 Looking at modular arithmetic, that is, doing our arithmetic operations with some mod n, mod some number. And we've gone through a number of examples and introduced a few new concepts, so we'll just recap on that. We got to, so we've done mod addition, subtraction, multiplication and division. The complex or the confusing ones may be subtraction and division. If you do the quiz, you'll get good practice at them. So the quiz has simple questions on those operations. We introduced the concept of relatively prime, we'll see an example. Relatively prime means that two numbers are relatively prime if their greatest common divisor is one, so that's easy. It's important in this case that when we do division, we talk about division is really multiplying a number by its multiplicative inverse. Divide by b is the same as multiplying by the inverse of b. Where the multiplicative inverse is when we multiply two numbers together and get one, and that's not, we can't always find an inverse. And the conditions under which we can find an inverse is when in some modular, so a has a multiplicative inverse in mod n if a is relatively prime with n. So if the greatest common divisor of a and n is one, then a does have an inverse. So not all numbers have an inverse. Then we jump to, we finished on Euler's totient function. Phi is the symbol there, phi of n. This function returns the number of positive integers less than n and relatively prime to n. So the brute force way to find this is to look at all the numbers up until but not including n and then check. Is this number relatively prime with n? If so, then add it to the count. If not, then don't count it. So just all the numbers from one up until n minus one and check whether those numbers have a greatest common divisor with n of one. And we saw a few examples and we'll see some special cases. Just return those examples. So we got to, for example, the numbers relatively prime with four. If we consider the numbers less than four, we've got one, two and three. And we see that there are two numbers relatively prime with four. Therefore the Euler's totient, or just simply the totient of four is two. It's the count of numbers. Similar, we did it for the totient of nine where we said, in this case, we looked at all the numbers one to eight and see that one, two, four, five, seven and eight are relatively prime with nine and therefore the count is six. The totient is six and we can do it for other numbers. But there are some special cases. If our number n is prime, then it's very easy to find the answer because every number less than a prime is relatively prime with that prime. So the totient of p, if we look at the numbers from one up until p minus one, all of those numbers will be relatively prime with p. Therefore the count will be p minus one. So the totient of a prime number, if we know it's a prime, is very easy to find, it's just that prime minus one. So that's something that can be used to make our life easier to find the totient. And then we finished on an example and I didn't explain it too much and it leads to a few questions is, I said the totient of 35 is the totient of seven times five. And under some conditions, and we'll explain them in a moment, that we can expand that to the totient of seven times the totient of five. Which we know, seven is prime, five is prime, so it becomes six times four gives us 24. And there are a few questions after the lecture under what conditions? So there's some conditions when this is true or false. So let's look at that. We turn to our lecture notes. And I've updated the lecture notes to be more clear here. So, all those totient function, the count of numbers, special case, the totient of one is one. For prime p, the totient of p is p minus one, okay? That's because every number less than that prime has a greatest common divisor with that of one. Skip this point which I've introduced, but then I think on your lecture notes you have something that says four primes, p and q, and n equal p times q. To be precise, p and q must be different. So not for primes p and q and p equals q, but only for primes p and q and p and q are different. And that's the main one you need here, this word different in your lecture notes. Yours says four primes, I've introduced four different primes. Just to be clear, p and q are not the same. If p and q are different, and they are both primes, then it follows that if n equals p times q, the totient of n equals the totient of p times the totient of q, or simply p minus one times q minus one. So just introduce that word different in your lecture slides. There's this previous point that you also don't have, but that's not so important for our topic. It's nice to know, but we will not use it so much. It says, for any numbers, a and b, where a is relatively prime with b, so they don't have to be primes, but they have to be relatively prime with each other, if n equals a times b, then the totient of n equals the totient of a times the totient of b. So, for example, if b is seven and a is four, b is seven, a is four, are they relatively prime? The greatest common divisor of seven and four is one, so a and b are relatively prime. Four and seven are relatively prime. So this condition is true. Therefore, if n equals four times seven or 28, then the totient of 28 is the totient of four times the totient of seven. That's what that statement tells us. And in fact, this second case for different primes is just a subcase of this one. Two different primes are always relatively prime with each other. If we have two primes, seven and 11, their greatest