Basic Number theory

Prof. Ashok K Bhateja, IIT Delhi

2
Algorithms Complexity
 Polynomial-time algorithm is an algorithm whose worst-case
running time function is of the form O(nk), where n is the input size
and k is a constant.
 Subexponential-time algorithm is an algorithm whose worst-case
running time function is of the form eO(n), where n is the input size.
A subexponential-time algorithm is asymptotically faster than an
algorithm whose running time is fully exponential in the input size,
while it is asymptotically slower than a polynomial-time algorithm.
 Definition: Decision problems, i.e., problems which have either YES
or NO as an answer.
AK Bhateja IIT Delhi
3 Algorithms Complexity
 The complexity class NP is the class of problems that can be verified
by a polynomial-time algorithm.
 Definition The complexity class NP is the set of all decision
problems for which a YES answer can be verified in polynomial time
using some extra information, called a certificate.
 Example: COMPOSITES belongs to NP because if an integer n is
composite, then this fact can be verified in polynomial time if one is
given a divisor a of n, where 1 < a < n (the certificate in this case
consists of the divisor a).
AK Bhateja IIT Delhi
 NP Complete
4
 Definition Let L1 and L2 be two decision problems. L1 is said to
polytime reduce to L2, written L1 p L2, if there exists a polynomial-
time computable function f such that f (L1) = L2.
This function f is called the reduction function, and a polynomial-time
algorithm F that computes f is a reduction algorithm.
 Definition A decision problem L is said to be NP-complete if
1. L  NP and
2. L1 p L for every L1 NP.
Example: Subset sum problem, clique problem, vertex cover problem
 If a problem L satisfies property 2, but not necessarily property 1, we
say that L is NP-hard.
AK Bhateja IIT Delhi
5
Example (NP-hard problem): Given positive integers
a1, a2, ..., an and a positive integer s, finding a subset of the ai
which sums to s, provided that such a subset exists. This
problem is NP-hard.

AK Bhateja IIT Delhi

6 Greatest Common Divisor
 Definition: An integer c is a common divisor of a and b if c/a and
c/b.
 Definition A non-negative integer d is the greatest common divisor
of integers a and b, denoted d = gcd(a, b), if
1. d is a common divisor of a and b; and
2. whenever c/a and c/b, then c/d.
 Example: The common divisors of 12 and 18 are {±1, ±2, ±3, ±6},
and gcd (l2, 18) = 6.
 Fact: For any integer k  0, gcd (ka, kb) = |k| gcd (a, b).

AK Bhateja IIT Delhi

7
Euclidean algorithm or Euclid's algorithm

 It is an efficient method for computing GCD of two numbers, the

largest number that divides both without leaving a remainder.
 It is named after the ancient Greek mathematician Euclid.
For two given numbers a and b, such that a  b
if b / a, then gcd (a, b) = b,
otherwise gcd (a, b) = gcd (b, a mod b).

AK Bhateja IIT Delhi

8 Euclidean algorithm (Example)

gcd (138, 105)

138 = 1105 + 33
105 = 333 + 6
33 = 56 + 3
6 = 23 + 0
Therefore gcd (138, 105) = 3
 If gcd (a, b) = 1, then a and b are said to be coprime (or relatively
prime) e.g., 6 and 35
AK Bhateja IIT Delhi
 Fact: If a and b are not both zero, then for any integers x and y
9
gcd (a, b) | (ax + by).
(Bezout’s Theorem): If a and b are integers, not both zero, then there are
integers x and y such that ax + by = gcd (a, b).
Use the Euclidean Algorithm to determine the GCD, then work backwards
using substitution.
gcd (138, 105) 3 = 33 - 56
138 = 1105 + 33 3 = 33 - 5  (105 - 333)
105 = 333 + 6 3 = 16  33 - 5  105
33 = 56 + 3 3 = 16  (138 - 1105) - 5  105
6 = 23 + 0 3 = 16  138 - 21105

Lemma: If a and b are integers such that there are integers x and y with
ax + by = 1, then gcd (a, b) = 1.
AK Bhateja IIT Delhi
10 Congruences

Given three integers a, b and n; a is congruent to b

modulo n i.e., write a  b mod n, if the difference a - b
is divisible by n.
n is called the modulus of the congruence.
Theorem: Let a, a', b, b', n  Z with n > 0.
If a  a' (mod n) and b  b' (mod n), then
a + b  a' + b' (mod n) and a  b  a'  b' (mod n).

