ADVANCED ALGORITHMS

Number-Theoretic Algorithms (UNIT-4)

1
1. Elementary Number-theoretic Notions :

a) Divisibility and Divisors :

The notation d | a (d divides a) means :
a = kd for some integer k.

Here, ‘a’ is multiple of ‘d’.

Here, if d  0, then d is ‘divisor’ of a.

The ‘trivial divisors’ of a are : 1, a
The nontrivial divisors of a are called factors of a
Ex-1 : Find the divisors and trivial divisors of 24.
The trivial divisors of 24 : 1 24
The divisors of 24 : 1,2,3,4,6,8,12, and 24
The factors of 24 : 2,3,4,6,8,12
2
b) Prime and Composite Numbers :
An integer a > 1, whose only divisors are trivial
divisors ‘1’ and ‘a’ is a ‘Prime Number’.
An integer a > 1, which is not a prime number,
is called ‘Composite Number’.

Ex-2 : Find all the first 5 prime numbers.

2,3,5,7,11
39 is a composite no. since it divides by 3.
1 is called unit & is neither prime nor composite.
Similarly 0 and all –ve nos. are neither prime
nor composite.

3
TH-4.1 : Division Theorem
“ For any integer ‘a’ and any positive integer ‘n’,
there exists unique integers ‘q’ and ‘r’ such that
0 ≤ r < n and a = qn + r”.
The value q =  a/n  is the quotient of the division.
The value r = a mod n is the remainder of the division.
Here n | a ( n divides a), if and only if a mod n = 0.

Ex-3 : Find the quotient and remainder of 12 and 67.

The quotient : 5
The remainder : 7

4
c) Common Divisors & Greatest CD :
If ‘d’ is a divisor of ‘a’
and ‘d’ is also divisor of ‘b’
then ‘d’ is a common divisor of ‘a’ and ‘b’.
Note : a) ‘1’ is a common divisor of any two integers.
b) If a | b and b | a then a= b

Important Property :
If d | a and d | b then d | (a + b) & d | (a – b)
 If d | a and d | b then d | (ax + by)

Ex-4: Find all the common divisors of 24 and 30.

1 2 3 6
5
Greatest Common Divisor :
The GCD of two integers a and b , not both Zero, is
the largest of the common divisors of a and b.
GCD(24, 30) = 6
Note : GCD(a,0) = |a|

Relatively Prime Integers :

Two integers ‘a’ and ‘b’ are relatively prime
if their only common divisor is 1.
i.e., gcd(a,b) = 1
The relatively primes are : (8,15)
-do- : (10,21)
6
TH-4.2 : If a and b are any two integers, then
gcd(a,b) is the smallest positive element s of the
set
s = (ax + by).
Ex-5: Let a =6 & b = 21, Find the values of x , y.
TH-4.3 : For any integers a, b and p, if both
gcd(a,p) = 1 and gcd(b,p) = 1, then gcd(ab,p) = 1.

TH-4.4 : For all primes p and all integers a and b,

if p | ab then p | a or p | b or both.
Unique Factorization :
There is exactly one way to write any composite
integer ‘a’ as a product of the form
a = p1^ e1. p2^ e2. p3^ e3…… pr^ er
where all pi are prime, p1<p2<..<pr and ei are +ve
7
d) Common Divisors & Greatest CD :
Let there are two positive integers ‘a’ and ‘b’ 
a = p1^ e1. p2^ e2. p3^ e3…… pr^ er

b = p1^ f1. p2^ f2. p3^ f3…… pr^ fr

Here, gcd(a,b) = p1 ^ min(e1 , f1 ). p2 ^ min(e2 , f2 ).
……. pr ^ min(er , fr ).
Ex-6 : Let a = 90 b = 150
Find the value of gcd(a,b) using above rule.
Here, a = 2 x 32 x 5
b = 2 x 3 x 52
 gcd(a,b) = 2 x 3 x 5
8
TH-4.5 : GCD recursion theorem :
For any non-negative integer ‘a’ and
any positive integer ‘b’, we have
gcd (a,b) = gcd (b, a mod b)