common divisor must be one, by the fact that they're both different primes. It turns out when we look at security and cryptography, and one particular algorithm we'll look at makes use of this statement. The totient of n, when n equals the multiplication of two primes, p and q, we can calculate it very easily by just taking p minus one, q minus one, and multiply together. We don't have to count all the values or check all the values up until n minus one. This is a shortcut that we can use. And that will become important because it turns out to check all the values up to n minus one takes a long time. If n is large enough, there are no known solutions to doing that in reasonable time, and that will be a security feature of some algorithms. So just return to some examples for that one. Are A and B relatively prime? Yes, the greatest common divisor is one, so they're relatively prime. So that first statement holds, that is, if we say the totient of five times six, or the totient of 30, rather than calculating it by looking from the numbers from one up until 29 and checking them all, we know that it's equal to the totient of five times the totient of six. So calculating the totient of smaller numbers is easier. There are less numbers to try. And in fact, when one of them's prime, the totient of five is four of six. Six is not prime, so we can check one, two, three, four, and five. One is relatively prime with six. Two is not, three is not, four is not, five is. So two is the answer there. Four times two. So the totient of 30 equals eight. We don't have to calculate in the brute force way of trying all the numbers up until 29. And that's important not just for your quizzes and exams when you need to calculate a totient, but in a computer when you have a very large number, the computer can calculate much faster by breaking it down into two numbers multiplied together. In fact, we're not seeing this one so much. That was an example of this new statement, which I think you don't have any election notes. The second one we'll see more often. Let's say we have some prime P is seven, Q is 11, there are two prime numbers. What's the totient of 77? It's the same principle, the same rule as we use here. These two numbers are relatively prime. So we can break that down to the totient of seven times the totient of 11. Because seven and 11 are relatively prime. Totient of seven is six times 10, we get 60. Or simply P minus one times Q minus one. And that's something that we'll take advantage of in some security algorithms. So think of it as a shortcut. If we know that 77, we think, 77, rather than checking one up into 76, we know that 77 can be factored into two primes, seven and 11. And we know from that it's easy to calculate the totient. It's seven minus one times 11 minus one. So if we have the totient of some number n, and if we can factor that number n into its two prime factors, that is n is made up of multiplying two primes together, then it's easy to calculate the totient of n. Any questions before we move on? One more example, solve the totient of 143. And I'm not so mean that I'll require you to check one up to 142. Try and look for a shortcut in this case. So the hint here, can we, or the approach that we can try is, can we factor 143 into two primes? Two primes multiplied together get 143, then the approach that you could take is try a few primes. And you know that relatively small primes in this case. And if you try some, which ones do you come up with? Something times something is 143, what? 11 and 13. So in fact, 143 can be factored into the two primes 11 and 13. Now that we know that, we can do the totient quite easily. Any questions? Yep. The totient of 49. What do we do with that? Seven and seven. Are seven and seven relatively prime with each other? What's the greatest common divisor of seven and seven? It's not one. They can both be divided by seven. So they are not relatively prime. So these two conditions, the general one doesn't hold. The two numbers need to be relatively prime for this to be true. Or if we're dealing with primes, the two primes need to be different. If p and q are the same, then this doesn't work. The equation doesn't hold. And that's what I didn't make clear in the lecture last week. p and q must be different. They cannot be the same. If they are the same, there's another way to calculate what the totient is. There is another way, but we just don't use that. Don't use this in the quiz. In the quiz, you calculate yourself. But this is just a table of the totient of the first, I think, one up to 500. And seven and seven, the totient of 49 is 42. Turns out the divisors of 49 are 1 and 49 plus 7, that common prime. So there is a way in that case to calculate the totient of two primes multiplied together when those primes are the same. 49 is one. The divisors are 1, 7 and 49. So what's another one? 25. The divisors are 1, 5 and 25. There's a way to calculate the totient of those numbers as well, but we don't use that. Any other questions on the totient function? Then let's look at two theorems that we'll make use of as well in the subsequent cryptographic algorithms. So the reason we're talking about all this is in the next topics we're gonna use this to understand some encryption algorithms. And we're not prove or explain really that the theorems will just state them and use them to solve some problems. So Euler who developed the totient function, there's also Euler's theorem and there are two forms of it. So it can be modified, this theorem, to take two different forms. The first form says that for every a