AK Bhateja IIT Delhi

11 Multiplicative Inverse of a modulo n
Let a  Zn. The multiplicative inverse of a modulo n is an integer
x  Zn, s.t., ax  1 (mod n). If such an x exists, then it is unique, and a is
said to be invertible, or a unit.
Theorem: If ax + by = 1 then x -1 mod y  a
Proof: ax + by = 1
Taking mod y both sides
ax mod y + by mod y  1 mod y
 ax mod y  1  x-1 mod y  a

AK Bhateja IIT Delhi

 Multiplicative Inverse : Example
12
Find 35-1 mod 51
51 = 1  35 + 16
35 = 2  16 + 3
16 = 5  3 + 1
16 = 5  3 + 1  1 = 16 - 5  3
 1 = 16 - 5  (35 -2  16) because 3 = 35 - 2  16
 1 = 11  16 + (-5)  35
 1 = 11  (51 - 1  35) + (- 5)  35
 1 = 11  51 + (-16)  35
Taking mod 51 both side (-16)  35  1 mod 51  35-1 mod 51  -16
or 35-1 mod 51  35
AK Bhateja IIT Delhi
 Theorem: If a and b are integers, m is a positive integer. Given the
13 congruence ax  b (mod m).
1. If gcd (a, m) = 1, then the congruence has a unique solution.
2. If gcd (a, m) = d and d | b, then the congruence has d solutions.
3. If gcd (a, m) = d and d | b, then the congruence has no solution.
Proof : Case 1: Let y be another solution to ax  b (mod m)
ax ≡ ay ≡ b (mod m)  a (x − y) ≡ 0 (mod m)
then m divides a (x − y) and as m and a are relatively prime and have
no factors in common, m divides x − y.
Hence x ≡ y (mod m).
As gcd (a, m) = 1,  integers x and y s.t. ax + my  1 (mod m)
i.e., ax  1 (mod m). Hence x is a unique solution to ax  b (mod m).
AK Bhateja IIT Delhi
 Theorem: If a and b are integers, m is a positive integer. Given the
14 congruence ax  b (mod m). Let
1. If gcd (a, m) = 1, then the congruence has a unique solution.
2. If gcd (a, m) = d and d | b, then the congruence has d solutions.
3. If gcd (a, m) = d and d | b, then the congruence has no solution.
Case 2: gcd (a, m) = d and d | b.
Let m = m/d and a′ = a/d ; gcd (a′, m′) = 1
Then ax ≡ b (mod m) ⟹ ax − b is divisible by m
⟹ a′dx − dk is divisible by m′d. So, a′x −k is divisible by m′
or a′x ≡ k (mod m) which has exactly one solution.
Let that solution be 𝑔. Any solution x must be so that x ≡ 𝑔 (mod m′)
⟹ there are d such x, where x = g + jm′; 0 ≤ j < d
AK Bhateja IIT Delhi
15 Theorem: If a and b are integers, m is a positive integer. Given the
congruence ax  b (mod m). Let
1. If gcd (a, m) = 1, then the congruence has a unique solution.
2. If gcd (a, m) = d and d | b, then the congruence has d solutions.
3. If gcd (a, m) = d and d | b, then the congruence has no solution.
Proof : Case 3: Suppose that x0 is a solution of ax  b (mod m).
 ax0  b (mod m), hence, ax0 - b = km for some integer k.
Since d | a and d | m it follows that d | b.
By contraposition, if d | b, then no solution exists to ax  b (mod m).

AK Bhateja IIT Delhi

16 Prime Number

An integer p  2 is said to be prime if its only positive divisors are

1 and p. Otherwise, p is called composite.
Prime Number Theorem: Let (x) denotes the number of prime
numbers  x. Then
𝜋(𝑥)
lim =1
𝑥→∞ 𝑥/𝑙𝑛(𝑥)

i.e., for large values of x, (x) is closely approximated by the

expression x/ln(x). e.g. for x = 1010, (x) = 455,052,511.

AK Bhateja IIT Delhi

17
Euler phi-function
Let n be a positive integer. The Euler phi-function (n) is defined as
(n) = number of nonnegative integers less than n which are co-prime to n.
Properties of Euler phi-function:
1. (1) = 1
2. If p is a prime, then (p) = p -1
3. If gcd (m, n) = 1, then (mn) = (m)  (n)
i.e., Euler phi function is multiplicative.
𝛼 𝛼 𝛼
4. If 𝑛 = 𝑝1 1 ∙ 𝑝2 2 ⋯ 𝑝𝑘 𝑘 is the prime factorization of n, then
𝛼 𝛼 −1 𝛼 𝛼 −1 𝛼 𝛼 −1
φ(𝑛) = 𝑝1 1 − 𝑝1 1 ∙ 𝑝2 2 − 𝑝2 2 ⋯ 𝑝𝑘 𝑘 − 𝑝𝑘 𝑘
= n (1 - 1/ p1). (1 - 1/ p2) ... (1 - 1/ pk).
AK Bhateja IIT Delhi
18 Chinese Remainder Theorem (CRT)
Let m1, m2 ... mr be relatively coprime. Then the system of equations
x  a1 mod m1,
x  a2 mod m2,
... ...
x  ar mod mr
𝑟

