PRIMES

 Asymmetric-key cryptography uses primes extensively.

Topics discussed in this section:

 Definition
 Checking for Primes
 Fermat’s Little Theorem
 Euler’s Phi-Function
 Euler’s Theorem

1 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

PRIMES: Definition
 Three groups of Positive Integers

A prime is divisible only by itself and 1.

2 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

PRIMES: Definition
 What is the smallest prime?
Solution
 The smallest prime is 2, which is divisible by 2 (itself) and 1.

 List the primes smaller than 10.

Solution
 There are four primes less than 10: 2, 3, 5, and 7.
 It is interesting to note that the percentage of primes in the range 1
to 10 is 40%.
 The percentage decreases as the range increases.

3 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

PRIMES: Checking for Primes
 Given a number n, how can we determine if n is a prime?

 The answer is that we need to see if the number is divisible by

all primes less than

 We know that this method is inefficient, but it is a good start.

4 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

PRIMES: Checking for Primes

5 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

PRIMES: Checking for Primes
 Is 97 a prime?
Solution
 The floor of √97 = 9. The primes less than 9 are 2, 3, 5, and 7. We
need to see if 97 is divisible by any of these numbers. It is not, so 97
is a prime.

 Is 301 a prime?
Solution
 The floor of √301 = 17. We need to check 2, 3, 5, 7, 11, 13, and 17.
The numbers 2, 3, and 5 do not divide 301, but 7 does. Therefore 301
is not a prime.

6 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

PRIMES: Checking for Primes
 Sieve of Eratosthenes

7 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Fermat’s (Little) Theorem
 First Version

ap − 1 ≡ 1 mod p

 Second Version

ap ≡ a mod p

 where p is prime and gcd(a,p)=1

8 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Fermat’s (Little) Theorem
 Find the result of 610 mod 11.
Solution
 We have 610 mod 11 = 1.
 This is the first version of Fermat’s little theorem where p = 11.

 Find the result of 312 mod 11.

Solution
 Here the exponent (12) and the modulus (11) are not the same.
With substitution this can be solved using Fermat’s little theorem.

9 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Fermat’s (Little) Theorem
 Multiplicative Inverses

a−1 mod p = a p − 2 mod p

 The answers to multiplicative inverses modulo a prime can be
found without using the extended Euclidean algorithm:

10 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Euler’s Phi-Function

 Euler’s phi-function, f(n), which is sometimes called the Euler’s

totient function plays a very important role in cryptography.

11 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Euler’s Phi-Function
 We can combine the above four rules to find the value of f(n).

 For example, if n can be factored as

n = p1e × p2e × … × pke

1 2 k

 we combine the third and the fourth rule to find f(n)

The difficulty of finding f(n) depends on the difficulty

of finding the factorization of n.
12 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT
Euler’s Phi-Function

 What is the value of f(13)?

Solution
 Because 13 is a prime, f(13) = (13 −1) = 12.

 What is the value of f(10)?

Solution
 We can use the third rule: f(10) = f(2) × f(5) = 1 × 4 = 4,
because 2 and 5 are primes.

13 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Euler’s Phi-Function
 What is the value of f(240)?
Solution
 We can write 240 = 24 × 31 × 51.Then
 f (240) = (24 −23) × (31 − 30) × (51 − 50) = 64

 Can we say that f(49) = f(7) × f(7) = 6 × 6 = 36?

Solution
 No. The third rule applies when m and n are relatively prime. Here
49 = 72.
 We need to use the fourth rule: f(49) = 72 − 71 = 42.

14 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Euler’s Phi-Function

 What is the number of elements in Z14*?

Solution
 The answer is f(14) = f(7) × f(2) = 6 × 1 = 6. The members
are 1, 3, 5, 9, 11, and 13.

Interesting point: If n > 2, the value of f(n) is even.

15 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Euler’s Theorem
 First Version

af(n) ≡ 1 (mod n)
 Second Version

a k × f(n) + 1 ≡ a (mod n)

The second version of Euler’s theorem is used in the

RSA cryptosystem

16 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Euler’s Theorem
 Find the result of 624 mod 35.
Solution
 We have 624 mod 35 = 6f(35) mod 35 = 1.

 Find the result of 2062 mod 77.

Solution
 If we let k = 1 on the second version, we have
 2062 mod 77 = (20 mod 77) (20f(77) + 1 mod 77) mod 77
 = (20)(20) mod 77 = 15.

