Chapter 4

Chapter Summary
Divisibility and Modular Arithmetic
Integer Representations and Algorithms
Primes and Greatest Common Divisors
Solving Congruences
Applications of Congruences
Cryptography
Section 4.1
Section Summary
Division
Division Algorithm
Modular Arithmetic
Division
0, then
Definition: If a and b are integers with a ≠
a divides b if there exists an
integer c such that b = ac.
When a divides b we say that a is a factor or
divisor of b and that b is a multiple of a.
The notation a | b denotes that a divides b.
If a | b, then b/a is an integer.
If a does not divide b, we write a ∤ b.

Example: Determine whether 3 | 7 and

whether 3 | 12.
Properties of Divisibility
Theorem 1: Let a, b, and c be integers, where a
≠0.
i. If a | b and a | c, then a | (b + c);
ii. If a | b, then a | bc for all integers c;
iii. If a | b and b | c, then a | c.
Proof: (i) Suppose a | b and a | c, then it follows
that there are integers s and t with b = as and c =

b + c = as + at = a(s + t). Hence, a | (b + c)

at. Hence,

Corollary: If a, b, and c be integers, where a ≠0,

such that a | b and a | c, then a | mb + nc
whenever m and n are integers.
Division Algorithm
 When an integer is divided by a positive integer, there is a
quotient and a remainder. This is traditionally called the
“Division Algorithm,” but is really a theorem.

integer, then there are unique integers q and r, with 0 ≤ r

Division Algorithm: If a is an integer and d a positive
< d, such that a = dq + r (proved in Section 5.2).
Definitions of
 d is called the divisor.
Functions div and
 a is called the dividend.
 q is called the quotient.
mod
 r is called the remainder.
Examples: q = a div d
What are the quotient and remainder when 101 is divided by 11?
r = a mod d
Solution: The quotient when 101 is divided by 11 is 9 = 101 div


11, and the remainder is 2 = 101 mod 11.

What are the quotient and remainder when −11 is divided by 3?
Solution: The quotient when −11 is divided by 3 is −4 = −11 div 3,


and the remainder is 1 = −11 mod 3.

Congruence Relation
Definition: If a and b are integers and m is a positive
integer, then a is congruent to b modulo m if m divides a–
 The notation a ≡ b (mod m) says that a is congruent to b
b.

 We say that a ≡ b (mod m) is a congruence and that m is its

modulo m.

modulus.
 Two integers are congruent mod m if and only if they have
the same remainder when divided by m.

a ≢ b (mod m)
 If a is not congruent to b modulo m, we write

Example: Determine whether 17 is congruent to 5 modulo

6 and whether 24 and 14 are congruent modulo 6.

Solution:
17 ≡ 5 (mod 6) because 6 divides 17 − 5 = 12.
24 ≢ 14 (mod 6) since 24 − 14 = 10 is not divisible by 6.


More on Congruences
Theorem 4: Let m be a positive integer. The
integers a and b are congruent modulo m if and
only if there is an integer k such that a = b + km.
Proof:
If a ≡ b (mod m), then (by the definition of
congruence) m | a – b. Hence, there is an integer k
such that a – b = km and equivalently a = b + km.

+ km, then km = a – b. Hence, m | a – b and a ≡ b

Conversely, if there is an integer k such that a = b

(mod m).
The Relationship between
(mod m) and mod m Notations
 The use of “mod” in a ≡ b (mod m) and a
mod m = b are different.
a ≡ b (mod m) is a relation on the set of
integers.
In a mod m = b, the notation mod denotes a
function.
The relationship between these notations is

Theorem 3: Let a and b be integers, and let m

made clear in this theorem.

be a positive integer. Then a ≡ b (mod m) if

and only if a mod m = b mod m.
Congruences of Sums and Products
Theorem 5: Let m be a positive integer. If a ≡ b
(mod m) and c ≡ d (mod m), then
a + c ≡ b + d (mod m) and ac ≡ bd (mod m)

 Because a ≡ b (mod m) and c ≡ d (mod m), by

Proof:
Theorem 4 there are integers s and t with a = b + sm
and c = d + tm.
 Therefore,
 a + c = (b + sm) + (d + tm) = (b + d) + m(s + t) and

 Hence, a + c ≡ b + d (mod m) and ac ≡ bd (mod m).

 ac = (b + sm) (d + tm) = bd + m(at + cs + stm).

Example: Because 7 ≡ 2 (mod 5) and 11 ≡ 1 (mod

5) , it follows from Theorem 5 that
18 = 7 + 11 ≡ 2 + 1 = 3 (mod 5)
77 = 7 ∙ 11 ≡ 2 ∙ 1 = 2 (mod 5)
Computing the mod m Function of
Products and Sums
We use the following corollary to Theorem 5
to compute the remainder of the product or
sum of two integers when divided by m from
the remainders when each is divided by m.
Corollary: Let m be a positive integer and let
a and b be integers. Then
(a + b) (mod m) = ((a mod m) + (b mod
m)) mod m
and
ab mod m = ((a mod m) (b mod m)) mod m.
Section 4.2
Section Summary
Integer Representations
 Base b Expansions
 Binary Expansions
 Octal Expansions
Hexadecimal Expansions
Base Conversion Algorithm
Algorithms for Integer Operations
Representations of Integers
10, notation to represent integers. For example
In the modern world, we use decimal, or base

when we write 965, we mean 9∙102 + 6∙101 +

5∙100 .

where b is a positive integer greater than 1.