and n, where those two numbers are relatively prime, if we have two numbers relatively prime, then it holds that a to the totient of n is equivalent to one when we mod by n. Or in other words, a to the totient of n mod n equals one. A variation of that, so it's really the same theorem but just some conditions changed. If we have two positive integers a and n, they don't need to be relatively prime in this variation. Then it holds that a to the totient of n plus one mod n equals a. Let's just demonstrate that with a couple of simple examples. And we'll just demonstrate the second form. Solve this one, 97 to the power of 121, mod 143. What are you gonna do? No calculator allowed. The totient of six is two. There are two numbers less than six that are relatively prime with six. Six is not prime, so it's not simply five. Back to this question. Use Euler's theorem to solve it. So think of it in the term of Euler's theorem, the second form that we saw. Of course, we could manually solve it. That is, we could try and break it down or use our computer or calculators to calculate what it is and we may do in a moment. But the point is that can we simplify this using one of the things that we already know? And we just introduced Euler's theorem. If we look at the second form, it tells us if we have some number a, raise it to some power, the totient of n plus one, and we mod by n, then the result will be the a again, the base. Does this statement match that theorem? I'll just write what Euler's theorem was, that remember when we say that our equivalent in mod n in brackets, it's the same as saying we mod one number by n, we get the a here. Can you find the values that match in this case? We just calculated, I think. In the previous example of the totient function, we said that the totient of 143 is in fact the totient of the two prime factors, 11 and 13, multiplied together, which is 10 times 12, which is 120. So that was our previous example of the totient function. Then now that we know that, then we see that this statement does match Euler's theorem. We have some number a, 97. We raise it to the power of the totient of n, n is 143, the totient of 143 is 120, we take our number a and raise it to the power of 120 plus one. So it does match this form. So what's the answer going to be? 97. So this is just an example of how we can use Euler's theorem to solve a problem. Of course, to do that, we need to realize that it does hold the form of Euler's theorem. Not all problems do, of course. 97 to the power of 120 plus one. 120 is the totient of 143. So it does hold this form. So therefore the answer is 97. Let's check that with a calculator. 97 to the power of, what was it? 121 mod 143. Let's hope it works. 97, okay? My calculator confirms that in this case, it's correct. So we're not going to approve Euler's theorem. We're going to use it to solve some problems. To make finding a solution to some problems, especially when we have large numbers, much easier by using that theorem. We'll see some other examples of that later. Let's look at a different theorem that's useful. And we go back a slide, I think. Fermat's theorem, again in two forms. The first form briefly, if we have some prime P and some integer A that is not divisible by that prime P, then it holds that A to the power of P minus one is equivalent to one in mod P. All right, let's go to the second form, which is what the one we'll use in practice, at least in this course. If we have a prime P and a positive integer A, and there's no condition about being divisible here, but just a prime P and integer A, then it holds that A to the power of P is equal to A when we mod by P, similar but slightly different than Euler's theorem. So A to the power of P mod P equals A. That tells us if P is prime. Let's use that one to solve a brief problem. Repeat the theorem here that said that A to the power of P, where P is a prime number, it must be prime, mod P equals A. And it turns out that our question in this case holds that form. I've selected it such that we have an integer A or three raised to the power of some prime five, mod by that same prime, then Fermat's theorem tells us the answer will be the integer A. Again, we don't attempt to prove that, we'll just make use of it to make our life easier in solving some problems later. Of course, this one you can quite easily do in your head anyway. Three to the power of five is something. Three times three is nine, times three is 27, times three is 81, times three, 243. 243 mod five, the remainder will be three. So this one with small numbers we can solve. But again, when we deal with large numbers, using Fermat's theorem makes our life easier. We can solve it faster. Well, any questions? Something to the power of three. Three to the power of three. Try it. You mean three to the power of three, mod three. What's three, mod three? Remember when we mod by, so when we mod by five, the numbers here, really the numbers that we deal with is zero up to four. If we had five to the power of five, five is equivalent to zero in mod five. So if you had three to the power of three, mod three, three to the power of three, that base is equivalent to zero. Mod three, we really deal with the integers from zero up to two. So it still holds in that case. If it was four, sorry, in this case, it was six to the power of five, mod five. It's the same as one to the power of five, mod five, because six equals one in mod five. Any other questions? We'll have some more examples in a moment. We'll introduce one more concept. I think the last one in this topic, and then we'll go