 We're looking at modular arithmetic how to do our arithmetic addition subtraction and other operations But everything's mod n and we've gone through a number of examples last lecture we looked at multiplication Multiplication is easy in our head just multiply then mod by n at the end Division to divide we actually multiply by the inverse So we talk about the multiplicative inverse The multiplicative inverse is the number that we multiply by such that we end up with one So in normal arithmetic we said the multiplicative inverse of three is one-third because three times a third is one in modular arithmetic The multiplicative inverse Actually, we didn't have one here the multiplicative inverse of three This was in mod eight was also three three times three mod eight gives us one Similar with subtraction subtraction. We add the additive inverse the number that we add to it such we get zero Not every number has a multiplicative inverse every number has an additive inverse, but not necessarily a multiplicative inverse and a Number has a multiplicative inverse if it is relatively prime with the modulus n So in these two sets z eight the modulus was eight. We mod everything by eight We looked at all the numbers up until eight zero to seven and found out which ones have a multiplicative inverse one three five and seven and If a number is relatively prime to the modulus it will have an inverse One and eight a relatively prime What does relatively prime mean greatest common divisor is one So relatively prime greatest common divisor of the two numbers is one three and eight Relatively prime five and eight seven and eight are relatively prime Therefore they all have a multiplicative inverse in Z ten mod ten One and ten are relatively prime one and anything is relatively prime the greatest common divisor of one And some other number will be one Three and ten greatest common divisor is one Seven and ten nine and ten One three seven and nine are all relatively prime with ten Therefore they all have a multiplicative inverse in mod ten. The last thing we saw was that sometimes we can simplify Some of the operations by taking advantage of the different laws of the arithmetic and the last example we went through was We can if we can break a number into its divisors we can simplify the the the mod calculation of the mod or We can simplify multiplications by splitting it up into multiple smaller multiplications And we have a large number mod n Well, we can calculate that by breaking it into smaller numbers multiplied together mod n Taking a smaller number modding by n is easier than taking a large number and Some of the principles of those laws are used in in algorithms to implement Some of the ciphers will look at the last thing we got to in the last lecture Again relatively prime greatest common divisor between the two numbers is one Four and one are relatively prime Four and two are not relatively prime four and three are How many numbers are? Relatively prime with four That are less than four two Three and one are less than four and relatively prime So there are two numbers less than four relatively prime with it We have a special name for this the number of numbers less than n and Relatively prime with n is called Euler's toshent and we write use this symbol to say the toshent of four equals two We calculated some others the number of numbers less than eight and relatively prime with eight There are four numbers. So the toshent of eight is four So we had those two in the previous examples and then we did a couple of others as With our numbers get larger We need to check all the numbers less than n as n gets larger that becomes time-consuming to check if it's relatively prime But there are some shortcuts There are some types of numbers where we can calculate the toshent very quickly if n is prime The toshent of a prime number All numbers less than a prime number will be relatively prime with that number So all numbers less than 13 will be relatively prime with 13 therefore the toshent of 13 is 12 there are 12 numbers less than 13 12 integers I should say the toshent of a prime number is That prime number minus one so that's the shortcut if we know we have a prime number We can calculate its toshent If we don't have a prime number, we know it's not prime. It's composite then we Have to calculate manually. I think the lecture notes are not there. They'll be there at the break Some are there, but they may be printing some so they may run out You can go get them now or you can wait for the break. We're just going to do some more examples on the paper so We're not referring to the slides just yet. The toshent of a prime number is the prime number minus one and another extension of that if We know some number is made up from multiplying two prime numbers 35 if we factor it into its primes is seven times five seven and five are both primes Then the toshent of seven times five is the same as the toshent of seven times by the toshent of five And it's easy to show that you can Look at the the reasons why the toshent of a prime is P minus one and it follows and The toshent of a prime seven is easy six the toshent of the prime five is easy. It's four therefore the toshent of non-prime of composite 35 Is easy to calculate it's six times four 24 So in fact a toshent of a prime number is easy to calculate and the toshent of a number which is Has two prime factors or it's two factors are both prime is also easy to calculate and That's a key principle or rule will use shortly if we have a number n and We know that it's made up of multiplying two primes together We can easily calculate the toshent of that number By calculating