We can represent numbers using any base b,

The bases b = 2 (binary), b = 8 (octal) , and b=

16 (hexadecimal) are important for computing

The ancient Mayans used base 20 and the

and communications

ancient Babylonians used base 60.

Base b Representations
 We can use positive integer b greater than 1 as a base,

Theorem 1: Let b be a positive integer greater than 1.

because of this theorem:

Then if n is a positive integer, it can be expressed uniquely

in the form:
n = akbk + ak-1bk-1 + …. + a1b + a0

nonnegative integers less than b, and ak≠ 0. The aj, j = 0,

where k is a nonnegative integer, a0,a1,…. ak are

…,k are called the base-b digits of the representation.

5.1.)
(We will prove this using mathematical induction in Section
 The representation of n given in Theorem 1 is called the

 We usually omit the subscript 10 for base 10 expansions.

base b expansion of n and is denoted by (akak-1….a1a0)b.
Binary Expansions
with binary (base 2) expansions of integers. In these
Most computers represent integers and do arithmetic

expansions, the only digits used are 0 and 1.

that has (1 0101 1111)2 as its binary expansion?

Example: What is the decimal expansion of the integer

(1 0101 1111)2 = 1∙28 + 0∙27 + 1∙26 + 0∙25 + 1∙24

Solution:

+ 1∙23 + 1∙22 + 1∙21 + 1∙20 =351.

Example: What is the decimal expansion of the integer
that has (11011)2 as its binary expansion?
Solution: (11011)2 = 1 ∙24 + 1∙23 + 0∙22 + 1∙21 + 1∙20
=27.
Octal Expansions
The octal expansion (base 8) uses the digits
{0,1,2,3,4,5,6,7}.
Example: What is the decimal expansion of
the number with octal expansion (7016)8 ?
Solution: 7∙83 + 0∙82 + 1∙81 + 6∙80 =3598
Example: What is the decimal expansion of
the number with octal expansion (111)8 ?
Solution: 1∙82 + 1∙81 + 1∙80 = 64 + 8 + 1 =
73
Hexadecimal Expansions
The hexadecimal expansion needs 16 digits, but our
decimal system provides only 10. So letters are used
for the additional symbols. The hexadecimal system
uses the digits {0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F}. The
10 through 15.
letters A through F represent the decimal numbers

Example: What is the decimal expansion of the

number with hexadecimal expansion (2AE0B)16 ?

2∙164 + 10∙163 + 14∙162 + 0∙161 + 11∙160

Solution:

=175627
Example: What is the decimal expansion of the

Solution: 14∙161 + 5∙160 = 224 + 5 = 229

number with hexadecimal expansion (E5)16 ?
Base Conversion
To construct the base b expansion of an integer n:
Divide n by b to obtain a quotient and remainder.
n = bq0 + a0 0 ≤ a0 ≤ b
The remainder, a , is the rightmost digit in the
0
base b expansion of n. Next, divide q0 by b.
q0 = bq1 + a1 0 ≤ a1 ≤ b
1
The remainder, a , is the second digit from the
right in the base b expansion of n.
Continue by successively dividing the quotients by
b, obtaining the additional base b digits as the

quotient is 0.
remainder. The process terminates when the
continued →
Algorithm: Constructing Base b Expansions
with b > 1)
procedure base b expansion(n, b: positive integers

k := 0
q := n

while (q ≠ 0)
ak := q mod b
k := k + 1
q := q div b

return(ak-1 ,…, a1,a0){(ak-1 … a1a0)b is base b

expansion of n}
 q represents the quotient obtained by successive
divisions by b, starting with q = n.
The digits in the base b expansion are the

The algorithm terminates when q = 0 is reached.

remainders of the division given by q mod b.
Base Conversion
Example: Find the octal expansion of
(12345)10
Solution: Successively dividing by 8 gives:
 12345 = 8 ∙ 1543 + 1
 1543 = 8 ∙ 192 + 7
 192 = 8 ∙ 24 + 0
 24 = 8 ∙ 3 + 0
 3 =8∙0+3

The remainders are the digits from right to left

yielding (30071)8.
Comparison of Hexadecimal, Octal,
and Binary Representations

Initial 0s are not shown

Each octal digit corresponds to a block of 3 binary digits.

