Primes and Modular Arithmetic! CSCI 2824, Fall 2014! ! ! Scheme version of the algorithm for finding the GCD ! (define (gcd a b)! (if !(= b 0) ! ! ! !a! ! ! !(gcd b (remainder a b))))! ! An example: gcd (812, 17) = gcd(17, 13) = gcd(13, 4) = gcd (4, 1) = gcd (1, 0) = 1 Not only is this idea super-fast, but it’s also useful: (18, 7) = (7, 4) = (4, 3) = (3, 1) = (1, 0) = 1 18 = (2 * 7) + 4 7 = (1* 4) + 3 4 = (1 * 3) + 1 Now, unwind those statements: 1 = 4 – (1 * 3) = 4 - (1 * (7 – (1 * 4))) = 4 – (7 – 4) = (2 * 4) - 7 = ((2 * (18 – (2 * 7))) – 7 = (2 * 18) – (5 * 7) The Structure of Divisors Let’s try to “break down” a number’s divisors as far as we can: 84 = 2 * 42 = 2 * 2 * 21 = 2 * 2 * 3 * 7 We can’t go any further than this, since we have only prime factors. The Fundamental Theorem of Arithmetic Every number n has a unique factorization into primes. A Lemma Suppose d|(ab) and gcd(d,a) = 1 In prose: d goes into the product of a and b, but d and a are relatively prime. Then d|b Let’s prove the lemma. Since d|ab We can write: ab = dq And since gcd(d, a) = 1 We can find x and y such that: dx + ay = 1 So: dbx + aby = b dbx + dqy = b d(bx + qy) = b Lemma 2 (a corollary to Lemma 1) We now know that if d|(ab) and gcd(d,a) = 1, then d|b. Suppose d is a prime number (let’s call it p for prime). Then if p|(ab), we know that either p|a or p|b. Proof: Suppose p doesn’t go into a. Then by the definition of greatest common divisor (and the definition of a “prime number”), gcd(p,a) = 1. Which means, from our previous lemma, that p|b. More generally, we have the following: p|q1q2q3…qn means that p must go into at least one factor in the product. Now we’re ready to prove the Fundamental Theorem of Arithmetic First we show that every number can be factored into primes. (We’ll leave uniqueness for the next step.) Step 1. We know that 2 can be factored into primes (i.e., 2 itself). Step 2. Suppose that all numbers from 2…n can be factored into primes. Consider n+1. If it’s prime, we’re done. Step 3. Suppose it isn’t prime. Then it must have some factor q. So qx = (n+1). But we know that both q and x are smaller than n+1, so they can be factored into primes. A note: this technique (step 2) is called strong induction. The factorization is unique (proof by contradiction). Suppose the factorization weren’t unique. Let m be the smallest number with two distinct prime factorizations, with factors ordered low to high: p1p2p3..pj = m = q1q2q3…qk If p1 is equal to q1, then we can divide both factorizations by that number, and we have a smaller value with two distinct factorizations (contrary to our assumption). So choose the smaller of p1, q1: let’s say it’s p1. Then by our earlier lemma 2, p1 must go into one of the q factors, contrary to our assumption that they’re all prime! Either way, we have a contradiction. Okay, now we’re ready to play with factorizations: n = 2e1 * 3e2 * 5e3 * 7e4 *… Since we can break down every positive number into primes, we can answer a question like this: • What’s the smallest number divisible by 1, 2, 3, … 10? • Let’s take a more specific case: suppose you have several prime numbers, like (say) 3, 5, and 7. What’s the smallest number divisible by these three primes? Let’s go back to modular arithmetic for a moment… • Recall our discussion of the idea “a mod n”: this is just the remainder (from 0 to n-1) when a is divided by n. • We saw that when two numbers, a and b, have the same remainder when divided by n, we can write: a ≡n b We can do addition, subtraction, and multiplication in modular arithmetic Suppose: a ≡n b and c ≡n d Then: (a + c) ≡n (b + d) and (ac) ≡n (bd) We can’t (in general) do division: • Suppose (6*a) ≡20 18 Can we divide both sides of this expression by 6? Nope: a could be 3, or 13. So there isn’t a unique answer to “18 divided by 6 mod 20”. Remainder mod 0 1 2 3 4 5 6 7 8 9 10 11 12 13 3 5 7 The Chinese Remainder Theorem (informal) • Take a set of distinct primes, p1, p2,… pn • Now consider all the numbers from 0 to the product p1 * p2 * … pn. • Each of these numbers will have a distinct “fingerprint” mod each of the prime values. In other words, any number k (up to the product of all the primes) can be recognized by its “set of remainders”. If you have a two-prime base, it’s easy to invert the code… • What number has the code 2, 4 mod 3 and 7 respectively? • Here’s the recipe: remember Bezout’s theorem for 3 and 7: 3x + 7y = 1 for some x and y Inverting the code • • • • 3x + 7y = 1 x = -2, y = 1 So 3*(-2) + 7*1 = 1 Now we want to invert the code for (2, 4). We reverse the code and insert those numbers into our Bezout expression: 3 * (-2) * 4 + 7 * 1* 2 = 14 -24 = -10 = 11 mod 21 Why does this work? Suppose we have two distinct primes, p1 and p2. We find x and y so that: p1x + p2y = 1 Now, suppose we want to know what value of N has remainder a1 for p1 and a2 for p2. Let’s show that: p1a2x + p2a1y = N has the right properties. What is N mod p1? The first term of the sum above “drops out” (it looks like 0 mod p1). So we get: N mod p1 = (a1 p2 y) mod p1 = a1(1 – p1x) mod p1 = a1 mod p1 as desired! Using the Chinese Remainder Theorem… • Let’s take 10 primes: 2, 3, 5, 7, 11, 13, 17, 19, 23, 29. • Now we can represent (with a code of 10 small numbers) all the positive numbers up to 6469693229 • We can do things like (say) multiply in parallel Modular Multiplication: Mod 6 0 1 2 3 4 5 0 0 0 0 0 0 0 1 0 1 2 3 4 5 2 0 2 4 0 2 4 3 0 3 0 3 0 3 4 0 4 2 0 4 2 5 0 5 4 3 2 1 Mod 7 Multiplication 0 1 2 3 4 5 6 0 0 0 0 0 0 0 0 1 0 1 2 3 4 5 6 2 0 2 4 6 1 3 5 3 0 3 6 2 5 1 4 4 0 4 1 5 2 6 3 5 0 5 3 1 6 4 2 6 0 6 5 4 3 2 1 Patterns… • There are 0’s in the interior of the 6 table, but not the 7 table. (Why?) • Each row of the 7’s table includes each of the values 0-6. (Why?) • In the 7’s table, the 1’s row counts up (naturally); the 6’s row “counts down” (why?)