the toshent of the two prime factors and multiplying them together If we can't do that Then we need to go the long way Try all numbers up to n try number two three four and check them all and Check if they are greatest common divisor is one When n is large Calculating the toshent is Very slow if n is large enough you cannot calculate the toshent within reasonable time And that will be a security feature like brute force attacks if we set the key large enough We can't guess the key. We can't decrypt within reasonable time Therefore we consider a key of a particular length secure. We'll see that shortly that if we have an n large enough If the attackers trying to calculate the toshent of n so long as n is large enough and then they can't find the toshent of n within reasonable time So we'll get to that in a cipher let's give two equations two theorems and Give a couple of examples them and then we'll return to our last two operations So that's what we went through last week and again, sorry. You don't have the lecture notes in front of you So we've covered these operations What we're going to do and I'll write them again down again is we're going to look at two theorems We're not going to prove them. We're just going to use them So I'll give the theorems to you and we'll use them to solve some problems The first one's Fermat's theorem and the second one's Euler's theorem Euler from Euler's toshent functions and Fermat's theorem comes in two forms Let's focus on the second form So we can consider it. It's the same theorem, but just stated in different ways. We'll just use the second form if we have P as a prime number and A is some positive integer Then Fermat's theorem tells us that a to the power of P is the same as a When we in mod P that is a to the power of P mod P equals a As long as P is prime and a is a positive integer under the condition P is prime We're not going to explain why that's the case. There's proof of that theorem We're going to use it when we see some cryptographic algorithms So what it tells us as an example What is three to the power of five mod five? Easy, isn't it? You can calculate it the long way you can calculate what is three to the power of five with your calculator and then mod by five Or you can see well this holds the form of Fermat's theorem some integer to the power of a prime Mod by that same prime Some integer a to the power of some prime mod by that prime is equal to a So the answer is three. I don't need my calculator to calculate three to the power of five and That's the idea. We can use Fermat's theorem if we have some Statement in the form that we can quickly get the answer We don't need to calculate and that's again very useful when we have large numbers one large number To the power of some other large number Gives us what? Take one large number Hundreds of digits long Raise it to the power of another large number Hundreds of digits long. What's the answer a very very large number because you raise to the power Then you multiply many many times and the number the answer gets very very long long enough that your computer cannot calculate But if we have it in the form of Fermat's theorem, we can find the answer From the theorem. We don't need to calculate it. What about another one? Can we check that? What is three to the power of five? If with your calculator Does anyone have a calculator? Right, let's calculate Three to the power of five 243 243 mod Five three okay, just confirm that three to the power of five. We could calculate this because it's such a small number so that one Checks maybe calculate this one manually three to the power of three mod three zero Does Fermat's theorem hold? This is a bit of a trip It is zero three to the power of three 27 mod three the remainder is zero But still Fermat's theorem holds because in fact when we do mod three three is the same as zero so Equals zero in mod three because three mod three is zero so it does hold when I have mod three I shouldn't be using numbers of three or more Because three is the same as zero So just be careful that this is a trick in that Yes, Fermat theorems hold because three equals zero in mod three So sometimes you'll come across this and you need to simplify when you have mod n get all the numbers To be less than n mod by n first The other theorem so we'll come back to that we'll see it in play, but Let's just give you the other one Euler's theorem and there are two forms again So Euler's totient function we know it's the number of numbers less than n which are relatively prime with n and there are some shortcuts Euler's theorem has two forms the second one we'll use for positive integers integers a and n if We have a some integer to the power of the totion of n plus one and We mod by n we end up with a Let's write it down and see it in some examples We don't necessarily need primes there a to the power of the totion of n plus one When we mod by n gives us a 97 to the power of 121 mod by 143 try it on your calculator first and Then apply one of our theorems Your phone has a calculator a Chance to use your phone during the lecture 97 of the power of 121 find out what it is and then mod by 143 97 to the power of 121 we could calculate this the manual approach And we give this long number it doesn't even fit on my screen, okay, that is 97 of the power of 121 and then we take that number and mod by 143 What do we expect to get? 97 why is that so that's the answer? Why does it why do we know that without having to calculate? The power well, let's check and see whether this matches Euler's theorem So if we do the manual that way we can do it and we find it's 97, but why is that? Well Euler's