Proof : case-1 :
Let d = gcd (a,b)  d | a & d | b
Here, a mod b = a – q b where q =  a / b 
Since, a mod b is a linear combination of ‘a’ and ‘b’,
we can say that d | (a mod b).
So, d | b and d | (a mod b)
 d | gcd (b, a mod b)
 gcd (a,b) | gcd (b, a mod b) ….(1)
9
Case-2 : Let d = gcd (b, a mod b).
 d | b & d | (a mod b)
Since, a = q b + (a mod b) where q =  a / b 
we have that a is a linear combination of ‘b’ and
‘a mod b’  d | a

Hence, we can say that d|a & d|b

 d | gcd(a,b)
 gcd(b,a mod b) | gcd(a,b) ……(2)

From (1) and (2) we can say that

gcd (a,b) = gcd (b, a mod b) //
10
 2 a)Euclid’s Algorithm :
Let a and b are non-negative integers.
EUCLID (a,b)
1 If (b = = 0)
2 return a
3 else return EUCLID(b, a mod b)

Ex-7 : Find the value of gcd(30,21) using Euclid algorithm.

EUCLID(30,21) = EUCLID (21,9)

= EUCLID (9,3)
= EUCLID (3,0)
= 3.
This computation calls EUCLID recursively three times.

11
2 b) Extended Euclid’s Algorithm :
In this algorithm we find additional information
like the values of ‘x’ and ‘y’, where
d = gcd (a,b) = ax + by

EXTENDED-EUCLID(a,b)
1 If b = = 0
2 return (a,1,0)
3 else (d’, x’, y’) = EXTENDED-EUCLID(b, a mod b)
4 (d,x,y) = (d’, y’, x’ -  a / b  y’)
5 return (d, x, y)

12
In the above algorithm,
d = ax + b y
d’ = bx’ + (a mod b) y’

because d = d’, we have

ax + by = bx’ + (a mod b) y’
= bx’ + (a – b a / b  ) y’
= a y’ + b (x’ -  a / b  y’)
So, x = y’ & y = (x’ -  a / b  y’)

Ex-8 : Find the value of gcd(99,78) and corres-

ponding x, y values using EE algorithm.

13
Step-1 : a = 99 b =78
a / b = 1 d = gcd(99,78) = 3
Here, a = 99 = 1. 78 + 21
78 = 3. 21 + 15
21 = 1. 15 + 6
15 = 2.6 + 3
6 = 2. 3 + 0
And 3 = 15 - 2 . 6 = 15 – 2 (21 – 1. 15)
= 3.15 - 2.21 = 3(78 – 3.21) – 2.21
= 3. 78 – 11. 21 = 3. 78 – 11(99 – 1.78)
= 3.78 - 11.99 + 11.78 = -11.99 + 14.78
 3 = gcd(99,78) = -11.99 + 14. 78 …(1)

14
Step-2 : a = 78 b = 21
a / b = 3 d = gcd(78,21) = 3

Here, a = 78 = 3. 21 + 15
21 = 1. 15 + 6
15 = 2.6 + 3
6 = 2. 3 + 0

And 3 = 15 - 2 . 6 = 15 – 2 (21 – 1. 15)

= 3.15 - 2.21 = 3(78 – 3.21) – 2.21
= 3. 78 – 11. 21
So, x=3 y = -11

 3 = gcd(78,21) = 3.78 - 11. 21 …(2)

15
Step-3 : a = 21 b = 15
a / b = 1 d = gcd(21,15) = 3

Here, a = 21 = 1. 15 + 6
15 = 2.6 + 3
6 = 2. 3 + 0

And 3 = 15 - 2 . 6 = 15 – 2 (21 – 1. 15)

= 3.15 - 2.21
So, x = -2 y=3

 3 = gcd(21,15) = -2.21 + 3. 15 …(3)

16
Step-4 : a = 15 b=6
a / b = 2 d = gcd(15,6) = 3

Here, a = 15 = 2.6 + 3
6 = 2. 3 + 0

And 3 = 15 - 2 . 6
So, x=1 y = -2

 3 = gcd(15,6) = 1.15 - 2. 6 …(4)

17
Step-5 : a=6 b=3
a / b = 2 d = gcd(6,3) = 3
Here, a = 6 = 2. 3 + 0
And 3 = 0.6 + 1.3
So, x=0 y=1
 3 = gcd(6,3) = 0.6 + 1. 3 …(5)

