Mathematics of

Cryptography
 Objectives
❏ To introduce prime numbers and their applications
in cryptography.
❏ To discuss some primality test algorithms and their
efficiencies.
❏ To discuss factorization algorithms and their
applications in cryptography.
❏ To describe the Chinese remainder theorem and its
application.
❏ To introduce quadratic congruence.
❏ To introduce modular exponentiation and
logarithm.
PRIMES

Asymmetric-key cryptography uses primes extensively.

1 Definition
2 Cardinality of Primes
3 Checking for Primeness
4 Euler’s Phi-Function
5 Fermat’s Little Theorem
6 Euler’s Theorem
7 Generating Primes
 Definition
Three groups of positive integers

Note
A prime is divisible only by itself and 1.
Example
What is the smallest prime?
Solution
The smallest prime is 2, which is divisible by 2 (itself) and 1.

Example
List the primes smaller than 10.
Solution
There are four primes less than 10: 2, 3, 5, and 7. It is interesting
to note that the percentage of primes in the range 1 to 10 is 40%.
The percentage decreases as the range increases.
 Cardinality of Primes

Infinite Number of Primes

Note
There is an infinite number of primes.

Number of Primes in n
 Example
As a trivial example, assume that the only primes are in the set
{2, 3, 5, 7, 11, 13, 17}. Here P = 510510 and P + 1 = 510511.
However, 510511 = 19 × 97 × 277; none of these primes were in the
original list. Therefore, there are three primes greater than 17.

Example

Find the number of primes less than 1,000,000.

Solution
The approximation gives the range 72,383 to 78,543. The actual
number of primes is 78,498.
 Checking for Primeness

Given a number n, how can we determine if n is a prime?

The answer is that we need to see if the number is
divisible by all primes less than

We know that this method is inefficient, but it is a good

start.
 Example

Is 97 a prime?
Solution
The floor of 97 = 9. The primes less than 9 are 2, 3, 5, and 7. We
need to see if 97 is divisible by any of these numbers. It is not, so
97 is a prime.

Example
Is 301 a prime?
Solution
The floor of 301 = 17. We need to check 2, 3, 5, 7, 11, 13, and 17.
The numbers 2, 3, and 5 do not divide 301, but 7 does. Therefore
301 is not a prime.
Sieve of Eratosthenes
 Euler’s Phi-Function

Euler’s phi-function, f (n), which is sometimes called the

Euler’s totient function plays a very important role in
cryptography.

f (n) = number of integers that

are both smaller than n and
relatively prime to n.
 Euler’s Phi-Function

Euler’s phi-function, f (n), which is sometimes called the

Euler’s totient function plays a very important role in
cryptography.
We can combine the above four rules to find the value of
f(n). For example, if n can be factored as
n = p1e × p2e × … × pke
1 2 k

then we combine the third and the fourth rule to find

Note
The difficulty of finding f(n) depends on the
difficulty of finding the factorization of n.
Example
What is the value of f(13)?
Solution
Because 13 is a prime, f(13) = (13 −1) = 12.

Example
What is the value of f(10)?

Solution
We can use the third rule: f(10) = f(2) × f(5) = 1 × 4 = 4, because 2
and 5 are primes.
Example
What is the value of f(240)?
Solution
We can write 240 = 24 × 31 × 51. Then

f(240) = (24 −23) × (31 − 30) × (51 − 50) = 64

Example
Can we say that f(49) = f(7) × f(7) = 6 × 6 = 36?
Solution
No. The third rule applies when m and n are relatively prime.
Here 49 = 72. We need to use the fourth rule: f(49) = 72 − 71 = 42.
Example
What is the number of elements in Z14*?

Solution
The answer is f(14) = f(7) × f(2) = 6 × 1 = 6. The members are 1,
3, 5, 9, 11, and 13.

Note
Interesting point: If n > 2, the value of f(n) is even.
 Fermat’s Little Theorem
p is a prime, a is an integer, and p does not divide a.