theorem some integer to the power of the totion of n plus one if we mod by n We should get that integer a back Does that work? What is the totion of 143 and here's a hint 143 is not prime find the 143 shouldn't take long If you do it with a shortcut It'll take long if you do it manually you check is to relatively prime with 143 is three relatively prime with 143 if you go through up to 142 you will spend a lot of time well 10 15 minutes But try a shortcut Why find the shortcut that is not having to try all 142 numbers and Some of the shortcuts remember The totion of a prime is the prime minus one, but I'm telling you 143 is not prime so that shortcut doesn't work The other shortcut the totion of a number which has two prime factors is Equal to the totion of those two prime factors multiplied together So the shortcut find the two prime factors of 143 find the factors of 143 then you'll see Something times something equals 143. What is something? What did you get something one of the somethings is 11? 11 times 13 is a 143 and the shortcut for Euler's totion function is if we know that there's just two primes multiplied together then this is the totion of 11 times 13 and that Simplifies to the totion of 11 Times by the totion of 13 and now we can find the totion of these numbers because we know they're both primes The totion of 11 is 10 The totion of 13 is 12 The totion of 143 is 120 Because 143 has two prime factors. It's Factors are both primes Now we compare to Euler's theorem some integer 97 to the power of the totion of our modulus Modulus 143 the totion of 143 is 120 plus 1 97 to the power of 121 Mod by 143 it matches Euler's theorem So we can find the answer is immediately 97. So we don't need to calculate The power we could in this case the small numbers 97 and 121 but with larger numbers Again, it would take Not be possible to calculate So if it's the form of Euler's theorem, we can find the solution easily so we're going to use this theorem Euler's totion function and some of our other module arithmetic in a cryptographic algorithm in a moment any questions so far in these The use of the theorems for example in the exam I'll give you them or you'll remember the the theorems and you just need to know when to apply them All right, so you may see some statement or some Equation equation And then you need to think ah can I use one of the theorems to find the answer easily and In this course you'll usually have to use one of those two if there's similar structured questions So we've gone through most of the principles of number theory. We've got one more concept to cover Let's try What operations have we done we've done addition Subtraction subtraction is add them additive inverse We've done multiplication and division Division is multiplied by the multiplicative inverse. What are the next two operations? add subtract multiply divide Two more operations to the power of Which we sometimes say exponentiation the exponent so Some number to the power of some other number It's called exponentiation and what's the opposite operation? Not square root is a special case Logarithm is the general case. Okay, logarithm takes us back and gets the original answer So we need to do those but with mod n in modular arithmetic So we'll give a couple of examples exponentiation is easy Easy in our brains at least we just use the same concept as normal exponentiation But let's just remind you with before modular arithmetic ordinary arithmetic just no modulus remind you Two to the power of six everyone remembers their powers of a two to the power 64 because we deal in binary so log In base two of 64 equals Six so this is we say logarithm is the inverse operation of exponentiation The base is to the exponent is six the answer is 64 If we take that answer 64 if we know the base is two Then the exponent is six. So that's our logarithm operation or the other way If I know the log of 81 in base three is four then three is the base Four is the exponent and the answer is 81 Three to the power of four is 81. That's our normal arithmetic We want to do those operations, but everything mod n modular arithmetic three to the power of two mod seven and Similar with addition and multiplication. We can do that manually and just mod by seven at the end and we get two nine mod seven two So exponentiation is easy at least conceptually that we just Calculate the exponent in the normal way and then mod the answer by our modulus seven in this case Easy conceptually of course if we have large numbers, it may not be easy a Large number to the power of another large number gives us a very very large number and That may be hard to calculate and then mod But we do know that we can simplify These using our properties of multiplication. We saw an example last week We had eleven to the power of seven Mod by some number we broke eleven to the power of seven into eleven to the power of four times eleven to the power of two Times eleven to the power of one so we can simplify the calculations but Exponentiation conceptually is easy. What about logarithms? Well using the same concept we would say the log The base is three Now we added another number here. We don't have three numbers We now have four we also have the modulus and the way we write it is commonly three and there's another parameter here seven the modulus n the logarithm with base three mod seven of Two the answer Equals the exponent Two Three is the base seven is the modulus In the brackets two is the answer that we had from the previous operation Equals the exponent. What did we raise to the power of two? This is the logarithm Or we can we know that because we just did the exponentiation