Number-Theoretic Algorithms (UNIT-4)
1
1. Elementary Number-theoretic Notions :
a) Divisibility and Divisors :
The notation d | a (d divides a) means :
a = kd for some integer k.
Here, ‘a’ is multiple of ‘d’.
Here, if d  0, then d is ‘divisor’ of a.
The ‘trivial divisors’ of a are : 1, a
The nontrivial divisors of a are called factors of a
Ex-1 : Find the divisors and trivial divisors of 24.
The trivial divisors of 24 :
1
24
The divisors of 24 :
The factors of 24 :
1,2,3,4,6,8,12, and 24
2,3,4,6,8,12
2
b) Prime and Composite Numbers :
An integer a > 1, whose only divisors are trivial
divisors ‘1’ and ‘a’ is a ‘Prime Number’.
An integer a > 1, which is not a prime number,
is called ‘Composite Number’.
Ex-2 : Find all the first 5 prime numbers.
2,3,5,7,11
39 is a composite no. since it divides by 3.
1 is called unit & is neither prime nor composite.
Similarly 0 and all –ve nos. are neither prime nor
composite.
3
TH-4.1 :
Division Theorem
“ For any integer ‘a’ and any positive integer ‘n’,
there exists unique integers ‘q’ and ‘r’ such that
0 ≤ r < n and a = qn + r”.
The value q =  a/n  is the quotient of the division.
The value r = a mod n is the remainder of the division.
Here n | a ( n divides a), if and only if a mod n = 0.
Ex-3 : Find the quotient and remainder of 12 and 67.
The quotient
The remainder
:
:
5
7
4
c) Common Divisors & Greatest CD :
If ‘d’ is a divisor of ‘a’
and ‘d’ is also divisor of ‘b’
then ‘d’ is a common divisor of ‘a’ and ‘b’.
Note : a) ‘1’ is a common divisor of any two integers.
b) If a | b and b | a
a= b
then
Important Property :
If d | a and d | b
then d | (a + b) & d | (a – b)
 If d | a and d | b
then d | (ax + by)
Ex-4: Find all the common divisors of 24 and 30.

1
2
3
6
5
Greatest Common Divisor :
The GCD of two integers a and b , not both Zero, is
the largest of the common divisors of a and b.
GCD(24, 30) = 6
Note :
GCD(a,0) = |a|
Relatively Prime Integers :
Two integers ‘a’ and ‘b’ are relatively prime
if their only common divisor is 1.
i.e.,
gcd(a,b) = 1
The relatively primes are
-do-
:
(8,15)
:
(10,21)
6
TH-4.2 : If a and b are any two integers, then
gcd(a,b) is the smallest positive element s of the set
s = (ax + by).
Ex-5: Let a =6 & b = 21, Find the values of x , y.
TH-4.3 : For any integers a, b and p, if both
gcd(a,p) = 1 and gcd(b,p) = 1, then gcd(ab,p) = 1.
TH-4.4 : For all primes p and all integers a and b,
if p | ab then p | a or p | b or both.
Unique Factorization :
There is exactly one way to write any composite
integer ‘a’ as a product of the form
a = p1^ e1. p2^ e2. p3^ e3…… pr^ er
where all pi are prime, p1<p2<..<pr and ei are +ve
integers.
7
d) Common Divisors & Greatest CD :
Let there are two positive integers ‘a’ and ‘b’ 
a = p1^ e1. p2^ e2. p3^ e3…… pr^ er
b = p1^ f1. p2^ f2. p3^ f3…… pr^ fr
Here, gcd(a,b) = p1 ^ min(e1 , f1 ). p2 ^ min(e2 , f2 ).
……. pr ^ min(er , fr ).
Ex-6 : Let
a = 90
b = 150
Find the value of gcd(a,b) using above rule.
Here,
a = 2 x 32 x 5
b = 2 x 3 x 52
 gcd(a,b) = 2 x 3 x 5
8
TH-4.5 : GCD recursion theorem :
For any non-negative integer ‘a’ and
any positive integer ‘b’, we have
gcd (a,b) = gcd (b, a mod b)
Proof : case-1 :
Let d = gcd (a,b)

d|a & d|b
Here, a mod b = a – q b
where q =  a / b 
Since, a mod b is a linear combination of ‘a’ and ‘b’,
we can say that
d | (a mod b).
So, d | b and d | (a mod b)
 d | gcd (b, a mod b)

gcd (a,b) | gcd (b, a mod b)
….(1)
9
Case-2 :
Since,
Let d = gcd (b, a mod b).

