). A few other brief examples that can be easily verified by the reader are as follows:

49≡16(mod 11), 49≡27(mod 11), and 49≡137(mod 11).

The set of all integers that are congruent to a given integerm modulon are considered to be the congruence classorresidue class ofm modulon. The conventional notation for a congruence class ofm ism. From our previous example, the congruence class of 49 modulo 11 is as follows: 49={. . . ,−39,−28,−17,−6, 5, 16, 27, 38, 49, 60, . . .}. Clearly, a congruence class contains an infinite amount of integers that are congruent modulonfor a given natural numbern. Also, this congruence class modulo 11 could be represented as−39, 5, 16, 60, etc. In fact, any element from the congruence class could function as the class representative.

The ideas of modular congruence and congruence classes are directly derived from the Division Algorithm. All of the integers within the same congruence class modulonfor a givennare the values that produce the same remainder when divided byn. Using (2.1), let us consider several values within the congruence class of 49 modulo 11 from the previous example. Remember that all values ofr in this case must be such that 0≤r <11.

−39= (−4)(11) +5

−28= (−3)(11) +5

−17= (−2)(11) +5

−6= (−1)(11) +5

5= (0)(11) +5 16= (1)(11) +5

(26)

congruence class of 49 modulo 11 must also generate a remainder of 5 in a similar fashion. This result is formally generalized with the following theorem.

Theorem 2.11[2, pg. 28]

a ≡b (modn) if and only if there exists an integerksuch thata= (k)(n)+b. Proof: First, suppose thata ≡b(modn). By the definition of congruence, we know thatn|(a−b). From the definition of divisibility, there must exist an integerksuch that

(a−b) = (k)(n). Rearranging this equation, provides us witha = (k)(n) +b. To prove the converse, we assume that there exists an integerksuch thata= (k)(n) +b and proceed backward using the same definitions that were used earlier in reverse order to eventually achieve our goal ofa≡b (modn). The reader is encouraged to prove this result formally. When using the Division Algorithm, only a specific amount of remainders are possible. For instance, if the divisor being used isn, then the remainder must be an integerrsuch that 0≤r<n. In this case, the possible remainders are 0, 1, 2, . . . ,n−2, andn−1. These values are also known as a complete residue system. Acomplete residue systemis a set of integers such that every integer is congruent modulonto exactly one integer within the set. In fact, this particular complete residue system is also known as theleast residue systemmodulon. We will now give an example to clarify the aforementioned terminology.

Consider the integer 37 with a divisor of 5. According to the Division Algorithm, 37= (7)(5) +2. From Theorem 2.11, we can now state that 37≡2 (mod 5). Now consider the following integers: 38, 39, 40, 41, 42, 43, and 44. Using a divisor of 5 with each integer, we receive the following results from the Division Alogrithm and Theorem 2.11:

38= (7)(5) +3 ⇒ 38≡3(mod 5) 39= (7)(5) +4 ⇒ 39≡4(mod 5) 40= (8)(5) +0 ⇒ 40≡0(mod 5) 41= (8)(5) +1 ⇒ 41≡1(mod 5) 42= (8)(5) +2 ⇒ 42≡2(mod 5) 43= (8)(5) +3 ⇒ 43≡3(mod 5).

(27)

results:

−14= (−3)(5) +1 ⇒ −14≡1(mod 5) −13= (−3)(5) +2 ⇒ −13≡2(mod 5) −12= (−3)(5) +3 ⇒ −12≡3(mod 5) −11= (−3)(5) +4 ⇒ −11≡4(mod 5) −10= (−2)(5) +0 ⇒ −10≡0(mod 5) −9= (−2)(5) +1 ⇒ −9≡1(mod 5).

Yet again, we find that each of the integers{−14,−13, . . . ,−10,−9}are congruent modulo 5 to one of the possible remainders when dividing by 5. In fact, based upon our results from both integer sets, we know that -13, 2, 37, and 42 belong to the same congruence class modulo 5. In other words,

2={−13, 2, 37, 42}.

We also have the following:

3={−12, 3, 38, 43} 4={−11, 4, 39}

0={−10, 0, 40}

1={−14, 1, 41}.