has a unique solution 𝑥 ≡ ෍ 𝑎𝑖 𝑁𝑖 𝑧𝑖 mod 𝑁

𝑖=1
𝑁
where N = m1 m2    mr , 𝑁𝑖 = and 𝑧𝑖 = 𝑁𝑖 −1 mod 𝑚𝑖
𝑚𝑖

AK Bhateja IIT Delhi

 CRT: Example
19
Example: Solve the system of congruences
x​ ≡ 1 mod 3
x ≡ 4 mod 5
x ≡ 6 mod 7
Solution: Here N = 105, N1 = 35, N2 = 21, N3 = 15
𝑥≡ 1 ∙ 35 ∙ 35−1 𝑚𝑜𝑑 3 + 4 ∙ 21 ∙ 21−1 𝑚𝑜𝑑 5 + 6 ∙ 15 ∙ 15−1 𝑚𝑜𝑑 7 𝑚𝑜𝑑 105
𝑥≡ 1 ∙ 35 ∙ 2 + 4 ∙ 21 ∙ 1 + 6 ∙ 15 ∙ 1 𝑚𝑜𝑑 105
≡ 244 𝑚𝑜𝑑 105 ≡ 34 𝑚𝑜𝑑 105
Fact: If gcd(n1, n2) = 1, then the pair of congruences x  a (mod n1),
x  a (mod n2), has a unique solution x  a (mod n1n2).

AK Bhateja IIT Delhi

20 Solution of linear congruences when moduli
are not relatively prime
 CRT works only if pair of moduli are coprime.
 If a pair of congruences are not coprime, then we can split each of
the congruences into two congruences so that the new moduli are
relatively prime.
 If both m1 and m2 are divisible by prime p, then split each of the
congruences into two congruences where one of the new moduli is
the factor having highest power of p.

AK Bhateja IIT Delhi

21 Splitting a single congruence

 A single congruence
x  a mod (m1m2) can be written as
x  a mod m1 and x  a mod m2
Example: x  3 mod 63 is equivalent to
x  3 mod 7 and x  3 mod 9

AK Bhateja IIT Delhi

22 Splitting of two congruences both divisible by
a prime
Example: x  3 mod 63 and x  5 mod 108
Here 3 is a prime, both 63 (= 327) and 108 (= 334) are
divisible by 3.
Split into four congruences:
x  3 (mod 9)
x  5 (mod 27)
x  3 (mod 7)
x  5 (mod 4)
AK Bhateja IIT Delhi
23  If both the congruences involve powers of a same prime p, then
one of following will be true
The congruences are contradictory and so there are no
solutions.
Example: x  3 (mod 9)
x  5 (mod 27); x = 5, 32, 59, … ≢ 3 (mod 9)
Both congruences for powers of p are implied by the
congruence with the higher power. So, the other congruence
(with lower power of p) may be ignored.
Example: x  5 (mod 9)
x  23 (mod 27); x = 23, 50, …  5 (mod 9)
AK Bhateja IIT Delhi
  Example: Solve the system of congruences
24 x  7 (mod 200)
x  82 (mod 375)
 Split each into two congruences
x  7 (mod 25)
x  82 (mod 125)
x  7 (mod 8)
x  82 (mod 3)
Here 1st congruence is a special case of 2nd congruence.
Therefore 1st congruence can be ignored.
 The congruence equations with relatively prime moduli are
x  82 (mod 125)
x  7 (mod 8)
x  82 (mod 3)
These can be solved by CRT. Solution: x = 1207 (mod 3000)
AK Bhateja IIT Delhi
25 Equivalence Relation
Theorem: Let n be a positive integer. For all a, b, c  Z
1. a  a (mod n);
2. a  b (mod n)  b  a (mod n);
3. a  b (mod n) & b  c (mod n)  a  c (mod n).
This means for any fixed +ve integer n, the binary relation “   (mod n)”
is an equivalence relation on the set Z.
This relation partitions the set Z into equivalence classes.
We denote the equivalence class containing the integer a by [a].
i.e., z  [a]  z  a (mod n)  z = a + ny for some y  Z.
These equivalence classes are called residue classes modulo n
AK Bhateja IIT Delhi
 Zn to be the set of residue classes modulo n.
26 Zn consists of the n distinct residue classes [0], [1], . . . , [n - 1].
Example: The residue classes modulo 6 :
[0] = {. . . , -12, -6, 0, 6, 12, . . .}; [1] = {. . . , -11, -5, 1, 7, 13, . . .}
[2] = {. . . , -10, -4, 2, 8, 14, . . .}; [3] = {. . . , -9, -3, 3, 9, 15, . . .}
[4] = {. . . , -8, -2, 4, 10, 16, . . .}; [5] = {. . . , -7, -1, 5, 11, 17, . . .}
Facts:
 The residue class [0] acts as an additive identity
 Every   Zn has a unique additive inverse
 The residue class [1] acts as a multiplicative identity
 Not all   Zn have multiplicative inverse. If  = [a] and  = [b], then 
is a multiplicative inverse of  if and only if ab  1 (mod n).
AK Bhateja IIT Delhi
27
We define Z*n to be the set of elements of Zn that have a multiplicative
inverse.
Z*n = {[a] : a = 0, . . . , n - 1, gcd(a, n) = 1}.
If n is prime, then gcd (a, n) = 1 for a = 1, . . . , n - 1, and Z*n = Zn\{[0]}.
Order of Zn* i.e. Zn*= (n)
Example: List the elements of Z*15