d | b & d | (a mod b)
a = q b + (a mod b)
where q =  a / b 
we have that a is a linear combination of ‘b’ and
‘a mod b’

d|a
Hence, we can say that d | a


&
d|b
d | gcd(a,b)
gcd(b,a mod b) | gcd(a,b)
……(2)
From (1) and (2) we can say that
gcd (a,b) = gcd (b, a mod b)
//
10
2 a)Euclid’s Algorithm :
Let a and b are non-negative integers.
EUCLID (a,b)
1 If (b = = 0)
2
return a
3 else return EUCLID(b, a mod b)
Ex-7 : Find the value of gcd(30,21) using Euclid algorithm.
EUCLID(30,21) = EUCLID (21,9)
= EUCLID (9,3)
= EUCLID (3,0)
= 3.
This computation calls EUCLID recursively three times.
11
2
b) Extended Euclid’s Algorithm :
In this algorithm we find additional information
like the values of ‘x’ and ‘y’, where
d = gcd (a,b) = ax + by
EXTENDED-EUCLID(a,b)
1
2
If b = = 0
return (a,1,0)
3
4
5
else (d’, x’, y’) = EXTENDED-EUCLID(b, a mod b)
(d,x,y) = (d’, y’, x’ -  a / b  y’)
return (d, x, y)
12
In the above algorithm,
d = ax + b y
d’ = bx’ + (a mod b) y’
because d = d’, we have
ax + by = bx’ + (a mod b) y’
= bx’ + (a – b a / b  ) y’
= a y’ + b (x’ -  a / b  y’)
So,
x = y’
& y = (x’ -  a / b  y’)
Ex-8 : Find the value of gcd(99,78) and corresponding x, y values using EE algorithm.
13
Step-1 :
a = 99
b =78
a / b = 1
d = gcd(99,78) = 3
Here, a = 99
78
21
15
6
And

=
=
=
=
=
1. 78 + 21
3. 21 + 15
1. 15 + 6
2.6 + 3
2. 3 + 0
3 = 15 - 2 . 6 = 15 – 2 (21 – 1. 15)
= 3.15 - 2.21 = 3(78 – 3.21) – 2.21
= 3. 78 – 11. 21 = 3. 78 – 11(99 – 1.78)
= 3.78 - 11.99 + 11.78 = -11.99 + 14.78
3 = gcd(99,78) = -11.99 + 14. 78
…(1)
14
Step-2 :
Here,
And
a = 78
b = 21
a / b = 3
d = gcd(78,21) = 3
a = 78
21
15
6
3 = 15 - 2 . 6 = 15 – 2 (21 – 1. 15)
= 3.15 - 2.21 = 3(78 – 3.21) – 2.21
= 3. 78 – 11. 21
So, x = 3

= 3. 21 + 15
= 1. 15 + 6
= 2.6 + 3
= 2. 3 + 0
y = -11
3 = gcd(78,21) = 3.78 - 11. 21
…(2)
15
Step-3 :
a = 21
b = 15
a / b = 1
d = gcd(21,15) = 3
Here,
a = 21 = 1. 15 + 6
15 = 2.6 + 3
6 = 2. 3 + 0
And
3 = 15 - 2 . 6 = 15 – 2 (21 – 1. 15)
= 3.15 - 2.21
So,

x = -2
y=3
3 = gcd(21,15) = -2.21 + 3. 15
…(3)
16
Step-4 :
a = 15
b=6
a / b = 2
d = gcd(15,6) = 3
Here,
a = 15 = 2.6 + 3
6 = 2. 3 + 0
And
3 = 15 - 2 . 6
So,

x=1
y = -2
3 = gcd(15,6) = 1.15 - 2. 6
…(4)
17
Step-5 :
a=6
b=3
a / b = 2
d = gcd(6,3) = 3
Here,
a = 6 = 2. 3 + 0
And
3 = 0.6 + 1.3
So,

x=0
y=1
3 = gcd(6,3) = 0.6 + 1. 3
Step-6 :
a=3
a / b = -
…(5)
b=0
d = gcd(3,0) = 3
Here, a = 3 = 1. 3 + 0.0
And 3 = 1.3 + 0.0
So, x = 1
y=0