Each hexadecimal digit corresponds to a block of 4 binary digits.
So, conversion between binary, octal, and hexadecimal is easy.
Conversion Between Binary, Octal,
and Hexadecimal Expansions
expansions of (11 1110 1011 1100)2.
Example: Find the octal and hexadecimal

Solution:

of three (011 111 010 111 100)2, adding initial 0s as

To convert to octal, we group the digits into blocks

the digits 3,7,2,7, and 4. Hence, the solution is

needed. The blocks from left to right correspond to

(37274)8.

blocks of four (0011 1110 1011 1100)2, adding

To convert to hexadecimal, we group the digits into

initial 0s as needed. The blocks from left to right

correspond to the digits 3,E,B, and C. Hence, the
solution is (3EBC)16.
Binary Addition of Integers
Algorithms for performing operations with integers
using their binary expansions are important as
computer chips work with binary numbers. Each
digit isadd(a,
procedure called a bit. integers)
b: positive
{the binary expansions of a and b are (an-1,an-2,…,a0)2 and (bn-1,bn-2,…,b0)2,

c := 0
respectively}

for j := 0 to n − 1
d := ⌊(aj + bj + c)/2⌋
sj := aj + bj + c − 2d
c := d
sn := c
return(s0,s1,…, sn){the binary expansion of the sum is (sn,sn-1,…,s0)2}
The number of additions of bits used by the
algorithm to add two n-bit integers is O(n).
Binary Multiplication of Integers
Algorithm for computing the product of two n
bit integers.
procedure multiply(a, b: positive integers)
{the binary expansions of a and b are (an-1,an-2,…,a0)2 and (bn-1,bn-2,…,b0)2,

for j := 0 to n − 1
respectively}

if bj = 1 then cj = a shifted j places

else cj := 0
{co,c1,…, cn-1 are the partial products}
p := 0
for j := 0 to n − 1
p := p + cj
The number of additions of bits used by the
return p {p is the value of ab}

algorithm to multiply two n-bit integers is

O(n2).
Binary Modular Exponentiation
 In cryptography, it is important to be able to find bn mod
m efficiently, where b, n, and m are large integers.
1 o 2
 Use the binary expansion of n, n = (a ,…,a ,a ) , to
k-1
compute b .n

Note that:

 Therefore, to compute bn, we need only compute the

values of b, b2, (b2)2 = b4, (b4)2 = b8 , …,
in this list, where aj = 1.
and the
multiply the terms

Example: Compute 311 using this method.

Solution: Note that 11 = (1011)2 so that 311 = 38 32 31 =

((32)2 )2 32 31 = (92 )2 ∙ 9 ∙3 = (81)2 ∙ 9 ∙3 =6561 ∙ 9 ∙3

=117,147. continued →
Section 4.3
Section Summary
Prime Numbers and their Properties
Greatest Common Divisors and Least
Common Multiples
The Euclidian Algorithm
gcds as Linear Combinations
Primes
1 is called prime if the only positive factors of
Definition: A positive integer p greater than

p are 1 and p. A positive integer that is

greater than 1 and is not prime is called
composite.

Example: The integer 7 is prime because its

only positive factors are 1 and 7, but 9 is
composite because it is divisible by 3.
The Fundamental Theorem of
Arithmetic
than 1 can be written uniquely as a prime or
Theorem: Every positive integer greater

as the product of two or more primes where

the prime factors are written in order of
nondecreasing size.
Examples:
100 = 2 ∙ 2 ∙ 5 ∙ 5 = 22 ∙ 52
641 = 641
999 = 3 ∙ 3 ∙ 3 ∙ 37 = 33 ∙ 37
1024 = 2 ∙ 2 ∙ 2 ∙ 2 ∙ 2 ∙ 2 ∙ 2 ∙ 2 ∙ 2 ∙ 2 = 210
 Erastothenes
(276-194
B.C.)
The Sieve of Erastosthenes
The Sieve of Erastosthenes can be used to find all primes

begin with the list of integers between 1 and 100.

not exceeding a specified positive integer. For example,

Delete all the integers, other than 2, divisible by 2.

Delete all the integers, other than 3, divisible by 3.
a.

Next, delete all the integers, other than 5, divisible by 5.

b.

Next, delete all the integers, other than 7, divisible by 7.

c.
d.

the previous integers, other than 1, the primes are:

e. Since all the remaining integers are not divisible by any of

{2,3,5,7,11,15,1719,23,29,31,37,41,43,47,53,
59,61,67,71,73,79,83,89, 97}

continued →
The Sieve of Erastosthenes
If an integer n is a
composite integer, then it

than or equal to √n.

has a prime divisor less

ab, then a ≤ √n or b
To see this, note that if n =

≤√n.