Of course, any integer within each congruence class modulo 5 could represent the entire class. Due to this fact, we could represent all congruence classes modulo 5 with the integers{37,−12, 39,−10, 41}. This set of integers is an example of complete residue system modulo 5; however, this set of class representatives seems random and a bit unorthodox. Instead, let us choose the smallest nonnegative integer from each class as our new congruence class representatives. With this stipulation in place, our new complete residue system modulo 5 is{0, 1, 2, 3, 4}. This set is clearly a more logical option due to the fact that it includes all of the possible remainders from the Division Algorithm. This particular complete residue system is also the least residue system modulo 5. For notational purposes, we will refer to the least residue system modulo 5 asZ5={0, 1, 2, 3, 4}. In general, the least residue system modulonwould be expressed asZn={0, 1, 2, . . . ,n−2,n−1}. In the next section, we will explore the

(28)

2.3.2 Algebraic Properties of Congruence

Integers that are part of the same congruence class modulonfor a given natural numbern share many interesting algebraic properties. Among these properties are those that specifically constitute an equivalence relation between members of a congruence class. These three specific properties are addressed in the following theorem.

Theorem 2.12[8, pg. 120]

Letn be a natural number. Congruences modulonsatisfy the following properies:

1. Reflexive Property: Ifa is an integer, thena ≡a (modn).

2. Symmetic Property: Ifaandbare integers such thata≡b (modn), then b≡a (modn).

3. Transitive Property: Ifa,b, andc are integers witha ≡b (modn) and b≡c(modn), thena≡c(modn).

Proof: We will prove only the first two properties. TheTransitive Propertyproof has been left as an exercise for the reader.

1. Reflexive Property: Clearlyn|0, because 0= (n)(0). Now(a−a) =0; therefore, we know thatn|(a−a). By the definition of congruence, we can conclude the following: a≡a (modn).

2. Symmetric Property: Suppose thata≡b(modn). From Theorem 2.11, we know that there exists an integerk such that

a= (k)(n) +b.

Rearranging this equation provides us with

−(k)(n) =b−a.

This equation can then be rewritten as

(−k)(n) =b−a.

Using the definition of divisibility, we know thatn|(b−a). Finally, by the definition of congruence, we can conclude thatb≡a (modn).

(29)

Theorem 2.13[8, pg. 122]

Ifa,b, andcare integers andnis a natural number such thata ≡b (mod n), then the following are true:

1. (a+c)≡(b+c)(modn) 2. (a−c)≡(b−c)(modn) 3. (a·c)≡(b·c)(modn)

Proof: We will prove the first and third properties. The proof of the second property has been left as an exercise for the reader.

1. Sincea≡b(modn), we know thatn|(a−b). Now,(a−b) = (a+c)−(b+c). Therefore, we know thatn|((a+c)−(b+c)). By the definition of congruence, we now have

(a+c)≡(b+c)(modn).

2. Beginning once again witha≡b (modn) andn|(a−b), we also know that

(a·c)−(b·c) = (c)(a−b). Sincen|(a−b), thenn|(c)(a−b). Therefore,n|((a·c)−(b·c)) and(a·c)≡(b·c)(modn).

As an example of the first property of Theorem 2.13, let us consider two integers within the same conguence class modulo 8. Two such integers are−23 and 57, because−23= (−3)(8) +1 and 57= (7)(8) +1. Therefore,−23≡57 (mod 8). Now, we will select an integer to add to both sides of the modular congruence. Let this integer be 14. Thus, we have(−23+14)≡(57+14)(mod 8). We will now verify that this is true. Since−23+14=−9 and 57+14=71, then we will verify that−9≡71 (mod 8). Now,−9= (−2)(8) +7 and 71= (8)(8) +7. Both -9 and 71 produce the same remainder when divided by 8; therefore, they must be part of the same congruence class. Now, we have−9≡71 (mod 8); and thus(−23+14)≡(57+14)(mod 8).

The algebraic properties of congrence from Theorem 2.13 may be generalized further. The results of this generalization are evidenced in the following theorem.