through a few different examples. Just to repeat, the question was, as an example, what if we have a different one? Three to the power of three, mod three, where this is our prime, and it's repeated here. What's the answer? Well, we just note that this, so what do we get? Zero, is it true? Does the theorem hold? Zero is equal to three in mod three. That is, these two values are equivalent. In mod three, zero and three are the same. Does that answer your question or make it a little bit clearer? So we need to be careful. We're still mod by three in this case. Let's look at the last concept, which leads us to exponentiation and eventually logarithms. So this is modular exponentiation. Exponentiation raised something to the power. So this was three to the power of three, mod some number, and we used the theorem to solve that, but we could do it manually in that case. So we've gone through the operations of addition, subtraction, multiplication and division, and we said that division is multiplied by the multiplicative inverse. And the multiplicative inverse doesn't exist for all numbers, only under certain conditions. So we can't divide by anything in modulo arithmetic. We will not get an answer. So that the last two operations are really extensions of the previous two. Exponentiation, raising something to the power is just multiplying many times. And it's very easy to solve. We just do our normal exponentiation and then mod by n. So exponentiation is easy. So 10 to the power of seven, mod by 20. We just take 10 to the power of seven and mod by 20. The rules of our arithmetic match in that case. But what's the opposite of exponentiation? Logarithms, that gives us the inverse operation. That's a little bit more confusing. Same with division. With division, there's not always a multiplicative inverse. We couldn't always divide. Similar with logarithms. We can't always find the logarithm in modulo arithmetic. So we'll look at the conditions because we'll make use of this again in a different cryptographic algorithm. Return to normal arithmetic. So our basic mathematics. We know if b equals a to the power of i, so i is the index or the exponent. If b equals a to the power of i, so that's exponentiation, then the inverse operation is logarithm. And we write it as the index i equals the log in base a of b. So that's just our normal logarithms. It's the inverse where we find the index in some base. a to the power of i equals b. Log of b in base a equals i. In modulo arithmetic, we just introduce the modulus, mod p in this definition. We say if b equals a to the power of i, mod p, then the inverse operation is the logarithm in base a with mod p. So we introduce the mod the way we write it is we introduce two subscripts. One includes the base, the other is the modulus of b returns the index i. And it's commonly referred to as the discrete logarithm. So d log is written here so that we don't talk about simply the logarithm in modulo arithmetic. We simply call it a discrete logarithm. Let's look at a couple of examples and then look at the conditions when it works. To keep it simple, let's start without modulo arithmetic but just our normal arithmetic. So everyone is clear. What's two to the power of six? You all know your binary values. Two to the power of six, you just remember 64. Normal arithmetic. What's log in base two of 64? It's the index. But just remember that's all logarithm is is returns the index. When we, some base to the power of some index gives us 64. What is the index? Now let's switch to modulo arithmetic. Let me find a good example. Three to the power of two mod seven, nine mod seven. Easy, two. So we can say the discrete log, the base is three. The modulus is seven. So the discrete log and not the best of examples but we'll see another one. The discrete log of this two equals the index which just turns out also to be two. That is, it was this two here. Try another one. Three to the power of three, mod seven. Answer, 27 mod seven, six. So the discrete log, the base is three. The modulus is seven. The discrete log of six is the index three. So that we can read the discrete log is, what number do we raise the base three to and then mod by seven to get an answer of six? That number is three. Let's try some more. What's the discrete log in base three, modulus seven of five? Try and find that one. That is, we have a base of three. We raise it to some power, then mod by seven and gives us the answer of five. What is that power? Three to the power of something, mod seven should equal five. What is that something? Calculator may be used. Three to the power of two, let's try some numbers. What about one? Three to the power of one, mod seven, does it equal five? No, three to the power of two, mod seven, no, we've done that before. Three to the power of three, mod seven, no, that equals six. What about three to the power of four, mod seven? That equals three to the power of four. 81, mod seven. 81, mod seven is four. We need five as the answer, so let's try again. Three to the power of five, 243, mod seven. Calculator time, confirm, check. 