Step-6 : a=3 b=0

a / b = - d = gcd(3,0) = 3
Here, a = 3 = 1. 3 + 0.0
And 3 = 1.3 + 0.0
So, x = 1 y=0
 3 = gcd(3,0) = 1.3 + 0. 0 …(6)
18
So, the final output of EE algorithm is as follows :

a b a / b d x y

99 78 1 3 -11 14
78 21 3 3 3 -11
21 15 1 3 -2 3
15 6 2 3 1 -2
6 3 2 3 0 1
3 0 -- 3 1 0

19
3. Modular Arithmetic :
a) Group : A group (S,) is a set S together with
binary operation  defined on S for which
the following properties hold :

i) Closure : For all a, b  S, a  b  S.

ii) Identity : There exists an element e  S,
called the identity of the group, 
ae = ea= a for all a  S.
iii) Associativity : For all a, b, c  S, we have
(a  b)  c = a  (b  c)
iv) Inverse : For each a  S, there exists a
unique element b  S, called the
inverse of ‘a’, such that
(a  b) = (b  a) = e
20
Abelian Group : A group (S,) is said to be ‘Abelian
Group’, if it satisfies the commutative property.
(a  b) = (b  a)

Finite Group : A group (S,) is said to be ‘Finite

Group’, if it satisfies the property.
|S| < 
Sub-Group : If (S,) is a group, and S’  S and
(S’,) is also a group, then (S’,) is a sub
group of (S’,)

Galois Field : The set of integers (0,1,2,…,p-1),

where p is a prime, is called GF(p).

21
Multiplicative Inverse : The factor b-1 is the
‘multiplicative inverse’ of b in GF(p).
 b b-1 mod p = 1
Ex-9 : Find the multiplicative inverses of the
following, where p = 7.
1 2 3 4 5 6
Answer : 1 4 5 2 3 6

Ex-10 : Find the multiplicative inverses of the 1

2 3 4 5 6 7 8 9 10 (p = 11)

Answer : 1 6 4 3 9 2 8 7 5 10

22
Ex-11 :
Let the moduli be p1 = 3, p2 = 5, p3 = 7
Let us consider the integers : 10, 15

Here, 10 = (10 mod 3, 10 mod 5, 10 mod 7) = (1, 0, 3)

Here, 15 = (15 mod 3, 15 mod 5, 15 mod 7) = (0, 0, 1)
Modular Addition :
10 + 15 = (25 mod 3, 25 mod 5, 25 mod 7) = (1, 0, 4)
& (1+0 mod 3, 0+0 mod 5, 3+1 mod 7) = (1, 0, 4)
Modular Subtraction :
15 – 10 = (5 mod 3, 5 mod 5, 5 mod 7) = (2, 0, 5)
& (0 – 1 mod 3, 0 – 0 mod 5, 1 – 3 mod 7) = (2, 0, 5)
23
Modular Multiplication :
10 * 15 = (150 mod 3, 150 mod 5, 150 mod 7) = (0, 0, 3)
& (1*0 mod 3, 0*0 mod 5, 3*1 mod 7) = (0, 0, 3)

Prime Divisors : The divisors, which are prime

numbers are called ‘Prime Divisors.

Euler’s Phi Function : For a given integer ‘n’,

the following function is called ‘EPF’.
 (n) = n.  (1 – 1/p)
Ex-12 : Find the value of EPF where n = 45.

 (45) = 45 (1-1/3) (1-1/5) = 24

24
Basis for Chinese Remainder Theorem :
Ex-13 : Find the lowest integer x such that it
leaves remainders 2, 3 and 2 when divided by
3, 5 and 7.
The Answer : 23

4. Chinese Remainder Theorem :

TH : Let n = n1. n2. n3…nk, where n are pairwise

relatively prime.
Find the value of ‘a’, where
a  ai mod ni for i = 1,2,3,…,k
i.e., a  (a1. a2. a3…ak)
Here ai = a mod ni 25
Proof : Let us define mi = n / ni for i = 1,2,3,…,k
i.e, m = n1. n2.…ni-1 ni+1.…nk

Now let ci = mi(mi -1 mod ni ) for i = 1,2,…,k

Here mi, ni are relatively prime.
Finally, the value of ‘a’ is :
a  (a1 c1 + a2 c2 + a3 c3 + … + ak ck) (mod n )
Ex-14 : Find the value of ‘a’ for the following
equations using Chinese Remainder Theorem :
a  2 (mod 5)
a  3 (mod 13)
26
Here a1 = 2 n1 = 5 m2 = 5
n = 65 a2 = 3 n2 = 13 m1 = 13