Theorem 2.14[8, pg. 123]

Ifa,b,c, andd are integers andnis a natural number such that a≡b(modn) andc≡d (modn), then the following are true:

1. (a+c)≡(b+d)(modn) 2. (a−c)≡(b−d)(modn) 3. (a·c)≡(b·d)(modn)

(30)

1. Sincea≡b(modn) andc≡d(modn), then we know thatn|(a−b)andn|(c−d). By the definition of divisibility, there exist integerskandlsuch that(a−b) = (k)(n)and

(c−d) = (l)(n). Now,(a+c)−(b+d) = (a−b)+(c−d) = (k)(n)+(l)(n) = (n)(k+l). Therefore,n|((a+c)−(b+d))and(a+c)≡(b+d)(modn).

We will now explore an example concerning both the first and third properties of Theorem 2.14. First, select two integers within the same congruence class modulo 5. Let these integers be 13 and 3, because 13= (2)(5) +3 and 3= (0)(5) +3. Thus, 13≡3 (mod 5). Now, select a different pair of integers that belong to the same congruence class modulo 5. It is possible but not imperative that this second pair of integers belongs to the same congruence class as the initial pair. With this in mind, we will allow the second pair of integers be 7 and 2, because 7= (1)(5) +2 and 2= (0)(5) +2. Therefore, 7≡2 (mod 5).

Now, we will verify that(13+7)≡(3+2)(mod 5). Since, 13+7=20 and 3+2=5, we now must show that 20≡5 (mod 5). Using the definition of congruence, we must show that 5|(20−5). Clearly,

(20−5) =15= (3)(5). Therefore, we know that(13+7)≡(3+2)(mod 5).

Now, we will verify that(13)(7)≡(3)(2)(mod 5). Since(13)(7) =91 and(2)(3) =6, we must show that 91≡6 (mod 5). By the definition of congruence, we must simply show that 5|(91−6). Clearly,

(91−6) =85= (13)(5). Therefore, we know that(13·7)≡(3·2)(mod 5).

We must now discuss two additional theorems involving other algebraic properties within the realm of congruence that will be useful in our study of cryptology.

Theorem 2.15[8, pg. 122]

Ifa,b, andcare integers andnis a natural number such that

(a·c)≡(b·c)(modn) andd=g c d(c,n), thena≡b (modn/d).

Theorem 2.15 alludes to the idea of "division" within a congruence modulon. In this case, it is clear that whend>1, the modulus must change in order to preserve the congruence. In the specific case wherec andn are relatively prime, we will maintain the current modulus while reducing the congruence due to the fact thatn/1=n. This property can be useful when attempting to reduce congruences involving large integers.

Consider the example 50≡20 (mod 15)[8, pg. 122]. It is clear, that both sides of the congruence contain a common factor of 10, thus we have(5·10)≡(2·10)(mod 15). Now,g c d(10, 15) =5; therefore, 5≡2 (mod 15/5). Finally, we have constructed the new congruence 5≡2 (mod 3). Clearly, if we had not altered the modulus when reducing both sides of the congruence, we would have arrived at the congruence 5≡2 (mod 15). Unfortunately, this congruence statement is false; therefore, the modulus change is imperative.

(31)

to 6≡1 (mod 5/1) or simply 6≡1 (mod 5). Theorem 2.16[8, pg. 124]

Ifa andbare integers andkandnare natural numbers such that a≡b(modn), thenak_≡_bk _(mod_n_).

Theorem 2.16 presents a specialized case of the multiplication property of Theorem 2.14. This particular instance will be greatly utilized during our study of modern cryptographic methods in Chapter 4. We will now illustrate Theorem 2.16 with two brief examples.

First, consider the congruence 7≡2 (mod 5). From Theorem 2.16, we can state that since 73₌₃₄₃ and 23₌_{8, then 343}_≡_{8 (mod 5). We can verify this from the fact that 343}_{= (}₆₈₎₍₅₎₊_{3 and 8}_{= (}₁₎₍₅₎₊_3.