243, mod seven. What's the remainder when we divide by seven? If you have one of those communication devices that you put to your ear, a phone, then you can use the calculator on it. It turns out to be five. 243, mod seven is five. So our answer of the discrete log, three to the power of five, mod seven equals five. So the discrete log of five, base three, mod seven is five. As you may guess, taking that approach of finding the answer when we have large numbers may take a long time, because what we did is we tried what if it's exponent one or no, that didn't work, two, no, three, four and keep going until we got the answer. If we have a very large number, then we'd have to make many attempts to find the answer, which takes a long time. All of these were using the same base and the same modulus. Let's try some different ones. Discrete log has changed the base, base two, keep the same modulus, seven. Discrete log of four, base two, mod seven. Let's write it from the inverse perspective. That means the base is two. Two to the power of something, mod seven equals four. What is that something? You're correct. Anyone else? What's that something? Two is the first something. Two to the power of two, mod seven gives us four, okay? Easy, but are there other answers? What about five? Two to the power of five is 32, mod seven is four. There are in fact multiple answers in this case. So yes, it could be here we could have had two or maybe it was five. So in this case we say we cannot find a unique exponent. We don't know whether it's two or five. So we say we cannot find the discrete logarithm of four or we'll consider that we cannot find a unique value. And so it could be two or five. And in fact, other answers if we keep going up larger than seven. But in terms of the exponents less than the modulus, two or five are possible solutions here. Which one was it? If we take it as an inverse operation, we don't know. So this presents a case which if we are trying to find the inverse of some exponentiation, trying to find out what the exponent someone used, then this will not necessarily tell us the unique answer. It will give us multiple answers. And for security purposes, what we want is, so the algorithms that make use of the discrete logarithm have to have a condition such that the answer is unique. So we want to consider the cases where only where the discrete logarithm will give one unique answer. It will not give multiple possible answers. And that leads to the some cases where we say we cannot find the discrete logarithm of some numbers or we cannot find a unique discrete logarithm of some numbers in the same way that we could not find the multiplicative inverse or divide by some numbers. And that becomes important in how we use discrete logarithm and different algorithms. So let's look at those conditions or let's at least state them. So a unique exponent can be found if A, the base is a primitive root of prime P. So we introduce a new condition. So let's say we only want to find do discrete logs when we find a unique value. So the conditions when that will be the case is when our base is a primitive root of prime P. That is P, the modulus is prime. And now we need to say what is primitive root? And well, primitive root is a number when we raise it to the power to each different possible exponent will get a unique value. Let's see that. Try some different numbers and we'll explain a primitive root. So I was doing some examples in mod seven. So we'll stick with mod seven at the moment. So think that we have seven is a prime number. So that is good. So in general, we think A to the power of i mod seven gives us some value. I'll write the possible values as a table. A to the power of one. Well, let's consider the values up until seven. So one, two, to show an example of primitive roots. And now let's consider, so if A is one and we raise it to the power of one and then mod by seven, we get an answer of one. Six to the power of one. Mod seven is six. So these are the base cases. What we'll do is consider what if we raise A to the power of two? What is A in this case? These are the values of A. A to the, if A is one, A to the power of one, mod seven is one. Let's consider this. If A is one, what's one squared mod seven? One cubed mod seven? One to the power of four, mod seven? No, ones are easy. Let's try if A is two, two squared mod seven or two to the power of three, mod seven. So eight mod seven, two to the power of four, mod seven, 16 mod seven, two to the power of five, 32 mod seven, two to the power of six, mod seven, should be one. If you see some pattern, it is one. Let's keep going. Three squared mod seven, three cubed, 27 mod seven. We did these ones before, three to the power of four, mod seven. 83, was it 81 mod seven? That's four. Three to the power of five, mod seven. We did that before, we found it was two. Three to the power of six, mod seven, calculator. Three to the power of six, mod seven, one. And we'll do the rest in the calculator that you will see. Four squared mod seven, you'll remember two, four to the power of three, four to the power of four, two, three, four, five, and six are the exponents. We get answers of two, one, four, two, one. And we'll do it for five. Five squared mod seven, cubed to the power of four. We give the answers four, six, two, three, one. Last one for six, six squared to the power of mod seven. The answers are one, six, one, six, one. A primitive root of prime seven is a number such that when we raise it to each of the possible exponents less than seven gives us a unique value. That is there's no repetition in those rows. Let's see, where's the unique values when you see the pattern? In this row there's only one value. Here we have repetition. These three values then we repeat. Here we have the entire row. That is three, in A is three, we raise it to any power from one to six and mod by seven. The answers will be distinct. No repetitions. If it's four, again we get repetition. Again with five we get distinct values. These are the different values of A, the base. And here we just get repetition of