3 = gcd(3,0) = 1.3 + 0. 0
…(6)
18
So, the final output of EE algorithm is as follows :
a
b
a / b
d
x
y
99
78
1
3
-11
14
78
21
3
3
3
-11
21
15
1
3
-2
3
15
6
2
3
1
-2
6
3
2
3
0
1
3
0
--
3
1
0
19
3. Modular Arithmetic :
a) Group : A group (S,) is a set S together with
binary operation  defined on S for which
the following properties hold :
i) Closure : For all a, b  S,
a  b  S.
ii) Identity : There exists an element e  S,
called the identity of the group, 
ae = ea= a
for all a  S.
iii) Associativity : For all a, b, c  S, we have
(a  b)  c = a  (b  c)
iv) Inverse : For each a  S, there exists a
unique element b  S, called the
inverse of ‘a’, such that
(a  b) = (b  a) = e
20
Abelian Group : A group (S,) is said to be ‘Abelian
Group’, if it satisfies the commutative property.
(a  b) = (b  a)
Finite Group : A group (S,) is said to be ‘Finite
Group’, if it satisfies the property.
|S| < 
Sub-Group : If (S,) is a group, and S’  S and
(S’,) is also a group, then (S’,) is a sub
group of (S’,)
Galois Field : The set of integers (0,1,2,…,p-1),
where p is a prime, is called GF(p).
21
Multiplicative Inverse : The factor b-1 is the
‘multiplicative inverse’ of b in GF(p).