17 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Euler’s Theorem
Multiplicative Inverses:
 Euler’s theorem can be used to find multiplicative inverses
modulo a composite.

a−1 mod n = af(n)−1 mod n

18 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Euler’s Theorem

 The answers to multiplicative inverses modulo a composite can

be found without using the extended Euclidean algorithm if we
know the factorization of the composite:

19 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Chinese Remainder Theorem
 The Chinese remainder theorem (CRT) is used to solve a set
of congruent equations with one variable but different moduli,
which are relatively prime, as shown below:

20 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Chinese Remainder Theorem

 It is used to speed up modulo computations

 if working modulo a product of numbers
 eg. mod M = m1m2..mk

 Chinese Remainder theorem lets us work in each moduli mi

separately
 Since computational cost is proportional to size, this is faster
than working in the full modulus M

21 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Chinese Remainder Theorem
Example:
 The following is an example of a set of equations with different
moduli:

 Find x?
 the answer to this set of equations is x = 23.
 This value satisfies all equations: 23 ≡ 2 (mod 3), 23 ≡ 3 (mod
5), and 23 ≡ 2 (mod 7).

22 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Chinese Remainder Theorem
Solution using Chinese Remainder Theorem: (steps)
1. Find M = m1 × m2 × … × mk.This is the common modulus.

2. Find M1 = M/m1, M2 = M/m2, …, Mk = M/mk.

3. Find the multiplicative inverse of M1, M2, …, Mk using the

corresponding moduli (m1, m2, …, mk). Call the inverses M1−1, M2−1,
…, Mk −1.

4. The solution to the simultaneous equations is

23 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Chinese Remainder Theorem

Solution: Follow the four steps

1. M = 3 × 5 × 7 = 105
2. M1 = 105 / 3 = 35, M2 = 105 / 5 = 21, M3 = 105 / 7 = 15
3. The inverses are M1−1 = 2, M2−1 = 1, M3 −1 = 1
4. x = (2 × 35 × 2 + 3 × 21 × 1 + 2 × 15 × 1) mod 105 = 23
mod 105

24 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Chinese Remainder Theorem
Example:
 Find an integer that has a remainder of 3 when divided by 7 and 13,
but is divisible by 12.
Solution:
 This is a CRT problem. We can form three equations and solve them
to find the value of x.

 we find x = 276.
 We can check that 276 = 3 mod 7, 276 = 3 mod 13 and 276 is
divisible by 12 (the quotient is 23 and the remainder is zero).
25 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT
Chinese Remainder Theorem
Example:
 Assume we need to calculate z = x + y where x = 123 and y = 334,
but our system accepts only numbers less than 100.
Solution:

 Adding each congruence in x with the corresponding congruence in y

gives

 z = 457.

26 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Quadratic Congruence
 In cryptography, we also need to discuss quadratic congruence, that
is, equations of the form a2x2 + a1x + a0 ≡ 0 (mod n).

 We limit our discussion to quadratic equations in which a2 = 1 and a1

= 0, that is equations of the form

x2 ≡ a (mod n).

27 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Quadratic Congruence Modulo a Prime
Example 1:
 The equation x2 ≡ 3 (mod 11) has two solutions, x ≡ 5 (mod 11) and
x ≡ −5 (mod 11).
 But note that −5 ≡ 6 (mod 11), so the solutions are actually 5 and 6.
Also note that these two solutions are incongruent.

Example 2:
 The equation x2 ≡ 2 (mod 11) has no solution. No integer x can be
found such that its square is 2 mod 11.

28 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Quadratic Congruence

Quadratic Residues and Nonresidue

 In the equation x2 ≡ a (mod p), a is called a quadratic residue
(QR) if the equation has two solutions;

 a is called quadratic nonresidue (QNR) if the equation has no

solutions.

29 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Quadratic Congruence
Example:
 There are 10 elements in Z11*.
 Exactly five of them are quadratic residues and five of them are
nonresidues.
 In other words, Z11* is divided into two separate sets, QR and QNR,

30 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Quadratic Congruence
Euler’s Criterion
 If a(p−1)/2 ≡ 1 (mod p), a is a quadratic residue modulo p.
 If a(p−1)/2 ≡ −1 (mod p), a is a quadratic nonresidue modulo p.

Example
 To find out if 14 or 16 is a QR in Z23*, we calculate:

14 (23−1)/2 mod 23 → 22 mod 23 → −1 mod 23 nonresidue

16 (23−1)/2 mod 23 → 1611 mod 23→ 1 mod 23 residue

31 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Quadratic Congruence

 Solve the following quadratic equations:

Solutions
a) x ≡ ± 16 (mod 23) √3 ≡ ± 16 (mod 23).
b) b.There is no solution for √2 in Z11.
c) c. x ≡ ± 11 (mod 19). √7 ≡ ± 11 (mod 19).

32 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Exponentiation and Logarithm

Topics discussed in this section:

 Exponentiation
 Logarithm
 Discrete Logarithm

33 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Logarithm
 In cryptography, we also need to discuss modular logarithm.
 If exponentiation is used for encryption or decryption, the
attacker can use logarithm to attack.
 We need to know hard it is to reverse the exponentiation.