two values. Three and five are primitive roots of seven we say. Three to the power of anything less than seven will give us a distinct value when we mod by seven. Similar with five. Which means if we have a base of three or five, we can find a unique discrete logarithm. You can use that table to check. If the base is three, the modulus is seven, the discrete log of six. Remember we read the discrete log or we can think about it as three to the power of something mod by seven equals six. In fact we've solved that already. We say three to the power of three, mod by seven gives us six. So the discrete log is three in that case. And we've seen these examples before. The point is for any number here, one through to six, we'll get one value as an output here. But if we try to do the discrete logarithm in base two, then there are multiple possible exponents that give us that answer. So normally with discrete log, we want to get a unique exponent. And to do so we need to have a base which is a primitive root of the modulus. That will be a condition we'll see in a cryptographic algorithm a little bit later in the course. Questions, some new concepts today. Any questions at the back? All too easy, there's some parts not so easy. Let's look at another example that's on the slide. So recapping what we've said. The discrete logarithm, the logarithm is the inverse of exponential. So we say the discrete logarithm when we have a base A mod by P, if we get an answer B then what's the exponent? I. But we don't always get a unique exponent. So we usually want to find values such that there will be a unique exponent I and that can be found if the base A is a primitive root of prime P. So if we set P to be prime and select A to be appropriate, then we will find a unique exponent, a unique answer in that case. And we went through an example illustrating what do we mean by primitive root when we take some base A and raise it to the powers up until that prime, then we get unique answers. And that is a primitive root. Turns out only some integers that have primitive roots or there are some pattern of integers that have primitive roots, two for some prime to the power of some integer, alpha in this case, or two times prime, some prime to the power of some integer. So not all numbers will have primitive roots. Generally if we choose P to be a prime or an odd prime, so that covers all in this case, then we can find a primitive root. Finding the discrete logarithm of some number, even though we know there's a unique answer, it's not fast to do if we deal with large numbers. We used an example where we tried to find by checking each exponent and see if it gives us the answer. In general, solving the discrete logarithm for large numbers is considered practically impossible if those numbers are large enough. And that will be another thing that we'll use in security algorithms. And we'll summarize some of those computational challenges and then we'll finish today with a few more examples. Oh, this example shows our table, but for mod 19, okay? That is, from one up until 18, A equals, for example, five. Five to the power of one, mod 19 is five. Five to the power of two, mod 19 is six. Five to the power of three, mod 19 is 11 and so on. And it's done it for all of the values. So what are the primitive roots of 19? The primitive roots are those where we get unique values as all the answers. So two, three, 10, 13, 14 and 15 are the primitive roots of 19. And this shows some discrete logarithms in modulus 19. So it takes those six rows from the previous table, just those which are primitive roots, and then you can find the discrete logarithm by a lookup in this case. For example, when the base is three, so log base three, mod 19 of eight, returns three. We may see that in some examples later, or you can use that to solve some problems. Let's finish on this slide. We've gone through different aspects of number theory, and they're all going to be relevant for how we, or how people have designed some cryptographic algorithms for security. And I've mentioned them along the way, but there are some of the problems that we've seen which are considered computationally hard. By computationally hard, we mean, if we have values large enough, then there are no known algorithms that can find the solution in reasonable time. Similar like a brute force attack. A brute force attack, we say, if the key is large enough, there are no known ways to find the key within a reasonable time. And the three problems are factoring a large number N into its two primes. That is, if we know that N equals the multiplication of two different primes, p and q, so if we know N and are trying to find p and q, then if those values are large enough, we will not be able to find p and q. That's the problem here. Factoring a large number into its two primes is considered computationally hard. And there have been some tests or some challenges, and we may see some newer ones later, but a few years ago, the largest number that could be factored into two primes was 232 decimal digits long. So if you write it down, it had 232 digits. So that's what we mean by large in that case. And it took thousands of man years of compute power to factor that one number into the two primes, p and q. So if you have a much larger number, then it's considered impossible to factor it into its primes, p and q, integer factorization. Another problem which is considered hard and actually considered even harder for integer factor, harder than integer factorization is finding Euler's totion. If you're given some value N, if you're given