 [1] [2] [4] [7] [8] [11] [13] [14]

-1 [1] [8] [4] [13] [2] [11] [7] [14]

Example: Z26* = {1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, 25}, Z26*= 12.

AK Bhateja IIT Delhi

28
Order of an Element
Multiplicative order of an element: Let a Z*n and gcd (a, n) = 1 (a is
representative of residue class  = [a] with a  Z).
The order of a, denoted ord (a), is the least positive integer k such that
a k  1 (mod n).
Example: Let n = 21.
Z21* = {1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, 20}.
(21) = (7)(3) = 12 = Z21*.
The orders of elements in Z21* are
a Z21* 1 2 4 5 8 10 11 13 16 17 19 20
order of a 1 6 3 6 2 6 6 2 3 6 6 2

AK Bhateja IIT Delhi

29 Finding multiplicative order
Theorem: Suppose   Z*n has multiplicative order k. Then for every
m  Z, the multiplicative order of  m is k /gcd(m, k).
Example: Z21* = {1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, 20}.
(21) = (7) (3) = 12 = Z21*.
The orders of elements in Z21* are

a Z21* 1 2 4 5 8 10 11 13 16 17 19 20
order of a 1 6 3 6 2 6 6 2 3 6 6 2

order of 2 is 6, order of 8 = 23 will be 6/gcd(3, 6) = 6/3 = 2 which is true.

AK Bhateja IIT Delhi

30 Primitive root modulo n
 Primitive root modulo n: Let n be a positive integer. a  Z with
gcd (a, n) = 1 is a primitive root modulo n if the multiplicative order of
a modulo n is equal to (n).
 Example: Let n = 7; Primitive root modulo 7 are 3, 5
k→ 1 2 3 4 5 6
1k mod 7 1 1 1 1 1 1
2k mod 7 2 4 1 2 4 1
3k mod 7 3 2 6 4 5 1
4k mod 7 4 2 1 4 2 1
5k mod 7 5 4 6 2 3 1
6k mod 7 6 1 6 1 6 1
AK Bhateja IIT Delhi
31 Primitive roots for the first few numbers
n Primitive roots modulo n
2 1
3 2
4 3
5 2, 3
6 5
7 3, 5
9 2, 5
10 3, 7
11 2, 6, 7, 8
12 2, 6, 7, 11
AK Bhateja IIT Delhi
32
Fermat’s little theorem: For any prime p, and any integer a 
0 (mod p),
a p − 1  1 (mod p).
Moreover, {or any integer a, we have a p  a (mod p).

Euler’s Theorem: For any positive integer n, and any integer

a relatively prime to n,
a(n)  1 (mod n).
In particular, the multiplicative order of a modulo n divides
(n).

AK Bhateja IIT Delhi

33 Example: Find the remainder 29 196 when divided by 13.
Sol: gcd (29, 13) = 1.
196 = 12(16) + 4
Hence 29 196 mod 13  (29 12) 16 ⋅ 29 4 mod 13 ≡ (1)16 ⋅ 29 4 mod 13
Using Euler's theorem (29 12)  1 mod 13
29 196 mod 13 ≡ 29 4 (mod 13).
≡ (29 mod 13)4 (mod 13)
≡ (3) 4 (mod 13) ≡ 81 (mod 13) ≡ 3 (mod13)
Hence when 29 196 is divided by 13, the remainder is 3.

AK Bhateja IIT Delhi