Cryptography and

Network Security
Seventh Edition, Global Edition
by William Stallings
 Chapter 2
Introduction to Number Theory

© 2017 Pearson Education, Ltd., All rights reserved.

 Divisibility
• We say that a nonzero b divides a if a = mb for some m,
where a, b, and m are integers
• b divides a if there is no remainder on division
• The notation b | a is commonly used to mean b divides a
(differ than b/a)
• If b | a we say that “b is a factor of a”, “b is a divisor of a”,
and “a is a multiple of b”.
• b does not divide a is denoted by b ∤ a.
• 3  −12  True, but 3  7  False.
The positive divisors of 24 are 1, 2, 3, 4, 6, 8, 12, and 24
3|24; 6|24; 13 | 182; - 5 | 30; 17 | 289; - 3 | 33; 17 | 0
© 2017 Pearson Education, Ltd., All rights reserved.
 Properties of Divisibility
• If a | 1, then a = ±1

• If a | b and b | a, then a = ±b

• Any b ≠ 0 divides 0 (i.e 3|0, -5|0)

• If a | b , then a | (bc). 5 | 20 and 5 | 4*20 → 5 | 80

• If a | b and b | c, then a | c 11 | 66 and 66 | 198 → 11 | 198
• If b | g and b | h, then b | (g + h)

• Also if b | g and b | h, then b | (mg + nh) for arbitrary integers m and n

• 3  12 and 3  9 → 3  (12 + 9) → 3  21 (21 ÷ 3 = 7)

© 2017 Pearson Education, Ltd., All rights reserved.

 Properties of Divisibility
• To see this last point, note that:
• If b | g , then g is of the form g = b * g1 for some integer g 1
• If b | h , then h is of the form h = b * h1 for some integer h1
• So:
• mg + nh = mbg1 + nbh1 = b * (mg1 + nh1 )
and therefore b divides mg + nh
b = 7; g = 14; h = 63; m = 3; n = 2
7 | 14 and 7 | 63 then 7 | (14+63) and
To show 7 | (3 * 14 + 2 * 63),
we have (3 * 14 + 2 * 63) = 7(3 * 2 + 2 * 9),
and it is obvious that 7 | (7(3 * 2 + 2 * 9)).
© 2017 Pearson Education, Ltd., All rights reserved.
 Division Algorithm
• Given any positive integer n and any nonnegative integer
a, if we divide a by n we get an integer quotient q and an
integer remainder r that obey the following relationship:
a = qn + r 0 ≤ r < n; q = [a/n]

• n is called divisor and a is called dividend.

• q is the quotient and r is the remainder (must be positive
integer 0≤r<n).
q = a div n , r = a mod n
 4 = 70 div 15 , 10 = 70 mod 15

© 2017 Pearson Education, Ltd., All rights reserved.

Module #9 – Number Theory
Example

• What are the quotient and remainder when 101 is

divided by 11?
101 = 9 × 11 + 2
q = 101 div 11 = 9
r = 101 mod 11 = 2
101 
q = 101 div 11 =   = 9.18 = 9
 11 
r = 101 − (9)  11 = 2

11/2/2023 8
Module #9 – Number Theory
Example
• What are the quotient and the remainder when −11
is divided by 3?
−11 = 3 × (−4) + 1
q = −4 , r = 1
 − 11
q = −11 div 3 =   = − 3.6 = −4
 3 
r = −11 − (−4)  3 = 1 = −11 mod 3

r = p mod n = p – (q × n)
r = -11 mod 3 = -11 – (-4×3)= -11 +12 = 1

11/2/2023 9
 • One of the basic

Euclidean
techniques of number
theory

Algorithm • Procedure for

determining the greatest
common divisor of two
positive integers

• Two integers are

relatively prime if their
only common positive
integer factor is 1

© 2017 Pearson Education, Ltd., All rights reserved.

 Greatest Common Divisor
(GCD)
• The greatest common divisor of a and b is the largest
integer that divides both a and b.
• We can use the notation gcd(a,b) to mean the
greatest common divisor of a and b
• We also define gcd(0,0) = 0
• Positive integer c is said to be the gcd of a and b if:
• c is a divisor of a and b
• Any divisor of a and b is a divisor of c

• An equivalent definition is:

gcd(a,b) = max[c, such that c | a and c | b]

© 2017 Pearson Education, Ltd., All rights reserved.