First Version

ap − 1 ≡ 1 mod p

Second Version

ap ≡ a mod p
Example
Find the result of 610 mod 11.
Solution
We have 610 mod 11 = 1. This is the first version of Fermat’s little
theorem where p = 11.
Example
Find the result of 312 mod 11.
Solution
Here the exponent (12) and the modulus (11) are not the same.
With substitution this can be solved using Fermat’s little theorem.
 Multiplicative Inverses
Multiply both side of Fermat’s little theorem (1st version)
by a.

a−1 mod p = a p − 2 mod p

Example
The answers to multiplicative inverses modulo a prime can be
found without using the extended Euclidean algorithm:
 Euler’s Theorem

First Version: a and n are coprime.

af(n) ≡ 1 (mod n)
Second Version: if n = p x q, a<n, and k an integer.

a k × f(n) + 1 ≡ a (mod n)
Note
The second version of Euler’s theorem is used in the
RSA cryptosystem.
Quickly finding a solution to exponentiation.
Example

Find the result of 624 mod 35.

Solution
We have 624 mod 35 = 6f(35) mod 35 = 1.

Example
Find the result of 2062 mod 77.
Solution
If we let k = 1 on the second version, we have
2062 mod 77 = (20 mod 77) (20f(77) + 1 mod 77) mod 77
= (20)(20) mod 77 = 15.
Multiplicative Inverses
Euler’s theorem can be used to find multiplicative
inverses modulo a composite.

a−1 mod n = af(n)−1 mod n

Example
The answers to multiplicative inverses modulo a composite can be
found without using the extended Euclidean algorithm if we know
the factorization of the composite:
 Generating Primes

Mersenne Primes
If p is a prime.

Note
A number in the form Mp = 2p − 1 is called a
Mersenne number and may or may not be a prime.
Fermat Primes

F0 = 3 F1 = 5 F2 = 17 F3 = 257 F4 = 65537
F5 = 4294967297 = 641 × 6700417 Not a prime
PRIMALITY TESTING

Finding an algorithm to correctly and efficiently test a

very large integer and output a prime or a composite has
always been a challenge in number theory, and
consequently in cryptography. However, recent
developments look very promising.

1 Deterministic Algorithms
2 Probabilistic Algorithms
3 Recommended Primality Test
 Deterministic Algorithms

Divisibility Algorithm

Note
The bit-operation complexity of the divisibility test
is exponential.
Example
Assume n has 200 bits. What is the number of bit operations
needed to run the divisibility-test algorithm?

Solution
The bit-operation complexity of this algorithm is 2n /2. This means
b

that the algorithm needs 2100 bit operations. On a computer

capable of doing 230 bit operations per second, the algorithm needs
270 seconds to do the testing (forever).
AKS Algorithm

Example
Assume n has 200 bits. What is the number of bit operations
needed to run the AKS algorithm?
Solution
This algorithm needs only (log2200)12 = 39,547,615,483 bit
operations. On a computer capable of doing 1 billion bit
operations per second, the algorithm needs only 40 seconds.
AKS Algorithm
 Probabilistic Algorithms

Fermat Test

If n is a prime, an−1 ≡ 1 mod n

If n is a composite, it is possible that an−1 ≡ 1 mod n

Example
Does the number 561 pass the Fermat test?
Solution
Use base 2

The number passes the Fermat test, but it is not a prime, because
561 = 33 × 17.
Example
Suppose we wish to determine if n = 221 is prime.
Randomly pick 1 ≤ a < 221, say a = 38.
Check the equality:

Either 221 is prime, or 38 is a Fermat liar,

so we take another a, say 26:

So 221 is composite and 38 was indeed a Fermat liar.

Example
Does the number 561 pass the Fermat test?

Solution
Use base 2

The number passes the Fermat test, but it is not a prime, because
561 = 33 × 17.
 Square Root Test

Example
What are the square roots of 1 mod n if n is 7 (a prime)?

Solution
The only square roots are 1 and −1. We can see that
Example
What are the square roots of 1 mod n if n is 7 (a prime)?

Solution
The only square roots are 1 and −1. We can see that

Note that we don’t have to test 4, 5 and 6 because 4 = –3 mod 7,

5 = –2 mod 7 and 6 = –1 mod 7.
Example
What are the square roots of 1 mod n if n is 8 (a composite)?

Solution
There are four solutions: 1, 3, 5, and 7 (which is −1). We can see
that
Example
What are the square roots of 1 mod n if n is 17 (a prime)?
Solution
There are only two solutions: 1 and −1
Example
What are the square roots of 1 mod n if n is 22 (a composite)?

Solution
Surprisingly, there are only two solutions, +1 and −1, although 22
is a composite.
Miller-Rabin Test

Idea behind Fermat primality test:

An elegant combination of Fermat’s test and square root test.

Note
The Miller-Rabin test needs from step
0 to step k − 1.
Example
Does the number 561 pass the Miller-Rabin test?