Now, consider the congruence 4≡1 (mod 3). If we raise each side of the congruence modulo 3 to an exponent of 5, then we have 45₌_{1, 024 and 1}5₌_{1. Therefore, by Theorem 2.16, we have}

1, 024≡1 (mod 3). This can be easily verified by the fact that 1, 024= (341)(3) +1.

Finally, let us now consider the following question: Is the converse to Theorem 2.16 necessarily true? To answer this question, let us consider the example 81≡16 (mod 5). This congruence is true, because 81= (16)(5)+1 and 16= (3)(5)+1. Now 81=34_{and 16}₌₂4_{; therefore, our original congruence} may now be expressed as 34_≡₂4_{(mod 5). Although this congruence is true, clearly 3}_6≡_{2 (mod 5).} Thus, in general, the converse of Theorem 2.16 is not necessarily true.

2.3.3 Congruence Exercises

1. Reduce 596 modulo 13 to its least residue.

2. What is the least residue of 790 modulo 29?

3. Find the least residue of 1,492 modulo 4, modulo 10, and modulo 101[2, pg. 32].

4. Find 4 other integers that are in the same congruence class modulo 34 as 97.

5. For which positive integersnare each of the following statements true[8, pg. 126]? a) 27≡5 (modn)

(32)

6. Prove theTransitive Propertyfrom Theorem 2.12: Ifa,b, andcare integers witha ≡b (modn) andb≡c(modn), thena≡c(modn).

7. Prove Property 3 from Theorem 2.13: Ifa,b, andcare integers andn is a natural number such thata≡b(modn), then(a·c)≡(b·c)(modn).

8. Prove thatn|aif and only ifa ≡0 (modn).

9. Prove Property 2 from Theorem 2.14: Ifa,b,c, andd are integers andnis a natural number such thata ≡b (modn) andc≡d(modn), then(a−c)≡(b−d)(modn).

10. Prove Property 3 from Theorem 2.14: Ifa,b,c, andd are integers andnis a natural number such thata ≡b (modn) andc≡d(modn), then(a·c)≡(b·d)(modn).

2.4 Applications of Congruence

In this section, we will further develop the idea of congruence and use it to solve practical examples. First, we will explore the algebraic nature of congruence classes and introduce the concepts of a ring and a field. We will then utitize the inherent algebraic properties of rings and fields to investigate modular arithmetic and the process of solving a linear congruences. Finally, we will discuss systems of linear congruences with respect to the famous Chinese Remainder Theorem.

2.4.1 The Ring of Z/nZ

Within the idea of congruence modulonfor a natural numbernlies an algebraic structure known as a ring. Aringis a set of values together with the operations of addition and multiplication that satisfies the following properties[3, pg. 167]:

1. Thecommutative property of additionholds for all elements within the set. a+b=b+a for alla andb in the set

2. Theassociative properties of additionandmultiplicationhold for all elements within the set.

(33)

a+i+=i++a =a for alla in the set

(i+represents the additive identity)

4. Theadditive inversefor each element of the set is also an element within the set. a+a0₊=a₊0 +a=i+ for alla in the set

(a0₊represents the additive inverse ofa)

5. Theleft and right distributive lawshold for all elements within the set.

a·(b+c) = (a·b) + (a·c) and (a+b)·c= (a·c) + (b·c) for alla,b, andc within the set In addition to these 5 properties, if the commutative property of multiplicationholds for all elements within a ring, then the ring would acommutative ring; and if themultiplicative identity is also an element within the ring, then the ring would be acommutative ring with unity. A few common examples of commutative rings with unity are the real numbers (R), the rational numbers (Q), and the integers (Z). The commutative, associative, inverse, identity, and distributive properties that exist within each of these number systems should be familiar to the reader. BothRandQcontain additional properties that are not inherent withinZ. Those specific properties will be discussed in the next section.

Another commutative ring with unity that will be of particular importance to us in this course is the set

Z/nZ={0, 1, 2, 3, . . . ,n−2,n−1}.