Trial division, a very

inefficient method of
determining if a number n

integer i ≤√n and see if n

is prime, is to try every

is divisible by i.
Theorem: If n is a composite integer, then n
has a prime divisor less than or equal to √n.
Proof:
If n is composite, then it has a positive integer
factor a with 1 < a < n by definition. This means
that n = ab, where b is an integer greater than 1.
Assume a > √n and b > √n. Then ab > √ n √n = n,
which is a contradiction. So either a ≤ √n or b ≤
√n.
Thus, n has a divisor less than √n.
By the fundamental theorem of arithmetic, this
divisor is either prime, or is a product of primes.
In either case, n has a prime divisor less than √n.
Infinitude of Primes (325 B.C.E. – 265 B.C.E.)
Euclid

Theorem: There are infinitely many primes. (Euclid)

Proof: Assume finitely many primes: p1, p2, ….., pn
 Let q = p1p2∙∙∙ pn + 1
 Either q is prime or by the fundamental theorem of arithmetic
it is a product of primes.

q − p1p2∙∙∙ pn = 1 .
 But none of the primes p divides q since if p | q, then p
j j j
divides
 Hence, there is a prime not on the list p1, p2, ….., pn. It is
either q, or if q is composite, it is a prime factor of q. This
contradicts the assumption that p1, p2, ….., pn are all the
primes.
This proof was given by Euclid The Elements. The proof is considered to be
one
Consequently, there
of the most beautiful are infinitely
in all mathematics. many
It is the primes.
first proof in The Book,
inspired by the famous mathematician Paul Erdős’ imagined collection of perfect
Paul Erdős
proofs maintained by God.
(1913-1996)
Mersene Primes Marin Mersenne

Definition: Prime numbers of the form 2p − 1 , where p is

(1588-1648)

 22 − 1 = 3, 23 − 1 = 7, 25 − 1 = 37 , and 27 − 1 = 127 are

prime, are called Mersene primes.
Mersene primes.
 211 − 1 = 2047 is not a Mersene prime since 2047 = 23∙89.
 There is an efficient test for determining if 2p − 1 is prime.
 The largest known prime numbers are Mersene primes.
 As of mid 2011, 47 Mersene primes were known, the largest is
243,112,609 − 1, which has nearly 13 million decimal digits.
 A new Mersenne prime was found in December 2017. As of
January 2018, 50 are now known. The largest known prime
number 2^77,232,917 − 1 is a Mersenne prime
 As of October 2020, 51 Mersenne primes are known. The
largest known prime number, 2^82,589,933 − 1, is a Mersenne
prime
 The Great Internet Mersene Prime Search (GIMPS) is a
distributed computing project to search for new Mersene
Primes.
Greatest Common Divisor
Definition: Let a and b be integers, not both zero.
The largest integer d such that d | a and also d | b
is called the greatest common divisor of a and b.
The greatest common divisor of a and b is denoted
by gcd(a,b).

One can find greatest common divisors of small

numbers by inspection.

24 and 36?
Example:What is the greatest common divisor of

Solution: gcd(24, 36) = 12

17 and 22?
Example:What is the greatest common divisor of

Solution: gcd(17,22) = 1
Greatest Common Divisor
if their greatest common divisor is 1.
Definition: The integers a and b are relatively prime

Example: 17 and 22

relatively prime if gcd(ai, aj)= 1 whenever 1 ≤ i<j ≤n.

Definition: The integers a1, a2, …, an are pairwise

Example: Determine whether the integers 10, 17 and

21 are pairwise relatively prime.
Solution: Because gcd(10,17) = 1, gcd(10,21) = 1,
and gcd(17,21) = 1, 10, 17, and 21 are pairwise
relatively prime.
Example: Determine whether the integers 10, 19, and
24 are pairwise relatively prime.
Solution: Because gcd(10,24) = 2, 10, 19, and 24 are
not pairwise relatively prime.
Finding the Greatest Common Divisor
Using Prime Factorizations
 Suppose the prime factorizations of a and b are:

where each exponent is a nonnegative integer, and where all

primes occurring in either prime factorization are included in
both. Then:

 This formula is valid since the integer on the right (of the
equals sign) divides both a and b. No larger integer can divide

Example: 120 = 23 ∙3 ∙5 500 = 22 ∙53

both a and b.

gcd(120,500) = 2min(3,2) ∙3min(1,0) ∙5min(1,3) = 22 ∙30 ∙51 = 20

 Finding the gcd of two positive integers using their prime
factorizations is not efficient because there is no efficient
algorithm for finding the prime factorization of a positive
integer.
Least Common Multiple
Definition: The least common multiple of the positive integers
a and b is the smallest positive integer that is divisible by both
a and b. It is denoted by lcm(a,b).
 The least common multiple can also be computed from the
prime factorizations.