We have a special name for this logarithm in mod n. It's often referred to as the discrete logarithm so to Avoid confusion we'll often write D log or discrete log discrete logarithm the discrete log of two In base three with mod seven equals two So that's how we write the logarithm. What is the discrete log in? base three mod seven of six Find the answer Think about from the exponentiation view. What what does it mean this question? What are we trying to find? What's your calculator say? one This is not a normal logarithm. You can't use the log button on your calculator Because here it's a mod n So it's it's not the normal logarithm that we use on our calculator And that's why we refer to as something slightly different. We call it the discrete logarithm same concept But everything is mod n The discrete log of six Base three mod seven. So what we need to think of three to the power of something Mod by seven gives us six Take three is the base raise it to some power and these are all integers Mod by seven and the answer should be six three to the power of something mod seven Equal six what is that something three to the power of three Three to the power of three is twenty seven twenty seven mod seven Remainder is six so the the something the exponent is three there Therefore the discrete log of six in base three mod seven is three So that's how we think of discrete log any questions on logarithms Right in our modular arithmetic everything is from one up to n minus one Where n is the modulus here in the example n is seven mod seven the the numbers we deal with are from zero to six always so Yes, it must be three to the power of some integer mod seven gives us six and These numbers should be all less than seven of course if we have Ten here It's the same because ten equals three in mod seven If we have a number larger than seven we bring it back to the in the set zero to six Don't use your calculator to solve a log a discrete logarithm. It won't work What about another number? We'll stick with small numbers so you can easily check them Stay with mod seven Discrete log base two mod seven of four think about What the exponent should be think about the exponentiation operation something Two to the power of something mod seven equals four. What is that something to? anyone else with an answer five Someone said two someone said five. Let's check so let's check from the the exponentiation base is two Two to the power of something mod seven equals four What if the something is someone said two? Correct two to the power of two is four mod seven is four. Okay, so the answer is two But someone else said five Two to the power of something mod seven Equals four does five work two to the power of five is thirty two 32 mod seven Is also four Which one's correct? They are both correct according to our definition of Two to the power of some integer mod seven equals four where it could be two or five both of them are less than seven Okay, so that's okay, so we have two potential answers here Now this is no good, especially when we use it in cryptography and we'll say that the discrete log in base two or Mod seven or four We don't have a unique answer We don't or sometimes we say there is no answer. There's no single answer. So We'll often say that We don't want to have such a discrete log because we don't know what is the real answer If we're using as an inverse operation and that's what we're using cryptography We'll do an encrypt and decrypt if one operation is the Exponentiation and you give me the number four and you tell me you used a base of two and mod seven and I need to find out what exponent. Do you did you use? I don't know whether you use two or five So that's a problem and we'll say for cryptography that There's no unique answer here, and we don't want to have such such problems to solve in cryptography We if we want to find a discrete log, we want to make sure that there's always a unique answer So the point is only some values have unique answers Not all values have unique answers This had a unique answer of two this one had a unique answer of three, but Here we don't have a unique answer the last thing When do we have a unique answer under what cases do we get a unique answer? Well, let's consider in our mod seven and Let's consider the possible answers Let's continue with mod seven some integer raised to the power of some exponent i Mod seven. Let's look at the answers What are the possible exponents that are of interest to us? Exponent of zero is not very interesting Raise a number to the power of zero and you always get one right? Let's skip zero So even to the power of one is not so hard either, but we'll write it down up to the power of six Because in mod seven the numbers we deal with are from zero to six if we get to seven It's the same as zero. So let's write down For different values of a the answer of a to the power of one through to six where a write in a matrix find the answers of a is one a to the power of one or mod seven a Is still one a squared mod seven and we'll write the answers here The first row is easy when a is one One to the power of anything gives us one mod by seven we still end up with one. So the answers here are one all the way through So this is exponentiation, and then we'll see it when we return to the opposite discreet logarithm If a is two Two to the power of one mod seven Two to the power of two mod seven four two to the power of three mod seven Two to the power of three is eight Mod seven is one two to the power of four mod seven Two to the power of four is sixteen mod seven gives us two Fill it in for the rest Thank you two minutes You can use your calculator