For notational convenience, we will often refer toZ/nZasZn. This set is often known as theRing

of Integers Modulon, and it is simply the least residue system modulon [7, pg. 23]. During our discussion of congruence classes in the last section, we determined that a complete system such as this one will ultimately represent all of the integers due to the fact that every integer is congruent modulonto one of the values withinZn. This particular complete system contains important elements

that other complete systems do not. For instance,Zncontains both the additive and multiplicative

identities for the integers, namely 0 and 1, respectively. Other complete systems may contain an element that has the capability of functioning as the additive identity modulon within that set; however, no other complete system contains an element that can function as the multiplicative identity modulonfor all elements within that set.

Let us now verify that each of the properties for a commutative ring with unity holds forZn. Clearly

the commutative properties of addition and multiplication, the associative properties of addition and multiplication, and the distributive property are all adopted fromZ. Also, 0 and 1 once again fulfill their customary duties as the additive and multiplicative identities, respectively, withinZnexactly as

(34)

to hold withinZn, each element within the set must have an additive inverse that is also an element

in the set. Let us now consider each of the elements ofZn. Since the additive identity withinZnis 0,

then 0 is obviously its own additive inverse. For 1, the natural choice would seemingly be -1, but we are unable to select this value, because it is not an element withinZn. Instead, we must utilize the

fact that this is a set modulon. Sincen≡0 (modn), we can simply find a value withinZnthat when

added to 1 creates a sum ofn. Clearly,n−1 is our natural choice, because(n−1) +1=n. Therefore, we have determined that the additive inverse modulonof 1 isn−1. On the other hand, the additive inverse modulonof(n−1)is 1. We will proceed through the remainder elements ofZnin a similar

fashion. For instance, 2 and(n−2)are additive inverses modulon, 3 and(n−3)are additive inverses modulon, etc. Therefore, since all the above properties hold forZn, we are now able to state thatZnis

a commutative ring with unity.

We will now consider the specific example ofZ5={0, 1, 2, 3, 4}. Once again, the commutative, associative, and distributive properties hold for this set. Clearly, 0 behaves as the additive identity due to the fact that

0+n=n+0=n for any elementn inZ5. Also, 1 behaves as the multiplicative identity due to the fact that

1·n=n·1=n for any elementn inZ5.

Now we will consider the additive inverses modulo 5 of each element individually.

0+0=0+0=0≡0(mod 5) 1+4=4+1=5≡0(mod 5) 2+3=3+2=5≡0(mod 5)

Therefore, we can conclude that 0 is its own additive inverse modulo 5, 1 and 4 are additive inverses modulo 5, and 2 and 3 are additive inverses modulo 5. Thus,Z5is a commutative ring with unity.

2.4.2 The Field of Z/pZ

The algebraic structure known as a field is stronger than that of a ring. Afieldis a set of values together with the operations of addition and multiplication that satisfies all of the conditions of a commutative ring with unity as well as the following property:[5, pg. 53]:

6. Themultiplicative inversefor each nonzero element of the set is also an element within the set.

(35)

(a0_×represents the multiplicative inverse ofa andi× represents the multiplicative identity)

As we mentioned briefly in the previous section, bothRandQare examples of fields, whereas Zis not a field. Since 1 is the multiplicative identity withinZ, we would need an integer withinZto function as the multiplicative inverse for a given nonzero value. Clearly, 1 is its own multiplicative inverse, but let us consider the integer 2. The multiplicative inverse for 2 is clearly 1/2; however, this value is not an integer. Thus,Zdoes not contain the multplicative inverse of 2 or, for that matter, any other nonzero integers other than 1.

AlthoughZis not a field, it is possible forZnto be a field for a given natural numbern? In order for

us to answer this question, let us first appeal once again to the example ofZ5. Since we have already proven thatZ5is a commutative ring with unity, we simply need to verify that the multiplicative inverse of each nonzero element withinZ5also lies within the set. It is important to remember that we are working with a complete system modulo 5; therefore, all operations that are performed on elements within the set will be performed modulo 5. This property is not available toZ. We will now consider each nonzero element ofZ5individually. Clearly,

1·1=1·1=1≡1(mod 5).

Also, 2 and 3 prove to be multiplicative inverses of each other, because 2·3=3·2=6≡1(mod 5).