b b-1 mod p = 1
Ex-9 : Find the multiplicative inverses of the
following, where p = 7.
1
2
3
4
5
6
Answer : 1
4
5
2
3
6
Ex-10 : Find the multiplicative inverses of the
1 2 3 4 5 6 7 8 9 10
(p = 11)
Answer : 1
6
4
3
9
2
8
7 5 10
22
Ex-11 :
Let the moduli be
p1 = 3, p2 = 5, p3 = 7
Let us consider the integers : 10, 15
Here,
10 = (10 mod 3, 10 mod 5, 10 mod 7) = (1, 0, 3)
Here,
15 = (15 mod 3, 15 mod 5, 15 mod 7) = (0, 0, 1)
Modular Addition :
10 + 15 = (25 mod 3, 25 mod 5, 25 mod 7) = (1, 0, 4)
& (1+0 mod 3, 0+0 mod 5, 3+1 mod 7) = (1, 0, 4)
Modular Subtraction :
15 – 10 = (5 mod 3, 5 mod 5, 5 mod 7) = (2, 0, 5)
& (0 – 1 mod 3, 0 – 0 mod 5, 1 – 3 mod 7) = (2, 0, 5)
23
Modular Multiplication :
10 * 15 = (150 mod 3, 150 mod 5, 150 mod 7) = (0, 0, 3)
& (1*0 mod 3, 0*0 mod 5, 3*1 mod 7) = (0, 0, 3)
Prime Divisors : The divisors, which are prime
numbers are called ‘Prime Divisors.
Euler’s Phi Function : For a given integer ‘n’,
the following function is called ‘EPF’.
 (n) = n.  (1 – 1/p)
Ex-12 : Find the value of EPF where n = 45.
 (45) = 45 (1-1/3) (1-1/5) = 24
24
Basis for Chinese Remainder Theorem :
Ex-13 : Find the lowest integer x such that it
leaves remainders 2, 3 and 2 when divided by
3, 5 and 7.
The Answer
:
23
4. Chinese Remainder Theorem :
TH : Let n = n1. n2. n3…nk, where n are pairwise
relatively prime.
Find the value of ‘a’, where
a  ai mod ni
for i = 1,2,3,…,k
i.e.,
a  (a1. a2. a3…ak)
Here
ai = a mod ni
25
Proof : Let us define mi = n / ni
for i = 1,2,3,…,k
m = n1. n2.…ni-1 ni+1.…nk
i.e,
Now let
ci = mi(mi -1 mod ni )
for i = 1,2,…,k
Here mi, ni are relatively prime.
Finally, the value of ‘a’ is :
a  (a1 c1 + a2 c2 + a3 c3 + … + ak ck) (mod n )
Ex-14 : Find the value of ‘a’ for the following
equations using Chinese Remainder Theorem :
a  2 (mod 5)
a  3 (mod 13)
26
Here
n = 65
a1 = 2
a2 = 3
Because
13 -1  2 (mod 5) and 5  8 (mod 3)
We have
c1 = 13 ( 2 mod 5) = 26
c2 = 5 ( 8 mod 13) = 40
a
n1 = 5
n2 = 13
 2. 26 + 3.40 (mod 65)
 52 + 120
(mod 65) 
m2 = 5
m1 = 13
42
Ex-15 : Find the value of ‘x’ using CRT,
x  4 (mod 5)
x  5 (mod 11)
The answer is
:
49
27
5. Powers of an Element :
Consider the sequence of powers of ‘a’, modulo n
where a ∊ Zn*.
For example,
i
0
3i mod 7 1
1
3
2
2
3
6
4
4
5
5
6
1
7
3
8
2
9
6
i
1
2
2
4
3
1
4
2
5
4
6
1
7
2
8
4
9
1
0
2i mod 7 1
= {1, 2, 4}
in Z7*
< 3 > = {1, 3, 2, 6, 4, 5}
in Z7*
Now, < 2 >
Here,
ord7 (2) = 3
&
ord7 (3) = 6
28
6 (a) Euler’s Theorem :
For any integer n > 1
a ^  (n)  1 (mod n)
for all a ∊ Zn*
6 (b) Fermat’s Theorem :
If p is a prime, then
ap - 1  1 (mod p)
Note that if p is a prime, then
a ^ (p) = p - 1
Ex-16 : Prove the Euler theorem for the following.
Let n = 7
 (n) = 6
& a = {1, 2, 4}
29
7. RSA Cryptosystem :
In RSA Cryptosystem, the public and private
keys are generated as follows :
a) Select at random two large prime numbers
p and q such that p ≠ q.
b) Compute n = pq
c) Select a small odd integer ‘e’ that is relatively
prime to p-1 and q-1. (public exponent)
d) Compute the integer ‘d’ (private exponent)
from e, p and q such that de ≡ 1 mod L,
where
L = LCM [ (p-1), (q-1) ]
30
e) Publish P = (e,n)
Secret S = (d,n)
RSA Public Key
RSA Secret Key
Here, e = ENCRYPT(m) = me mod n
d = DECRYPT(c) = cd mod n
Ex-17 : Apply RSA algorithm for the following.
p=5
q = 11
e=3
Here
n = pq = 55
(n) = 40
and
d : ed ≡ 1 mod L
L = 20
So,
d = 7
31
Let
A = Message(m)
B = m2 mod n
C = m3 mod n (encrypted message)
D = c2 mod n E = c3 mod n F = c6 mod n
G = c7 mod n (decrypted message)
A
B
C
D
E
H
G
0
0
0
0
0
0
0
1
1
1
1
1
1
1
2
4
8
9
17
14
2
3
9
27
14
48
49
3
4
16
9
26
14
31
4
32
A
B
C
D
E
H
G
5
25
15
5
20
15
5
6
36
51
16
46
26
6
7
49
13
4
52
9
7
8
9
17
14
18
49
8
9
26
14
31
49
36
9
Here, the first column is message sent.