if you And for the next row it's just a little more in and then we'll see how it relates to discrete logarithm Two to the power of five is thirty two mod seven four to the power of six 64 mod seven Nine sevens of sixty three gives us one now the powers three to the power The first one's easy three squared nine Mod seven is two Three cubed is twenty seven mod seven six Give you a chance to fill in the rest It's all right. You're allowed to have the calculator in an exam not your phone, but a calculator Make sure you have a calculator the next two weeks Can someone tell me the answers so I don't have to calculate Three to the power of four mod seven Four three to the power of five mod seven five Three to the power of six mod seven now powers of four Four to the power of one is four four squared sixteen mod seven is two Four cubed Let's bring up the calculator What do we got? Four to the power of three mod seven Four to the power of four mod seven four to the power of five mod seven four to the power of six mod seven One four two one to finish off that row And while we're here Five let's go through them all Five to the power of three mod seven So with five the answers are five four six two three one You write them down. I'll do the rest Six to the power of one through to six with six the answers are six one six one six one So I didn't did them for you write down values good and have a look at the patterns For different values of a When do you get unique answers? Let me write them down that is with mod seven With all possible values of a We raised the power and then mod by seven these are the answers Why do we do this? We want to know when do we have a unique discrete logarithm? The opposite remember is the discrete log discrete log in the base a mod seven of Some number Let's say equals x of some number x Because our exponent I We can calculate the exponentiation all right we can calculate those values But when can we find a unique answer for the discrete logarithm? Well, let's look up our table If a is let's take an interesting number a is two So the second row here if a is two If the answer is four What's the exponent? If x is four the discrete log base two mod seven. What's the index I? Base two the answer is four the index is either two or five We don't have a unique answer there We don't want this case In cryptography when we apply the discrete logarithm, we want a unique answer here We don't know which is the answer What if the base was three? a is three Discrete log base three mod seven so the third row If our answer x was six What's the index or the exponent I? Well, there's only one value of six here, so it must be three The discrete log of Six is three if the discrete log of five we know is five the discrete log of two is two Because when the base is three We know that these six values are distinct There's no repetition and You should see that in that table You see the pattern some of them repeat this number repeats two four one repeat with three of Those six answers. They're all different and That's what we need if we want to be able to find a unique discrete logarithm If we have repetition then it could be one of multiple answers with four we have repetitions You see here. It's four two one four two one with six. It's six one six one With five we have distinct values When we want to have to discrete discrete log with mod seven We'll only use a base of three or five Because only those two bases will give us a unique answer the other bases of one two four and six will give us non-unique answers and If we don't have an answer, which is unique. We don't know which is the correct one And we'll see that's not useful when we apply cryptography Because what we're going to do is use Exponentiation is one operation like in crypt discrete logarithm to decrypt and We need to get the correct answer so Three and five are the only bases that we can use there what we say is that There's a name for those Three and five are primitive roots of seven Three and five are primitive roots of seven meaning For all the numbers up until seven zero up to we're here. We cover one up to six that are greater than zero We raise those Three to all those powers and you'll get a distinct set of answers That's what the definition of a primitive root here or If we want to find a unique discrete logarithm in mod n The base must be a primitive root of n discrete log of six base three is We can simply look it up in the table. It's discrete log of six base three is three the answer is six Index what exponent gives us? The answer of six in base three eight three gives a six The exponent is three So we can't find discrete logarithms of any number We can only find unique answers for when we have a primitive roots as the base the last thing to say Finding discrete logarithms is hard When we have large numbers it takes a long time to find the answer So unless we have some shortcuts a long time if the numbers are large enough You'll never find the answer of a discrete logarithm. There are no known algorithms that would do it in reasonable time And that will be used as a security feature Questions on discrete logarithms right So how does our computer calculate this there are algorithms that will try to Simplify to find the discrete logarithm. So in the same way that there are algorithms to find prime numbers different algorithms Same for defining discrete logarithms. There are algorithms Faster than what we did here. Okay, but when the numbers are large enough they Still will take forever in practical time to find the answer. Okay, so there's no fast algorithms Well, when you punch in the well exponentiation we see it's quite