Finally, 4 proves to be its own multplicative inverse, because

4·4=4·4=16≡1(mod 5).

Therefore, we have established thatZ5is a field. In fact,Z5is an example of afinite field, because it has a finite number of elements[1, pg. 492].

Now that we have shown that it is possible for a setZnto be a field for a given natural numbern,

the following question should be posited: IsZna field foreverynatural numbern? In order to answer

this question, let us consider another specific example,Z6. Clearly, 1 is its own multiplicative inverse, however, when considering the multiplicative inverse modulo 6 for the integer 2, we encounter the following:

(36)

2·4=8≡2(mod 6) 2·5=10≡4(mod 6).

Therefore, it is clear that 2 does not have a multiplicative inverse modulo 6 withinZ6; and thus,Z6is not a field. Based upon this particular example, we can conclude that not everyZnis a field for a given

natural numbern. The difference between the two previous examples seems to lie in our selection ofn. Therefore, we must now ask the following quesion: What is the underlying characteristic of a natural numbern that compelsZnto be a field rather than simply a commutative ring with unity?

The answer is found in the following theorem. Theorem 2.17[5, pg. 53]

Znis a field if and only ifnis prime.

As long as our choice ofn is a prime, thenZnwill be a field. Due to this fact, we will generally

refer to any fieldZnasZp orZ/pZwherepis a prime. Let us now consider an example involving

multiplicative inverses modulo a prime valuepwithin a finite field.

Find the multiplicative inverses modulo 11 for each nonzero element ofZ11. Because 11 is prime, we know from Theorem 2.17 that every nonzero element withinZ11has a multiplicative inverse modulo 11 that is also an element ofZ11. Clearly, 1 is its own multiplicative inverse modulo 11. The following results are also found:

2·6=6·2=12≡1(mod 11)

3·4=4·3=12≡1(mod 11) 5·9=9·5=45≡1(mod 11) 7·8=8·7=56≡1(mod 11) 10·10=100≡1(mod 11)

Therefore, 2 and 6, 3 and 4, 5 and 9, and 7 and 8 are multiplicative inverses modulo 11, respectively. We can also conclude that 10 is its own multiplicative inverse modulo 11. The concept of multiplicative inverses modulop will be of great importance as we continue our study of linear congruences; however, we must first address two additional theorems involving primes that will be useful in Chapter 4.

Theorem 2.18 - Fermat’s Little Theorem

(37)

The key to this theorem is the fact that our valuesp anda are relatively prime. Let us briefly investigate what would occur ifg c d(a,p)>1. Due to the fact thatpis prime,a contains no common divisors withpunlessp|a. Therefore,a = (k)(p)for some natural numberk; and

ap−1= (k·p)p−1= (k)p−1·pp−1≡(k)p−1·0p−1(modp) = (k)p−1·0(modp) =0(modp).

This result directly contradicts Fermat’s Little Theorem; therefore, it is imperative thatpanda are relatively prime in order for the theorem to hold.

Fermat’s Little Theorem also provides additional information regarding multplicative inverses modulop. If a prime valuepand a natural numbera are relatively prime, then the multiplicative inverse modulopofa is simplyap−2_{. From Fermat’s Little Theorem, we know that}

ap−1_≡_{1 (mod}_{p). Thus,}

ap−1= (a)(ap−2)≡1(modp).

We will now illustrate Fermat’s Little Theorem with two examples. First, consider two natural numbers that are relatively prime with at least one being a prime value. Two such natural numbers are 3 and 7. Since both are primes, we can evaluate both of the following scenarios: 37−1_{and 7}3−1_{. Now,}

37−1=36=729= (104)(7) +1 =⇒ 37−1≡1(mod 7).

On the other hand,

73−1=72=49= (16)(3) +1 =⇒ 73−1≡1(mod 3).

Now we will consider an example that does not involve two primes. For this occasion, leta=6 andp=5. Of course,g c d(6, 5) =1. Thus,

65−1=64=1, 296= (259)(5) +1 =⇒ 65−1≡1(mod 5).

The following theorem closely resembles Fermat’s Little Theorem, but it eliminates the require-ment of relative primality betweenaandp.