First Approach: Exhaustive search

 To solve : x = logay(mod n)
 Solution is : y = ax mod n

34 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Logarithm
First Approach: Exhaustive search
 To solve : x = logay(mod n)
 Solution is : y = ax mod n

35 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Discrete Logarithm
 Second Approach: Discrete Logarithm

 To understand the concept of Discrete Logarithm we should

understand certain properties of multiplicative groups.
 Finite Multiplicative Group
 Order of the Group
 Order of an Element

37 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Discrete Logarithm

Finite Multiplicative Group:

 G = <Zn*, X> , is the Finite Multiplicative Group.

 Zn*: has integers from 1 to n-1 that are relatively prime to n

 If the modulus of the Group is prime, then G = <Zp*, X>

38 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Discrete Logarithm
Order of the Group:
 Order of a Finite Group is, G
 G , to be the number of elements in the Group G
 G = <Zn*, X>, the order of the group will be f(n)
Example:
 What is the order of group G = <Z21*, X>? |G| = f(21) = f(3) × f(7)
= 2 × 6 =12.
 There are 12 elements in this group: 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19,
and 20.
 All are relatively prime with 21.

39 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Discrete Logarithm

Order of an Element:

 Order of an Element a is, ord (a)

 ord (a), is the smallest integer ‘i’ such that 𝒂𝒊 ≡ e (mod n)

 where , e is the identity element

40 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Discrete Logarithm
Order of an Element:
Example:
 Find the order of all elements in G = <Z10*, ×>.
 This group has only f(10) = 4 elements: 1, 3, 7, 9.
 We can find the order of each element by trial and error.
 11 ≡ 1 mod (10) → ord(1) = 1.
 34 ≡ 1 mod (10) → ord(3) = 4.
 74 ≡ 1 mod (10) → ord(7) = 4.
 92 ≡ 1 mod (10) → ord(9) = 2.

41 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Discrete Logarithm
Euler’s Theorem:
 If ‘a’ is the member of G = <Zn*, X>, then af(n)≡ 1 (mod n)
 The relationship 𝑎 𝑖 ≡ e (mod n) holds when i = f(n).
Example:
 The result of 𝑎𝑖 ≡ x (mod 8) for the group G = <Z8*, X>
 f(8) = 4, i.e., (1,3,5,7)

42 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Discrete Logarithm

The table reveals two points:

 The shaded area: when i = f(8), the result is x=1 fore every ‘a’.
 The value of x can be 1 for may values of i.
 The first time when x = 1, the value of i gives the order of the
element.

43 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Discrete Logarithm
Primitive Roots
 In the group G = <Zn*, ×>, when the order of an element is the same
as f(n), that element is called the primitive root of the group.
 Example:

 The table shows that there are no primitive roots in G = <Z8*, ×>
because no element has the order equal to f(8) = 4.
 The order of elements are all smaller than 4.

44 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Discrete Logarithm
Primitive Roots
 The result of ai ≡ x (mod 7) for the group
G = <Z7*, ×> is shown below. In this group, f(7) = 6.

45 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Discrete Logarithm
 Primitive Roots

The group G = <Zn*, ×> has primitive roots only if n is

2, 4, pt, or 2pt.
Example
 For which value of n, does the group G = <Zn*, ×> have primitive
roots: 17, 20, 38, and 50?
Solution
 G = <Z17∗, ×> has primitive roots, 17 is a prime.
 G = <Z20∗, ×> has no primitive roots.
 G = <Z38∗, ×> has primitive roots, 38 = 2 × 19 prime.
 G = <Z50∗, ×> has primitive roots, 50 = 2 × 52 and 5 is a prime.

46 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Discrete Logarithm
Primitive Roots

If the group G = <Zn*, ×> has any primitive root,

the number of primitive roots is f(f(n)).

47 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Discrete Logarithm
Cyclic Group
 If g is a primitive root in the group, we can generate the set Zn* as
Zn∗ = {g1, g2, g3, …, gf(n)}.
Example:
 The group G = <Z10*, ×> has two primitive roots because f(10) = 4 and
f(f(10)) = 2.
 It can be found that the primitive roots are 3 and 7.
 The following shows how we can create the whole set Z10* using each
primitive root.

48 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Discrete Logarithm
Cyclic Group

49 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT

Discrete Logarithm
 The idea of Discrete Logarithm
 Properties of G = <Zp*, ×> :
1. Its elements include all integers from 1 to p − 1.
2. It always has primitive roots.
3. It is cyclic. The elements can be created using gx where
x is an integer from 1 to f(n) = p − 1.
4. The primitive roots can be thought as the base of logarithm.

50 Dr. R.K.Mugelan, Asst. Prof. (Sr), SENSE, VIT