Because 13 -1  2 (mod 5) and 5  8 (mod 3)

We have c1 = 13 ( 2 mod 5) = 26
c2 = 5 ( 8 mod 13) = 40

a  2. 26 + 3.40 (mod 65)

 52 + 120 (mod 65)  42
Ex-15 : Find the value of ‘x’ using CRT,
x  4 (mod 5) x  5 (mod 11)

The answer is : 49

27
5. Powers of an Element :
Consider the sequence of powers of ‘a’, modulo n
where a ∊ Zn*. For example,
i 0 1 2 3 4 5 6 7 8 9
3i mod 7 1 3 2 6 4 5 1 3 2 6
i 0 1 2 3 4 5 6 7 8 9
2i mod 7 1 2 4 1 2 4 1 2 4 1

Now, < 2 > = {1, 2, 4} in Z7*

< 3 > = {1, 3, 2, 6, 4, 5} in Z7*

Here, ord7 (2) = 3 & ord7 (3) = 6

28
6 (a) Euler’s Theorem :
For any integer n > 1
a ^  (n)  1 (mod n) for all a ∊ Zn*

6 (b) Fermat’s Theorem :

If p is a prime, then ap - 1  1 (mod p)
Note that if p is a prime, then a ^ (p) = p - 1

Ex-16 : Prove the Euler theorem for the following.

Let n = 7  (n) = 6 & a = {1, 2, 4}

29
7. RSA Cryptosystem :
In RSA Cryptosystem, the public and private
keys are generated as follows :
a) Select at random two large prime numbers
p and q such that p ≠ q.
b) Compute n = pq
c) Select a small odd integer ‘e’ that is relatively
prime to p-1 and q-1. (public exponent)
d) Compute the integer ‘d’ (private exponent)
from e, p and q such that de ≡ 1 mod L, where
L = LCM [ (p-1), (q-1) ]

30
e) Publish P = (e,n) RSA Public Key
Secret S = (d,n) RSA Secret Key

Here, e = ENCRYPT(m) = me mod n

d = DECRYPT(c) = cd mod n

Ex-17 : Apply RSA algorithm for the following.

p=5 q = 11 e = 3

Here n = pq = 55 (n) = 40
and d : ed ≡ 1 mod L L = 20
So, d = 7
31
Let A = Message(m) B = m2 mod n
C = m3 mod n (encrypted message)
D = c2 mod n E = c3 mod n F = c6 mod n
G = c7 mod n (decrypted message)

A B C D E H G
0 0 0 0 0 0 0
1 1 1 1 1 1 1
2 4 8 9 17 14 2

3 9 27 14 48 49 3
4 16 9 26 14 31 4
32
A B C D E H G
5 25 15 5 20 15 5
6 36 51 16 46 26 6
7 49 13 4 52 9 7

8 9 17 14 18 49 8
9 26 14 31 49 36 9

Here, the first column is message sent.

the third column is cipher text
the last column is decrypted message.
33
8. Primality Testing :
a) Carmichael number
A Carmichael number is a composite positive
integer which satisfies the following formula.
bn-1 ≡ 1 ( mod n)
for all integers ‘b’ which are relatively
prime to ‘n’.
Def : A positive composite integer ‘n’ is a CN, iff
‘n’ is square-free and for all prime divisors
p of n, it is true that (p – 1) | (n – 1).
The first Carmichael Number is : 561

34
The Procedure MILLER-RABIN is a probabilistic
search for a proof that n is composite.

In the following procedure, ‘s’ is the number of

times the value of ‘a’ is to be chosen at random.

b) MILLER-RABIN (n,s)
for j = 1 to s
a = RANDOM(1, n-1)
if WITNESS (a,n)
return COMPOSITE
return PRIME

35
c) WITNESS(a,n)
1. Let t and u be such that t ≥ 1.
u is odd, and n-1 = 2t u
2. x0 = MODULAR-EXPONENTIATION(a,u,n)

3. for i = 1 to t
4. xi = x2i-1 mod n
5. if ( xi = = 1) and ( xi-1 ≠ 1) and ( xi-1 ≠ n-1)
6. return TRUE