Theorem 2.19[8, pg. 188]

Ifpis a prime andais a natural number, thenap _≡_a_(mod_p).

Proof: Ifp-a, then by Fermat’s Little Theorem, we know thatap−1≡1 (modp). Simply multiplying both sides of the congruence byayieldsap _≡_a_(mod_p_{). On the other hand,}

ifp|a, thenp|ap _{also. Therefore,}_p_|₍_ap₋_a₎_{by Theorem 2.1; and}_ap_≡_a _(mod_{p) by the}

definition of congruence.

(38)

p=3. Then,

93=729= (240)(3) +9 =⇒ 93≡9(mod 3). Due to the fact thatg c d(3, 9) =3>1, we also ultimately have

93≡0(mod 3).

Regarding the case wherea andpare relatively prime such as whena=6 andp=7, we find that 67=279, 936= (39, 990)(7) +6 =⇒ 67≡6(mod 7).

2.4.3 Linear Congruence

Now that we have discussed the algebraic properties of congruence, let us focus our attention on congruences containing unknown values. A congruence of the form

a·x≡b (modn),

wherex is an unknown integer, is called alinear congruencein one variable[8, pg. 131]. In order to solve such an equation, we will need to specifically utilize the inverse properties of addition and multiplication as we normally would while solving a typical linear equation. However, in this case, we’re solving with respect to a modulus. Due to this fact, we must be constantly aware of the modulus when performing any type of operation within the congruence.

Unlike traditional linear equations, linear congruences can have no solutions, one solution, or multiple solutions. We must now clarify our meaning of multiple solutions to a linear congruence. Since congruences are being used, we are technically working with congruence classes while solving a linear congruence. Due to this fact, if a particular integer proved to be a solution to a linear congruence modulon for a some natural numbern, then all integers within the same congruence class as the original solution could also be considered solutions to the congruence; because all elements within the same congruence class modulonare congruent to each other. Although this would obviously result in a case of multiple solutions, this is not our intended meaning of the phrase. In order to eliminate any future ambiguity, we will only consider values within the least residue system modulo nas solutions to a linear congruence modulon. Our intended meaning for multiple solutions to a linear congruence would be evidenced by more than one value from the least residue system modulo n providing the value necessary to solve the congruence. We will solve several basic congruences modulo 11 in order to practice the correct methodology of solving with respect to a modulus.

First, consider the following congruence:

(39)

If we were solving a typical linear equation forx, our first inclination would be to add -9 (or subtract 9) from both sides of the congruence. Although this operation is possible and would result in isolating our variable on one side of the congruence, it is arguably not the most effective method for solving the congruence. Nevertheless, if we were to proceed with the aforementioned operation, then we would obtain the following:

(x+9) + (−9)≡4+ (−9) (mod 11) x+ (9+ (−9))≡ −5(mod 11)

(x+0)≡ −5(mod 11) x≡ −5(mod 11).

In order to achieve a solution to the congruence that is an element ofZ11, we must find a value that is congruent to -5 modulo 11 while also being a member ofZ11={0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10}. Since −5≡6 (mod 11), then we now have

x≡ −5(mod 11)≡6(mod 11).

Therefore,thesolution to (2.2) is 6. Let us now verify the solution by substituting it into the original congruence: 6+9=15≡4 (mod 11). Thus 6 is, in fact, the correct solution to the congruence.

Although this traditional method led us to the correct solution, it is somewhat unconventional when solving with respect to a modulus, especially when attempting to identify a value within the least residue system that is congruent modulonto a negative value as in our previous solution method. Instead, we should focus our attention on the additive inversemodulo 11to the integer 9. Since 11≡0 (mod 11) and 0 is our additive identity, then we simply need to identify a particular value fromZ11 that we may add to 9 to achieve a sum of 11. This value will be our additive inverse modulo 11. Clearly, our integer of choice is 2. The solution to (2.2) may now be found using the following process:

(x+9)≡4(mod 11)

(x+9) + (2)≡4+ (2) (mod 11) x+ (9+2)≡6(mod 11)

(x+11)≡6(mod 11)