This number is divided by both a and b and no smaller number

Example: lcm(233572, 2433) = 2max(3,4) 3max(5,3) 7max(2,0) = 24 35 72
is divided by a and b.
 The greatest common divisor and the least common multiple of

Theorem 5: Let a and b be positive integers. Then

two integers are related by:
ab = gcd(a,b) ∙lcm(a,b)
(proof is Exercise 31)
Euclidean Algorithm (325 B.C.E. – 265 B.C.E.)
Euclid

The Euclidian algorithm is an efficient method for

computing the greatest common divisor of two

equal to gcd(a,c) when a > b and c is the

integers. It is based on the idea that gcd(a,b) is

287):
remainder when a is divided by b.
287 by 91
Example: Find gcd(91,Divide
287 = 91 ∙ 3 + 14 Divide 91 by 14
 91 = 14 ∙ 6 + 7


Divide 14 by 7
 14 = 7 ∙ 2 + 0
Stopping
condition

gcd(287, 91) = gcd(91, 14) = gcd(14, 7) = 7

continued →
Euclidean Algorithm
The Euclidean algorithm expressed in
pseudocode is:b: positive integers)
procedure gcd(a,
x := a

while y ≠ 0
y := b

r := x mod y
x := y
y := r
return x {gcd(a,b) is x}

In Section 5.3, we’ll see that the time complexity

of the algorithm is O(log b), where a > b.
Correctness of Euclidean Algorithm
Lemma 1: Let a = bq + r, where a, b, q, and r
are integers. Then gcd(a,b) = gcd(b,r).
Proof:

divides a − bq = r (by Theorem 1 of Section 4.1).

Suppose that d divides both a and b. Then d also

Hence, any common divisor of a and b must also

be any common divisor of b and r.
Suppose that d divides both b and r. Then d also
divides bq + r = a. Hence, any common divisor of
a and b must also be a common divisor of b and r.
Therefore, gcd(a,b) = gcd(b,r).
 Étienne Bézout
(1730-1783)

gcds as Linear Combinations

Bézout’s Theorem: If a and b are positive
integers, then there exist integers s and t such that
gcd(a,b) = sa + tb.

Definition: If a and b are positive integers, then

called Bézout coefficients of a and b. The equation
integers s and t such that gcd(a,b) = sa + tb are
gcd(a,b) = sa + tb is called Bézout’s identity.
By Bézout’s Theorem, the gcd of integers a and b
can be expressed in the form sa + tb where s and t
are integers. This is a linear combination with
 gcd(6,14) = (−2)∙6 + 1∙14
integer coefficients of a and b.
Finding gcds as Linear Combinations
Example: Express gcd(252,198) = 18 as a linear
combination of 252 and 198.

gcd(252,198) = 18
Solution: First use the Euclidean algorithm to show
i. 252 = 1∙198 + 54
ii. 198 = 3 ∙54 + 36
iii. 54 = 1 ∙36 + 18
iv. 36 = 2 ∙18
 Now working backwards, from iii and i above
18 = 54 − 1 ∙36
36 = 198 − 3 ∙54


 Substituting the 2nd equation into the 1st yields:



18 = 54 − 1 ∙(198 − 3 ∙54 )= 4 ∙54 − 1 ∙198

 Substituting 54 = 252 − 1 ∙198 (from i)) yields:


 18 = 4 ∙(252 − 1 ∙198) − 1 ∙198 = 4 ∙252 − 5 ∙198

This method illustrated above is a two pass method. It
first uses the Euclidian algorithm to find the gcd and then
works backwards to express the gcd as a linear
combination of the original two integers. A one pass
method, called the extended Euclidean algorithm, is
developed in the exercises.
Section 4.4
Section Summary
Linear Congruences
The Chinese Remainder Theorem
Fermat’s Little Theorem
Pseudoprimes
Primitive Roots and Discrete Logarithms
Linear Congruences
ax ≡ b( mod m),
Definition: A congruence of the form

where m is a positive integer, a and b are integers, and x is

a variable, is called a linear congruence.

 The solutions to a linear congruence ax≡ b( mod m) are all

integers x that satisfy the congruence.

Definition: An integer ā such that āa ≡ 1( mod m) is said to

Example: 5 is an inverse of 3 modulo 7 since 5∙3 = 15 ≡

be an inverse of a modulo m.

1(mod 7)

 One method of solving linear congruences makes use of an

inverse ā, if it exists. Although we can not divide both sides
of the congruence by a, we can multiply by ā to solve for x.
Inverse of a modulo m
 The following theorem guarantees that an inverse of a
modulo m exists whenever a and m are relatively prime.

1.
Two integers a and b are relatively prime when gcd(a,b) =

Theorem 1: If a and m are relatively prime integers and m

> 1, then an inverse of a modulo m exists. Furthermore,
this inverse is unique modulo m. (This means that there is
a unique positive integer ā less than m that is an inverse of
a modulo m and every other inverse of a modulo m is

Proof: Since gcd(a,m) = 1, by Theorem 6 of Section 4.3,

congruent to ā modulo m.)

there are integers s and t such that sa + tm = 1.

 Hence, sa + tm ≡ 1 ( mod m).
 Since tm ≡ 0 ( mod m), it follows that sa ≡ 1 ( mod m)

 The uniqueness of the inverse is Exercise 7.

 Consequently, s is an inverse of a modulo m.
Finding Inverses
The Euclidean algorithm and Bézout coefficients
gives us a systematic approaches to finding

Example: Find an inverse of 3 modulo 7.

inverses.