Solution
Using base 2, let 561 − 1 = 35 × 24, which means m = 35, k = 4, and
a = 2.
Example
We already know that 27 is not a prime. Let us apply the Miller-
Rabin test.

Solution
With base 2, let 27 − 1 = 13 × 21, which means that m = 13, k = 1,
and a = 2. In this case, because k − 1 = 0, we should do only the
initialization step: T = 213 mod 27 = 11 mod 27. However, because
the algorithm never enters the loop, it returns a composite.
Example
We know that 61 is a prime, let us see if it passes the Miller-Rabin
test.

Solution
We use base 2.
 Recommended Primality Test

Today, one of the most popular primality test is a

combination of the divisibility test and the Miller-Rabin
test.
Example
The number 4033 is a composite (37 × 109). Does it pass the
recommended primality test?

Solution
1. Perform the divisibility tests first. The numbers 2, 3, 5, 7, 11, 17,
and 23 are not divisors of 4033.
2. Perform the Miller-Rabin test with a base of 2, 4033 − 1 = 63 ×
26, which means m is 63 and k is 6.
Example

3. But we are not satisfied. We continue with another base, 3.

FACTORIZATION

Factorization has been the subject of continuous

research in the past; such research is likely to
continue in the future. Factorization plays a very
important role in the security of several public-key
cryptosystems.

1 Fundamental Theorem of Arithmetic

2 Factorization Methods
3 Fermat Method
4 Pollard p – 1 Method
5 Pollard rho Method
6 More Efficient Methods
 Fundamental Theorem of Arithmetic

Greatest Common Divisor

Least Common Multiplier

 Factorization Methods

Trial Division Method

 Example
Use the trial division algorithm to find the factors of 1233.
Solution
We run a program based on the algorithm and get the following
result.

Example
Use the trial division algorithm to find the factors of 1523357784.
Solution
We run a program based on the algorithm and get the following
result.
Fermat Method
CHINESE REMAINDER THEOREM

The Chinese remainder theorem (CRT) is used to solve

a set of congruent equations with one variable but
different moduli, which are relatively prime, as shown
below:
Example
The following is an example of a set of equations with different
moduli:

The solution to this set of equations is given in the next section; for
the moment, note that the answer to this set of equations is x = 23.
This value satisfies all equations: 23 ≡ 2 (mod 3), 23 ≡ 3 (mod 5),
and 23 ≡ 2 (mod 7).
Solution To Chinese Remainder Theorem

1. Find M = m1 × m2 × … × mk. This is the common modulus.

2. Find M1 = M/m1, M2 = M/m2, …, Mk = M/mk.
3. Find the multiplicative inverse of M1, M2, …, Mk using the
corresponding moduli (m1, m2, …, mk). Call the inverses
M1−1, M2−1, …, Mk −1.
4. The solution to the simultaneous equations is
Example

Find the solution to the simultaneous equations:

Solution
We follow the four steps.

1. M = 3 × 5 × 7 = 105

2. M1 = 105 / 3 = 35, M2 = 105 / 5 = 21, M3 = 105 / 7 = 15

3. The inverses are M1−1 = 2, M2−1 = 1, M3 −1 = 1

4. x = (2 × 35 × 2 + 3 × 21 × 1 + 2 × 15 × 1) mod 105 = 23 mod 105

 Example
Find an integer that has a remainder of 3 when divided by 7 and
13, but is divisible by 12.
Solution
This is a CRT problem. We can form three equations and solve
them to find the value of x.

If we follow the four steps, we find x = 276. We can check that

276 = 3 mod 7, 276 = 3 mod 13 and 276 is divisible by 12 (the
quotient is 23 and the remainder is zero).
Example
Assume we need to calculate z = x + y where x = 123 and y = 334,
but our system accepts only numbers less than 100. These
numbers can be represented as follows:

Adding each congruence in x with the corresponding congruence

in y gives

Now three equations can be solved using the Chinese remainder

theorem to find z. One of the acceptable answers is z = 457.
EXPONENTIATION AND LOGARITHM

1 Exponentiation
2 Logarithm
 Exponentiation

Fast Exponentiation

Figure The idea behind the square-and-multiply method

Example
Figure below shows the process for calculating y = ax using the
Algorithm 9.7 (for simplicity, the modulus is not shown). In this
case, x = 22 = (10110)2 in binary. The exponent has five bits.

Figure Demonstration of calculation of a22 using square-and-multiply method

Note
The bit-operation complexity of the fast exponential
algorithm is polynomial.