simple It's similar our normal arithmetic. So the way that your computer does Exponentiation raised to the power but again there are algorithms to speed it up the exponentiation we saw Was it 11 to the power of 7? Rather than calculating that directly we can break it into 11 to the power of 4 times 11 to the power of 2 times 11 to the power of 1 that's one of the algorithms for speeding up the calculation So there are ways to speed up the calculation. Yes, and your computer will implement them But for discrete logarithm. There are ways to speed it up, but no way to make it Solvable with very large numbers So many people may have the lecture notes now, but let's just summarize what we've done. We've gone through a number of examples today Fermat's theorem the second form we've looked at and that's what we'll use Oilers-Totian function the number of numbers less than n relative to prime with n Oilers theorem Remember it or use it we'll see some examples Logarithms we refer to as discrete logarithms. So that defines what we just did in those examples the discrete log base a prime P at mod P of Number B the index the exponent is I So we've seen discrete logarithms and we can only find an answer a unique answer with a discrete log When we have primitive roots And it's more than the case we considered when P the modulus is prime We used mod 7 7 is prime then we can find unique answers if The base a is a primitive root of that prime P All raised to the powers and we get unique answers This is for mod 19 prime P of equal to 19 similar to what we did but with the The textbook gives a picture of the primitive roots of 19 if you look closely at two three ten 13 14 and 15 all the numbers when we raise to the power of One through to 18 give us a unique set of answers There's no repetition in the answers and we can use that to find the discrete logarithm. So that's just a look up that grabs those six rows from that table and to finish We've mentioned along the way, but we'll summarize Some of the problems that we've come across we say are very hard to solve We define as computationally hard in that if we have inputs large enough There are no known algorithms that can solve them in reasonable time Your computer cannot find the answer if the numbers are large enough and the three problems Which are about equivalent in complexity integer factorization Which is and we'll see it for our security given some number n We know n was made up of multiplying two primes together p and q I Give you n find p and q If n is large enough, you will not be able to find p and q. That's the problem Where p and q are primes Find them. Well, that's considered. They're no known algorithms. It would do it within reasonable time How large is large some examples maybe these are a bit old now, but the two primes were 768 bits Or about 200 decimal digits, so you write down a prime number 200 digits long and Another prime number 200 digits long Multiplied them together and you get a much bigger number n I Give you n you will not be able to find those two primes p and q the other thing. That's hard to calculate oil is tosian given n I Give you n find the tosian of n Assuming n's not prime. It's composite Find the tosian of n and that's considered Hard to solve if n is large enough Hard harder than solving factorization in fact We'll see that in one of the algorithms will come across where n is equal to two primes multiplied together It's easy to calculate the tosian of n if you know p and q We have a shortcut But it's hard to find the tosian of n if you don't know p and q because there's no known algorithms That will be a security feature Discrete logarithms are hard to find the answer to given The modulus p the x the base a and the answer b find the exponent i It takes a long time to solve that so these are three problems and It will be easy to calculate n Or the tosian of n if we know p and q, but if you don't know p and q find Find those values we'll see that they're not solvable and that will be a security feature of the algorithm called RSA Let's finish with one or a couple of examples. You can finish over the break Just to remind you quickly solve these No calculator required Maybe in the last one for questions taken from past quizzes or exams We need to solve The last one I think a calculator was allowed the first three. No allowed the idea is to think about the shortcuts Not to solve them manually, but to think about How can I get the answer to the tosian of 23 quickly? Is there some? Characteristic of 23 that makes it easy to calculate is there? What's the answer here? Why is it 22? 23 is prime so the shortcut is if we have the tosian of a prime number the answer is that prime number minus one There are 22 numbers less than 23 Which are relatively prime with 23? So there's the shortcut we recognize 23 is prime Next one what shortcut are you only use? No calculator Well the hint we've introduced two theorems Firmats theorem and Euler's theorem one of those See if it matches one of those and I've created it such that it should Discrete logarithm base to mod 19. That's a nine there of three Well, if you look at your slides, if you don't have them, I'll show it up. You can look Look up that value the discrete logarithm It's actually on one of the slides. Sorry if you don't have it log base to mod 19 of a The answer is three Where is three the exponent should be also here? three 13 this one's better the other ones back to front similar to table we drew two to the power of 13 Mod 19 equals three therefore the discrete log of three in base to mod 19 equals 13 So that one requires a cup table because we we take time to solve it ourselves