7. if xt ≠ 1
8. return TRUE
9. return FALSE
36
d) MODULAR-EXPONENTIATION (a, b, n)
1. c = 0
2. d = 1
3. Let (bk , bk-1 , …..,b1 , b0 )

4. for i = k downto 0
5. c = 2c
6. d = (d.d) mod n
7. if bi = = 1
8. c=c+1
9. d = (d.a) mod n
10. return d

37
Ex-18 : Let ‘n’ be a carmichael number. n = 561
So, here n – 1 = 560
If n – 1 is written in the form of n-1 = 2t u, then

t=4 and u = 35
Let the value of ‘a’ is chosen from the
algorithm as : 7
From the WITNESS algorithm,
find the value of x0.

Here, call the

MODULAR_EXPONENTIATION(a,u,n)
where a = 7 & u = 35 & n = 561
38
i init 5 4 3 2 1 0
bi -- 1 0 0 0 1 1
c 0 1 2 4 8 17 35
d 1 7 49 157 526 160 241

Here, d = ac mod n (c = b = u)
From above, the value of ‘d’ returned is : 241
Here, x0 ≡ a35 ≡ 241 (mod 561).

Note : Further we can have

a70 ≡ 298 (mod n) a140 ≡ 166 (mod n)
a280 ≡ 67 (mod n) a560 ≡ 1 (mod n)
39
So, the sequence is : (241, 298, 166, 67, 1)
Thus, WITNESS discovers 1 in the last squaring
step, since a560 ≡ 1 (mod n)

Therefore, a = 7 is the witness to the compo-

siteness of ‘n’.

WITNESS(7,N) returns TRUE.

MILLER-RABIN returns COMPOSITE

Note : 561 = 3 . 11 . 17

40
9. Integer Factorization :
This is the process of integer factorization into a
product of primes.

Pollard’s rho heuristic :

This heuristic here helps in finding the product
of primes for the given integer.

POLLARD-RHO(n)
1. i=1
2. x1 = RANDOM(0, n-1)
3. y = x1
4. k=2

41
5. While TRUE
6. i = i+1
7. xi = (x2i-1 - 1 ) mod n
8. d = gcd(y – xi , n)
9. if ( d  1) and (d  n)
10. print d
11. if ( i = = k)
12. y = xi
13. k = 2k

Note : The above algorithm generates a set of factors

which are primes for the given integer.

42
Ex-19 : Pollard’s Rho Heuristic
Let n = 1387
So, Initialization :
i=1 x1 = 2 y=2 k=2

WHILE : STEP-1 :
i= 2
xi = (x2i-1 - 1 ) mod n  x2 = 3
d = gcd(y – xi , n)  d=1

if [ (d  1) and ( d  n) ] FALSE
if ( i = =k) TRUE
y=3 k=4
43
STEP-2 : i= 3
xi = (x2i-1 - 1 ) mod n  x3 = 8
d = gcd(y – xi , n)  d=1
if [ (d  1) and ( d  n) ] FALSE
if ( i = =k) FALSE

STEP-3 : i= 4
xi = (x2i-1 - 1 ) mod n  x4 = 63
d = gcd(y – xi , n)  d=1
if [ (d  1) and ( d  n) ] FALSE

if ( i = =k) TRUE y = 63 k = 8
44
STEP-4 : i= 5
xi = (x2i-1 - 1 ) mod n  x5 = 1194
d = gcd(y – xi , n)  d=1
if [ (d  1) and ( d  n) ] FALSE
if ( i = = k) FALSE
STEP-5 : i= 6
xi = (x2i-1 - 1 ) mod n  x6 = 1186
d = gcd(y – xi , n)  d=1
if [ (d  1) and ( d  n) ] FALSE
if ( i = = k) FALSE

45
STEP-6 : i= 7
xi = (x2i-1 - 1 ) mod n  x7 = 177
d = gcd(y – xi , n)  d = 19
if [ (d  1) and ( d  n) ] TRUE
 Print d = 19
if ( i = = k) FALSE

If the process is continued like this, we get another

factor : 73
The relation among the Xi values are shown in the
next slide :

46
 310
996
396
814
84
x7 177

x6 1186 120

x5 1194 339 529

x4 63 595 1053

x3 8

x2 3
47
x 2