some composite value N, so it's not prime, then finding the totion of N is considered impossible to do if it's large enough. The only way that you can do it is if you know that N is made up of multiplying two primes, p and q together. Because if we know that N equals p times q, it's very easy to solve. The totion of N is simply the totion of p times the totion of q. But if we know N, but we don't know that the prime factors of N, finding the totion, think about checking, is two relatively prime with N? Is three relatively prime with N? And so on. That approach, if N is large enough, cannot be solved in reasonable time. And the last one is solving discrete logarithms. Find the exponent. When you're given the base, some base A, some modulus P, find the discrete logarithm of B. Again, that's considered, when we have numbers large enough, impossible to solve. We'll use those in the next topics to explain how different security algorithms are considered secure. So start with some simple examples. I'll write them, you solve them. The totion of 23, find the answer. 149 to the power of 133, mod 161, find the answer. Find the discrete log of three when we have a base of two, mod N. And for the discrete logarithm, you can use the tables in the slides that give you the cases for modulus 19. Answer for the first one should be almost immediate because you realize that 23 is a prime. So you don't have to check. One, two, three up until 22. You know 23 is a prime. Therefore, the answer is 23 minus one, the prime minus one. Because all numbers up until and less than 23 are relatively prime with 23. So that was an easy one. Next one, how do you solve it? Hint, don't try and do it manually. Use one of the theorems that we've given you. Look up some of those theorems and see if it matches the pattern of one of those theorems. Look at the theorems that you have in the lecture notes and I'll highlight the main ones. So with the second form of Fermat's theorem is one that you can make use of. If we have a prime P, A to the power of that prime is equal to A when we mod by P. The other one, we just use one of the shortcuts for Euler's Totion function. We use the one that the Totion of a prime P equals P minus one. Another useful one to remember is the Totion of N when N has two prime devices of P and Q and then the Totion of N is the Totion of P times the Totion of Q or simply P minus one times Q minus one. That's another theorem to use. Euler's theorem, A to the power of the Totion of N plus one equals A mod N. Try one of them to find out what 149 to the power of 133 mod 161 is. See if one of those theorems can be used to solve that and the hint is one of them can be. Which theorem are you going to use? Well, let's try. What does Fermat's theorem say? A to the power of P mod P. P is prime equals A. That is, A to the power of P is equivalent to A when we mod everything by P. Does our question match that form of the equation? Do we have some integer raised to the power of some prime P and mod by that same prime P? No, we've got raised to the power of 133 mod by 161. So it doesn't directly match that. So that suggests that maybe this isn't going to be of any help at this stage. Try the other, Euler's theorem. A to the power of the Totion of N plus one mod N equals A. A to the power of something, the Totion of N plus one, mod by something else, N will give us A. Under the conditions that, of course, the exponent is the Totion of N plus one. Does that one work? Yes, no, maybe? Well, let's check. What's the Totion of N? If N is 161, what's the Totion of 161? Again, it's a little bit too hard to manually for us in the short time to calculate, so use one of our shortcuts and realize that's actually, what, 23 times seven? 161, if we factorize that into its primes, it's 23 times seven, and we know now the Totion of two primes multiplied together is the Totion of the primes multiplied, and the Totion of a prime is easy, 22 times six is what, 132? So in fact, it does match this form. We see that we have 149 to the power of 132 plus one, mod 161. And Euler's theorem says some integer, A, to the power of the Totion of N, well if N is 161, the Totion of N is 132 plus one gives us 133, so it does match in that case. So the answer is 149. So here it's just a matter of finding the theorem that matches the question. Discrete log in base two of three when we mod by 19. Go to your slides and look it up. Look at that table that calculates all of the base A to the power of some exponent mod by 19. So for this one, we'll just fit it in here. We think, well, we have two to the power of something, mod 19 equals three. What is that something? Well, the table tells us, we could use a calculator, but the slides tell us that. That is this example tells us that two, the base, two to the power of something, one of these numbers gives us an answer of three. Two to the power of 13, mod by 19 gives us three. So the exponent is 13. That's because the slides already calculated that for us and you could check that. Therefore, the discrete log of three, base two, mod 19 is 13. I would not expect you to calculate that for very large numbers, but if you were given that table or for small numbers like seven, you could calculate the discrete log. If you didn't follow the use of Euler's theorem here, tonight you'll go home and solve this last one. Write this one down. Solve that one. Not by just guessing the theorem, but going through the steps to find out how you get to the answer. We'll see you on Friday, make sure you do your homework, do the number theory questions, and try and solve that one.