Module #9 – Number Theory
Greatest Common Divisors

• To find gcd: Find all positive common divisors of

both a and b, then take the largest divisor:
e.g. Find gcd(24, 36)?
Divisors of 24: 1, 2, 3, 4, 6, 8, 12, 24
Divisors of 36: 1, 2, 3, 4, 6, 9, 12, 18, 36
Common divisors: 1, 2, 3, 4, 6, 12
Maximum = 12, so gcd(24, 36) = 12

11/2/2023 12
 GCD
• Because we require that the greatest common divisor be positive,
gcd(a,b) = gcd(a,- b) = gcd(- a, b) = gcd(- a,- b)

• In general, gcd(a,b) = gcd(| a |, | b |)

gcd(60, 24) = gcd(60, - 24) = gcd(- 60, - 24) = 12

• Also, because all nonzero integers divide 0, we have gcd(a,0) = | a |

• We stated that two integers a and b are relatively prime if their
only common positive integer factor is 1; this is equivalent to
saying that a and b are relatively prime if gcd(a,b) = 1
8 and 15 are relatively prime because the positive divisors of 8 are 1, 2, 4, and
8, and the positive divisors of 15 are 1, 3, 5, and 15. So 1 is the only integer on
both lists. gcd(8, 15) = 1
© 2017 Pearson Education, Ltd., All rights reserved.
 a=24 b=36
a=36 b=24
36/24 → r = 12
a=24 b=12
24/12 → r = 0
gcd(24, 36) = 12

© 2017 Pearson Education, Ltd., All rights reserved.

 a=710 b=310
710/310 → r = 90
a=310 b=90
310/90 → r = 40
a=90 b=40
90/40 → r = 10
a=40 b=10
40/10 → r = 0
gcd (710, 310) = 10

r = 0 → gcd (710, 310)= 10

© 2017 Pearson Education, Ltd., All rights reserved.

 Table 2.1
Euclidean Algorithm Example

(This table can be found on page 34 in the textbook)

© 2017 Pearson Education, Ltd., All rights reserved.
 Modular Arithmetic
• The modulus
• If a is an integer and n is a positive integer, we
define a mod n to be the remainder when a is
divided by n; the integer n is called the modulus
• Thus, for any integer a:
a = qn + r 0 ≤ r < n; q = [a/ n]
a = [a/ n] * n + ( a mod n)
11 mod 7 = 4; - 11 mod 7 = 3
[-11/ 7]=-2

the remainder must be positive integer

© 2017 Pearson Education, Ltd., All rights reserved.

 Modular Arithmetic
• Congruent modulo n
• Two integers a and b are said to be congruent modulo
n if (a mod n) = (b mod n)
• This is written as a  b (mod n)
• If a  b (mod n) then n | (a − b ) i.e. (a − b) mod n = 0
• Note that if a  0(mod n), then n | a and a mod n = 0
73  4 (mod 23); 21  - 9 (mod 10)

73 mod 23 = 4 mod 23
4 = 4

© 2017 Pearson Education, Ltd., All rights reserved.

 Properties of Congruences
• Congruences have the following properties:

1. a  b (mod n) if n | (a – b)

2. a  b (mod n) implies b  a (mod n)

3. a  b (mod n) and b  c (mod n) imply a  c (mod n)

• To demonstrate the first point, if n | (a - b), then (a - b) = kn for

some k
• So we can write a = b + kn
• Therefore, (a mod n) = (remainder when b + kn is divided by n) =
(remainder when b is divided by n) = (b mod n)

23  8 (mod 5) because 23 - 8 = 15 mod 5 = 0

- 11  5 (mod 8) because - 11 - 5 = - 16 mod 8 = 0
81  0 (mod 27) because 81 - 0 = 81 = 27 * 3
© 2017 Pearson Education, Ltd., All rights reserved.
 Modular Arithmetic
• Modular arithmetic exhibits the following properties:
1. [(a mod n) + (b mod n)] mod n = (a + b) mod n

2. [(a mod n) - (b mod n)] mod n = (a - b) mod n

3. [(a mod n) * (b mod n)] mod n = (a * b) mod n

© 2017 Pearson Education, Ltd., All rights reserved.