the third column is cipher text
the last column is decrypted message.
33
8. Primality Testing :
a) Carmichael number
A Carmichael number is a composite positive
integer which satisfies the following formula.
bn-1 ≡ 1 ( mod n)
for all integers ‘b’ which are relatively
prime to ‘n’.
Def : A positive composite integer ‘n’ is a CN, iff
‘n’ is square-free and for all prime divisors
p of n, it is true that (p – 1) | (n – 1).
The first Carmichael Number is : 561
34
The Procedure MILLER-RABIN is a probabilistic
search for a proof that n is composite.
In the following procedure, ‘s’ is the number of
times the value of ‘a’ is to be chosen at random.
b) MILLER-RABIN (n,s)
for j = 1 to s
a = RANDOM(1, n-1)
if WITNESS (a,n)
return COMPOSITE
return PRIME
35
c) WITNESS(a,n)
1. Let t and u be such that t ≥ 1.
u is odd, and n-1 = 2t u
2. x0 = MODULAR-EXPONENTIATION(a,u,n)
3. for i = 1 to t
4.
xi = x2i-1 mod n
5.
if ( xi = = 1) and ( xi-1 ≠ 1) and ( xi-1 ≠ n-1)
6.
return TRUE
7. if xt ≠ 1
8.
return TRUE
9. return FALSE
36
d) MODULAR-EXPONENTIATION (a, b, n)
1. c = 0
2. d = 1
3. Let (bk , bk-1 , …..,b1 , b0 )
4. for i = k downto 0
5.
c = 2c
6.
d = (d.d) mod n
7.
if bi = = 1
8.
c=c+1
9.
d = (d.a) mod n
10. return d
37
Ex-18 : Let ‘n’ be a carmichael number.
So, here
n = 561
n – 1 = 560
If n – 1 is written in the form of n-1 = 2t u, then
t=4
and u = 35
Let the value of ‘a’ is chosen from the
algorithm as : 7
From the WITNESS algorithm,
find the value of x0.
Here, call the
MODULAR_EXPONENTIATION(a,u,n)
where a = 7
& u = 35 & n = 561
38
i
bi
init
--
5
1
4
0
3
0
2
0
1
1
0
1
c
0
1
2
4
8
17
35
d
1
7
49
157
526
160
241
Here, d = ac mod n
(c = b = u)
From above, the value of ‘d’ returned is : 241
Here,
x0 ≡ a35 ≡ 241 (mod 561).
Note : Further we can have
a70 ≡ 298 (mod n)
a140 ≡ 166 (mod n)
a280 ≡ 67 (mod n)
a560 ≡ 1 (mod n)
39
So, the sequence is : (241, 298, 166, 67, 1)
Thus, WITNESS discovers 1 in the last squaring
step, since a560 ≡ 1 (mod n)
Therefore, a = 7 is the witness to the compositeness of ‘n’.
WITNESS(7,N) returns TRUE.
MILLER-RABIN
Note :
returns
COMPOSITE
561 = 3 . 11 . 17
40
9. Integer Factorization :
This is the process of integer factorization into a
product of primes.
Pollard’s rho heuristic :
This heuristic here helps in finding the product
of primes for the given integer.
POLLARD-RHO(n)
1.
2.
3.
4.
i=1
x1 = RANDOM(0, n-1)
y = x1
k=2
41
5. While TRUE
6.
i = i+1
7.
8.
xi = (x2i-1 - 1 ) mod n
d = gcd(y – xi , n)
9.
10.
if ( d  1) and (d  n)
print d
11.
12.
13.
if ( i = = k)
y = xi
k = 2k
Note : The above algorithm generates a set of factors
which are primes for the given integer.
42
Ex-19 : Pollard’s Rho Heuristic
Let n = 1387
So, Initialization :
i=1
x1 = 2
WHILE :
i= 2
y=2
k=2
STEP-1 :
xi = (x2i-1 - 1 ) mod n
 x2 = 3
d = gcd(y – xi , n)
 d=1
if [ (d  1) and ( d  n) ]
FALSE
if ( i = =k)
TRUE
y=3
k=4
43
STEP-2 :
i= 3
xi = (x2i-1 - 1 ) mod n
 x3 = 8
d = gcd(y – xi , n)
 d=1
if [ (d  1) and ( d  n) ]
if ( i = =k)
STEP-3 :
FALSE
FALSE
i= 4
xi = (x2i-1 - 1 ) mod n
 x4 = 63
d = gcd(y – xi , n)
 d=1
if [ (d  1) and ( d  n) ]
if ( i = =k)
TRUE
FALSE
y = 63
k=8
44
STEP-4 :
i= 5
xi = (x2i-1 - 1 ) mod n
 x5 = 1194
d = gcd(y – xi , n)
 d=1
if [ (d  1) and ( d  n) ]
if ( i = = k)
STEP-5 :
FALSE
FALSE
i= 6
xi = (x2i-1 - 1 ) mod n
 x6 = 1186
d = gcd(y – xi , n)
 d=1
if [ (d  1) and ( d  n) ]
if ( i = = k)
FALSE
FALSE
45
STEP-6 :
i= 7
xi = (x2i-1 - 1 ) mod n
 x7 = 177
d = gcd(y – xi , n)
 d = 19
if [ (d  1) and ( d  n) ]
 Print d = 19
if ( i = = k)
TRUE
FALSE
If the process is continued like this, we get another
factor :
73
The relation among the Xi values are shown in the
next slide :
46
310
996
396
814
84
x7
177
x6
1186
x5
1194
x4
63
x3
339
529
595
1053
8
x2
x1
120
3
2
47