Solution: Because gcd(3,7) = 1, by Theorem 1, an

inverse of 3 modulo 7 exists.
 Using the Euclidian algorithm: 7 = 2∙3 + 1.
 From this equation, we get −2∙3 + 1∙7 = 1, and see
that −2 and 1 are Bézout coefficients of 3 and 7.
 Hence, −2 is an inverse of 3 modulo 7.
 Also every integer congruent to −2 modulo 7 is an
inverse of 3 modulo 7, i.e., 5, −9, 12, etc.
Finding Inverses
Example: Find an inverse of 101 modulo 42620.

1.
Solution: First use the Euclidian algorithm to
show that gcd(101,42620) =Backwards:
42620 = 45∙101 + 1 = 3 − 1∙2
Working

75 1 = 3 − 1∙(23 − 7∙3) = − 1 ∙23 + 8∙3

101 = 1∙75 + 26 1 = −1∙23 + 8∙(26 − 1∙23) = 8∙26 −
75 = 2∙26 + 23 9 ∙23
26 = 1∙23 + 3 1 = 8∙26 − 9 ∙(75 − 2∙26 )= 26∙26 −
23 = 7∙3 + 2 9 ∙75
3 = 1∙2 + 1 1 = 26∙(101 − 1∙75) − 9 ∙75
2 =the
2∙1 = 26∙101 − 35 ∙75
remainder is 1, 1 = 26∙101 − and
: − 35 35 ∙(42620
1601−is45∙101)
an
Since last nonzero

gcd(101,4260) = 1 1601 = − 35 ∙42620 + 1601∙101

inverse of 101
Bézout coefficients

modulo 42620
The Chinese Remainder Theorem
In the first century, the Chinese mathematician Sun-
Tsu asked:

When divided by 3, the remainder is 2; when divided by

There are certain things whose number is unknown.

5, the remainder is 3; when divided by 7, the remainder

is 2. What will be the number of things?
This puzzle can be translated into the solution of the

x ≡ 2 ( mod 3),
system of congruences:

x ≡ 3 ( mod 5),
x ≡ 2 ( mod 7)?
We’ll see how the theorem that is known as the
Chinese Remainder Theorem can be used to solve
Sun-Tsu’s problem.
The Chinese Remainder Theorem
Theorem 2: (The Chinese Remainder Theorem) Let m1,m2,…,mn
be pairwise relatively prime positive integers greater than one
and a1,a2,…,an arbitrary integers. Then the system
x ≡ a1 ( mod m1)
x ≡ a2 ( mod m2)
∙
∙
∙
x ≡ an ( mod mn)
has a unique solution modulo m = m1m2 ∙ ∙ ∙ mn.
(That is, there is a solution x with 0 ≤ x <m and all other solutions
are congruent modulo m to this solution.)

 Proof: We’ll show that a solution exists by describing a way to

m is Exercise 30.
construct the solution. Showing that the solution is unique modulo

continued →
The Chinese Remainder Theorem
To construct a solution first let Mk=m/mk for k = 1,2,…,n and
m = m1m2 ∙ ∙ ∙ mn .

Since gcd(mk ,Mk ) = 1, by Theorem 1, there is an integer yk

Mk yk ≡ 1 ( mod mk ).
, an inverse of Mk modulo mk, such that

x = a1 M1 y1 + a2 M2 y2 + ∙ ∙ ∙ + an Mn yn .
Form the sum

Note that because Mj ≡ 0 ( mod mk) whenever j ≠k , all terms

except the kth term in this sum are congruent to 0 modulo mk .
Because Mk yk ≡ 1 ( mod mk ), we see that x ≡ ak Mk yk ≡ ak( mod
mk), for k = 1,2,…,n.

x ≡ a1 ( mod m1)
Hence, x is a simultaneous solution to the n congruences.

x ≡ a2 ( mod m2)
∙
∙
∙
The Chinese Remainder Theorem
Example: Consider the 3 congruences from Sun-Tsu’s

x ≡ 2 ( mod 3), x ≡ 3 ( mod 5), x ≡ 2 ( mod 7).

problem:

 Let m = 3∙ 5 ∙ 7 = 105, M = m/3 = 35, M = m/5 = 21,

M3 = m/7 = 15.
1 2

 We see that
2 is an inverse of M1 = 35 modulo 3 since 35 ∙ 2 ≡ 2 ∙ 2 ≡ 1 (mod 3)
1 is an inverse of M2 = 21 modulo 5 since 21 ≡ 1 (mod 5)


1 is an inverse of M3 = 15 modulo 7 since 15 ≡ 1 (mod 7)



 Hence,


x = a 1 M 1 y1 + a 2 M 2 y 2 + a 3 M 3 y 3
= 2 ∙ 35 ∙ 2 + 3 ∙ 21 ∙ 1 + 2 ∙ 15 ∙ 1 = 233 ≡ 23 (mod 105)

 We have shown that 23 is the smallest positive integer that is a

simultaneous solution. Check it!
Fermat’s Little Theorem Pierre de Fermat

Theorem 3: (Fermat’s Little Theorem) If p is prime and a is an

(1601-1665)

integer not divisible by p, then ap-1 ≡ 1 (mod p)

Furthermore, for every integer a we have ap ≡ a (mod p)

Fermat’s little theorem is useful in computing the remainders

Example: Find 7222 mod 11.

modulo p of large powers of integers.