 Remaining Properties:
• Examples of the three remaining properties:

11 mod 8 = 3; 15 mod 8 = 7
[(11 mod 8) + (15 mod 8)] mod 8 = 10 mod 8 = 2
(11 + 15) mod 8 = 26 mod 8 = 2
[(11 mod 8) - (15 mod 8)] mod 8 = - 4 mod 8 = 4
(11 - 15) mod 8 = - 4 mod 8 = 4
[(11 mod 8) * (15 mod 8)] mod 8 = 21 mod 8 = 5
(11 * 15) mod 8 = 165 mod 8 = 5

© 2017 Pearson Education, Ltd., All rights reserved.

 Table 2.2(a)
Addition Modulo 8

© 2017 Pearson Education, Ltd., All rights reserved. (This table can be found on page 37 in the textbook)
 Table 2.2(b)
Multiplication Modulo 8

© 2017 Pearson Education, Ltd., All rights reserved. (This table can be found on page 37 in the textbook)
 Additive and Multiplicative Inverse Modulo 8
• The multiplicative inverse, or reciprocal of x is the integer y such that
(x * y ) mod 8 = 1 mod 8. Now, to find the multiplicative inverse of an
integer from the multiplication table, scan across the matrix in the row for
that integer to find the value 1; the integer at the top of that column is the
multiplicative inverse; thus, (3 * 3) mod 8 = 1.
• Note that not all integers mod 8 have a multiplicative inverse. No
multiplicative inverse for 2.

• The additive inverse, or negative, of an integer x is the integer y such

that (x + y ) mod 8 = 0. To find the additive inverse of an integer in the
left-hand column, scan across the corresponding row of the matrix to
find the value 0; the integer at the top of that column is the additive
inverse; thus, (2 + 6) mod 8 = 0. So, 6 is an additive inverse of 2.

© 2017 Pearson Education, Ltd., All

rights reserved.
 Table 2.2(c)

Additive
and
Multiplicative
Inverse
Modulo 8
© 2017 Pearson Education, Ltd., All rights reserved. (This table can be found on page 37 in the textbook)
 Table 2.3
Properties of Modular Arithmetic for Integers in Zn

(This table can be found on page 38 in the textbook)

© 2017 Pearson Education, Ltd., All rights reserved.
 Primes

• A positive integer p > 1 is prime if the only positive

factors of p are 1 and p.
Some primes: 2, 3, 5, 7, 11, 13, 17, ...
• Non-prime integer greater than 1 are called
composite, because they can be composed by
multiplying two integers greater than 1.
• Two integers are relatively prime if there is no
common divisors between them (gcd(a,b)=1)
e.g The numbers 17 and 22 are relatively prime
27 11/2/2023
 Table 2.5
Primes Under 2000

© 2017 Pearson Education, Ltd., All rights reserved. (This table can be found on page 44 in the textbook)
 Prime Numbers
• Prime numbers only have divisors of 1 and itself
• They cannot be written as a product of other numbers

• Prime numbers are central to number theory

• Any integer a > 1 can be factored in a unique way as
a = p1 a1 * p2 a2 * . . . * pn an
where p1 < p2 < . . . < pn are prime numbers and where
each ai is a positive integer
• This is known as the fundamental theorem of
arithmetic

© 2017 Pearson Education, Ltd., All rights reserved.

 Fundamental Theorem of Arithmetic
• Every positive integer greater than 1 has a
unique representation as a prime or as the
product of two or more primes where the prime
factors are written in order of non-decreasing
size.
100 = 2·2·5·5 = 22∙52
641 = 641
999 = 3∙3∙3∙37 = 33∙37
1024 = 2·2·2·2·2·2·2·2·2·2 = 210

Prime Factorization
30 11/2/2023
 Fermat's Theorem
• States the following:
• If p is prime and a is a positive integer not divisible
by p then
ap-1  1 (mod p)
e.g: Let p=3 and a=10 then 102  1 (mod3)
• An alternate form is:
• If p is prime and a is a positive integer then

ap  a (mod p)

103  10 (mod 3)

© 2017 Pearson Education, Ltd., All rights reserved.