By Fermat’s little theorem, we know that 710 ≡ 1 (mod 11),

and so (710 )k ≡ 1 (mod 11), for every positive integer k.
Therefore,

7222 = 722∙10 + 2 = (710)2272 ≡ (1)22 ∙49 ≡ 5 (mod 11).

Hence, 7222 mod 11 = 5.

Pseudoprimes
By Fermat’s little theorem n > 2 is prime, where
2n-1 ≡ 1 (mod n).

Composite integers n such that 2n-1 ≡ 1 (mod n)

But if this congruence holds, n may not be prime.

are called pseudoprimes to the base 2.

Example: The integer 341 is a pseudoprime to
the base 2.
341 = 11 ∙ 31
2340 ≡ 1 (mod 341) (see in Exercise 37)
We can replace 2 by any integer b ≥ 2.

composite integer, and bn-1 ≡ 1 (mod n), then n is

Definition: Let b be a positive integer. If n is a
called a pseudoprime to the base b.
Pseudoprimes
Given a positive integer n, such that 2n-1 ≡ 1 (mod
n):
 If n does not satisfy the congruence, it is composite.

pseudoprime to the base 2.

 If n does satisfy the congruence, it is either prime or a

Doing similar tests with additional bases b,

provides more evidence as to whether n is prime.
Among the positive integers not exceeding a
positive real number x, compared to primes, there
are relatively few pseudoprimes to the base b.

1010 there are 455,052,512 primes, but only 14,884

 For example, among the positive integers less than

pseudoprimes to the base 2.

Carmichael Numbers
Robert Carmichael
(1879-1967)

that gcd(b,n) = 1.
 There are composite integers n that pass all tests with bases b such

b ≡ 1 (mod n) for all positive integers b with gcd(b,n) = 1 is

Definition: A composite integer n that satisfies the congruence
n-1

Example: The integer 561 is a Carmichael number. To see this:

called a Carmichael number.

 561 is composite, since 561 = 3 ∙ 11 ∙ 13.

 If gcd(b, 561) = 1, then gcd(b, 3) = 1, then gcd(b, 11) = gcd(b,
17) =1.
 Using Fermat’s Little Theorem: b2 ≡ 1 (mod 3), b10 ≡ 1 (mod 11),
b16 ≡ 1 (mod 17).
 Then
b560 = (b2) 280 ≡ 1 (mod 3),
b560 = (b10) 56 ≡ 1 (mod 11),
b560 = (b16) 35 ≡ 1 (mod 17).
 It follows (see Exercise 29) that b560 ≡ 1 (mod 561) for all positive
integers b with gcd(b,561) = 1. Hence, 561 is a Carmichael
number.
 Even though there are infinitely many Carmichael numbers, there
are other tests (described in the exercises) that form the basis for
efficient probabilistic primality testing. (see Chapter 7)
Primitive Roots
Definition: A primitive root modulo a prime p is
an integer r in Zp such that every nonzero
element of Zp is a power of r.

of 2, 2 is a primitive root of 11.

Example: Since every element of Z11 is a power

Powers of 2 modulo 11: 21 = 2, 22 = 4, 23 = 8, 24 = 5, 25 = 10, 26

= 9, 27 = 7, 28 = 3, 29 = 6, 210 = 2.

powers of 3, 3 is not a primitive root of 11.

Example: Since not all elements of Z11 are

Powers of 3 modulo 11: 31 = 3, 32 = 9, 33 = 5, 34 = 4, 35 = 1, and

the pattern repeats for higher powers.
Important Fact: There is a primitive root modulo
p for every prime number p.
Section 4.6
Caesar Cipher
Julius Caesar created secret messages by shifting each letter three
letters forward in the alphabet (sending the last three letters to the first
three letters.) For example, the letter B is replaced by E and the letter X
is replaced by A. This process of making a message secret is an example
of encryption.

 Replace each letter by an integer from Z , that is an integer from 0 to 25

Here is how the encryption process works:
26

 The encryption function is f(p) = (p + 3) mod 26. It replaces each integer

representing one less than its position in the alphabet.

 Replace each integer p by the letter with the position p + 1 in the

p in the set {0,1,2,…,25} by f(p) in the set {0,1,2,…,25} .

alphabet.
Example: Encrypt the message “MEET YOU IN THE PARK” using the

Solution: 12 4 4 19 24 14 20 8 13 19 7 4 15 0 17 10.
Caesar cipher.

Now replace each of these numbers p by f(p) = (p + 3) mod 26.