 Euler’s Totient Function ø(n)

• Before presenting Euler’s theorem, we need to introduce an important

quantity in number theory, referred to as Euler’s totient function, written
ø(n), and defined as the number of positive integers less than n and
relatively prime to n . By convention, ø(1) = 1.

• ø(4) = 2 → 1,3 ø(5) = 4 → 1,2,3,4 ø(9) = 6 → 1,2,4,5,7,8

• Table 2.6 lists the first 30 values of ø (n ). The value ø(1) is without
meaning but is defined to have the value 1.

• It should be clear that, for a prime number p, ø (p ) = p - 1

• ø(13) = 12 → 1,2,3,4,5,6,7,8,9,10,11,12

© 2017 Pearson Education, Ltd., All

rights reserved.
 Table 2.6
Some Values of Euler’s Totient Function ø(n)

© 2017 Pearson Education, Ltd., All rights reserved. (This table can be found on page 48 in the textbook)
 Euler's Theorem
• States that for every a and n that are relatively
prime:
aø(n)  1 (mod n)
e.g a=7 and n=5 are relatively prime, so
7ø(5)=4  1 (mod 5) → 2401  1 (mod 5)
2401/5 = 480 and r=1
• An alternative form is:
aø(n)+1  a(mod n)

© 2017 Pearson Education, Ltd., All rights reserved.

 Miller-Rabin Algorithm
• Typically used to test a large number for primality

• The Miller–Rabin test is a probabilistic primality test

• Algorithm is:
TEST (n)

1. • Find integers k, q, with k > 0, q odd, so that (n – 1)=2kq ;

2. • Select a random integer a, 1 < a < n – 1 ;

3. • if aq mod n = 1 then return (“inconclusive") ;

4. • for j = 0 to k – 1 do

5. • if (a2jq mod n = n – 1) then return (“inconclusive") ;

6. • return (“composite") ;
© 2017 Pearson Education, Ltd., All rights reserved.
 Deterministic Primality Algorithm
• Prior to 2002 there was no known method of
efficiently proving the primality of very large
numbers
• All of the algorithms in use produced a probabilistic
result
• In 2002 Agrawal, Kayal, and Saxena developed an
algorithm that efficiently determines whether a
given large number is prime
• Known as the AKS algorithm
• Does not appear to be as efficient as the
Miller-Rabin algorithm

© 2017 Pearson Education, Ltd., All rights reserved.

 Chinese Remainder Theorem (CRT)
• Believed to have been discovered by the Chinese mathematician
Sun-Tsu in around 100 A.D.

• One of the most useful results of number theory

• Says it is possible to reconstruct integers in a certain range from

their residues modulo a set of pairwise relatively prime moduli

• Can be stated in several ways

Provides a way to manipulate (potentially very large)

numbers mod M in terms of tuples of smaller numbers
•This can be useful when M is 150 digits or more
•However, it is necessary to know beforehand the
factorization of M

© 2017 Pearson Education, Ltd., All rights reserved.

 Table 2.7
Powers of Integers, Modulo 19

© 2017 Pearson Education, Ltd., All rights reserved. (This table can be found on page 57 in the textbook)
 Table 2.8
Tables of Discrete Logarithms, Modulo 19

© 2017 Pearson Education, Ltd., All rights reserved.

(This table can be found on page 60 in the textbook)
 Summary
• Divisibility and the division
algorithm
• The Euclidean algorithm
• Greatest Common Divisor
• Finding the Greatest Common
Divisor
• Modular arithmetic
• The modulus
• Properties of congruences
• Modular arithmetic operations
• Properties of modular arithmetic
• Euclidean algorithm revisited
• The extended Euclidean algorithm
• Prime numbers
© 2017 Pearson Education, Ltd., All rights reserved.
• Fermat’s Theorem
• Euler’s totient function
• Euler’s Theorem
• Testing for primality
• Miller-Rabin algorithm
• A deterministic primality algorithm
• Distribution of primes
• The Chinese Remainder
Theorem
• Discrete logarithms
• Powers of an integer, modulo n
• Logarithms for modular arithmetic
• Calculation of discrete logarithms