15 7 7 22 1 17 23 11 16 22 10 7 18 3 20 13.
Translating the numbers back to letters produces the encrypted
message
“PHHW BRX LQ WKH SDUN.”
Caesar Cipher
To recover the original message, use f−1(p) = (p−3)
mod 26. So, each letter in the coded message is
shifted back three letters in the alphabet, with the
first three letters sent to the last three letters. This
process of recovering the original message from the
encrypted message is called decryption.
The Caesar cipher is one of a family of ciphers called

with 3 being just one possibility. The encryption

shift ciphers. Letters can be shifted by an integer k,

f(p) = (p + k) mod 26
function is

and the decryption function is

f−1(p) = (p−k) mod 26
The integer k is called a key.
Shift Cipher
Example 1: Encrypt the message “STOP GLOBAL
WARMING” using the shift cipher with k = 11.
Solution: Replace each letter with the
corresponding element of Z26.
18 19 14 15 6 11 14 1 0 11 22 0 17 12 8
13 6.
Apply the shift f(p) = (p + 11) mod 26, yielding
3 4 25 0 17 22 25 12 11 22 7 11 2 23 19
24 17.
Translating the numbers back to letters produces
the ciphertext
“DEZA RWZMLW HLCXTYR.”
Shift Cipher
Example 2: Decrypt the message “LEWLYPLUJL
using the shift cipher with k = 7.
PZ H NYLHA ALHJOLY” that was encrypted

Solution: Replace each letter with the

corresponding element of Z26.
11 4 22 11 24 15 11 20 9 11 15 25 7 13 24 11 7 0 0 11 7
9 14 11 24.
Shift each of the numbers by −k = −7 modulo
26, yielding
4 23 15 4 17 8 4 13 2 4 8 18 0 6 17 4 0 19 19 4 0 2
7 4 17.
Translating the numbers back to letters
produces the decrypted message
“EXPERIENCE IS A GREAT TEACHER.”
Cryptosystems
Definition: A cryptosystem is a five-tuple (P,C,K,E,D),
where
 P is the set of plainntext strings,
 C is the set of ciphertext strings,
 K is the keyspace (set of all possible keys),
 E is the set of encryption functions, and
 D is the set of decryption functions.
The encryption function in E corresponding to the key
k is denoted by Ek and the decription function in D
that decrypts cipher text enrypted using Ek is denoted
by Dk. Therefore:
Dk(Ek(p)) = p, for all plaintext
strings p.
Cryptosystems
Example: Describe the family of shift ciphers
as a cryptosystem.
Solution: Assume the messages are strings
consisting of elements in Z26.
P is the set of strings of elements in Z26,
C is the set of strings of elements in Z26,
K = Z26,

Ek (p) = (p + k) mod 26 , and

E consists of functions of the form

D is the same as E where Dk (p) = (p − k) mod 26 .

Public Key Cryptography
All classical ciphers, including shift and affine
ciphers, are private key cryptosystems. Knowing the
encryption key allows one to quickly determine the
decryption key.
All parties who wish to communicate using a private
key cryptosystem must share the key and keep it a
secret.

1970s, knowing how to encrypt a message does not

In public key cryptosystems, first invented in the

help one to decrypt the message. Therefore, everyone

can have a publicly known encryption key. The only
key that needs to be kept secret is the decryption key.
RSA
by Rivest, Shamir & Adleman of MIT in 1977
best known & widely used public-key scheme
based on exponentiation in a finite (Galois)
field over integers modulo a prime
uses large integers (e.g., 1024 bits)
security due to cost of factoring large numbers

69
RSA Key Setup
each user generates a public/private key pair by:
selecting two large primes at random - p,q
computing their system modulus n=p.q
-define ø(n)=(p-1)(q-1)
selecting at random the encryption key e
 where 1<e<ø(n), gcd(e,ø(n))=1
solve following equation to find decryption key d
e.d=1 mod ø(n) and 0≤d≤n
publish their public encryption key: PU={e,n}
keep secret private decryption key: PR={d,n}

70
RSA Use
to encrypt a message M the sender:
obtains public key of recipient PU={e,n}
computes: C = Me mod n, where 0≤M<n
to decrypt the ciphertext C the owner:
uses their private key PR={d,n}
computes: M = Cd mod n
note that the message M must be smaller
than the modulus n (block if needed)

71
RSA Example - Key Setup
1. Select primes: p=17 & q=11
2. Compute n = pq =17 x 11=187
3. Compute ø(n)=(p–1)(q-1)=16 x
10=160
4. Select e: gcd(e,160)=1; choose e=7
5. Determine d: de=1 mod 160 and d < 160
Value is d=23 since 23x7=161= 10x160+1
6. Publish public key PU={7,187}
7. Keep secret private key PR={23,187}

72
RSA Example - En/Decryption
sample RSA encryption/decryption is:
given message M = 88
encryption:
C = 887 mod 187 = 11
decryption:
M = 1123 mod 187 = 88

73