Number Theory for Computing Springer-Verlag Berlin Heidelberg GmbH SongY. Yan Number Theory for Computing With 25 Figures, 67 Images, and 31 Tables Springer SongY. Yan Computer Science Aston University Birmingham B4 7ET UK [email protected] ACM Computing Classification (1998): F.2.I, E.3-4, DA.6, B.2A, I. 1.2 AMS Mathematics Subject Classification (1991): llAxx, llT71, llYxx, llDxx, llZ05, 68Q25, 94A60 Library of Congress Cataloging-in-Publication Data Yan,SongY. Number theory for computing 1 Song Y. Yan. p.cm. Includes bibliographical references and index. ISBN 978-3-662-04055-3 ISBN 978-3-662-04053-9 (eBook) DOI 10.1007/978-3-662-04053-9 1. Number theory. 2. Computer science--Mathematics.l. Tide. QA241 .Y272000 512'.7--dc21 99-058845 ISBN 978-3-662-04055-3 This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilm or in any other way, and storage in data banks. Duplication of this publication or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, in its current version, and permission for use must always be obtained from Springer-Verlag Berlin Heidelberg GmbH. Violations are liable for prosecution under the German Copyright Law. © Springer-Verlag Berlin Heidelberg 2000 Originally published by Springer-Verlag Berlin Heidelberg New York in 2000 Softcover reprint of the hardcover I st edition 2000 The use of general descriptive names, trademarks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. Cover Design: Künkel + Lopka, Werbeagentur, Heidelberg Typesetting: Camera ready by author SPIN 10707450 45/3142/SR - 543 2 1 0 - Printed on acid-free paper Preface Mathematicians do not study objects, but relations among objectsj they are indifferent to the replacement of objects by others as long as relations do not change. Matter is not important, only form interests them. HENRI POINCARE (1854-1912) Computer scientists working on algorithms for factorization would be well advised to brush up on their number theory. IAN STEWART [219] The theory of numbers, in mathematics, is primarily the theory of the prop erties of integers (i.e., the whole numbers), particularly the positive integers. For example, Euclid proved 2000 years aga in his Elements that there exist infinitely many prime numbers. The subject has long been considered as the purest branch of mathematics, with very few applications to other areas. How ever, recent years have seen considerable increase in interest in several central topics of number theory, precisely because of their importance and applica tions in other areas, particularly in computing and information technology. Today, number theory has been applied to such diverse areas as physics, chemistry, acoustics, biology, computing, coding and cryptography, digital communications, graphics design, and even music. In particular, congruence theory has been used in constructing perpetual calendars, scheduling round robin tournaments, splicing telephone cables, devising systematic methods for storing computer files, constructing magic squares, generating random numbers, producing highly secure and reliable encryption schemes and even designing high-speed (residue) computers. It is specifically worthwhile point ing out that computers are basically finite machines; they have finite storage, can only deal with numbers of some finite length and can only perform es sentially finite steps of computation. Because of such limitations, congruence arithmetic is particularly useful in computer hardware and software design. This book takes the reader on a journey, starting at elementary number theory, going through algorithmic (or computational) number theory, and finally finishing at applied number theory in computing science. It is divided into three chapters: VI Preface - Elementary Number Theory, - Algorithmic (or Computational) Number Theory, - Applied Number Theory in Computing and Cryptography. The first chapter is mainly concerned with the basic concepts and results of divisibility theory, congruence theory, continued fractions, Diophantine equa tions and elliptic curves. A novel feature of this chapter is that it contains an account of elliptic curves, which is not normally provided by an elementary number theory book. The second chapter provides abrief introduction to the basic concepts of algorithms and complexity and introduces some important and widely used algorithms in computational number theory, particularly those for primality testing, integer factorization, and discrete logarithms. The third chapter of the book discusses some novel applications of elementary and computational number theory in computing and information technology; it covers a wide range of topics such as sec ure communications, information sys tems security, computer organisations, error detections and corrections, hash function design, and random number generation. Throughout the book we follow the style "Definition-Theorem-Algorithm-Example" to present our ma terial, rather than the traditional Hardy-Wright "Definition-Theorem-Proof" style [89], although we do give proofs to some theorems. We believe this is the most suitable way to present mathematical material to computing profes sionals. As Donald Knuth [109] pointed out in 1974; "It has often been said that a person does not really understand something until he teaches it to someone else. Actually a person does not really understand something until he can teach it to a computer." The author strongly recommends readers to implement all the algorithms and methods introduced in this book on a computer using a mathematics (computer algebra) system such as Maple in order to get a better understanding of the ideas behind the algorithms and methods. A small number of exercises is also provided in so me sections, and it is worthwhile trying all of them. This book is self-contained with no previous knowledge of number theory or abstract algebra assumed. The only prerequisites are some familiarity with high-school mathematics. The book is suitable either as a text for courses in Number Theory for Computing, Cryptography and Computer Security, Mathematics for Computing, or as a basic reference in the field. Acknowledgements I started to write this book in 1990 when I was a lecturer in the School of Mathematical and Information Sciences at La Trobe University, Australia. I completed the book when I was at the University of York and finalized it at Coventry and Aston Universities, all in England. I am very grateful to Prof. Bertram Mond and Dr. John Zeleznikow of the School of Mathemat ical and Information Sciences at La Trobe University, Dr. Terence Jackson Preface VII of the Department of Mathematics and Prof. Jim Austin of the Department of Computer Science at the University of York, Prof. Glyn James, Mr. Brian Aspinall and Mr. Eric Tatham of the School of Mathematical and Informa tion Sciences at Coventry University, and Prof. David Lowe and Dr. Ted Eisworth of Computer Science and Applied Mathematics at Aston Univer sity in Birmingham for their many fruitful discussions, kind encouragement and generous support. Special thanks must be given to Dr. Hans Wössner and Mr. Andrew Ross at Springer-Verlag Berlin/Heidelberg and the referees of Springer-Verlag, for their comments, corrections and suggestions. During the long period of the preparation of the book, I also got much help in one way or another from, whether they are aware of it or not, Prof. Eric Bach of the University of Wisconsin at Madison, Prof. Jim Davenport of the Univer sity of Bath, Prof. Richard Guy of the University of Calgary, Prof. Martin Hellman of Stanford University, Dr. David Johnson of AT&T Bell Labo ratories, Prof. S. Lakshmivarahan of the University of Oklahoma, Dr. Ajie Lenstra of Bell Communication Research, Prof. Hendrik Lenstra Jr. of the University of California at Berkeley, Prof. Roger Needham and Dr. Richard Pinch of the University of Cambridge, Dr. Peter Pleasants of the Univer sity of the South Pacific (Fiji), Prof. Carl Pomerance of the University of Georgia, Dr. Herman te Riele of the Centre for Mathematics and Computer Science (CWI), Amsterdam, and Prof. Hugh William of the University of Manitoba. Finally, I would like to thank Mr. William Bloodworth (Dallas, Texas), Dr. John Cosgrave (St. Patrick's College, Dublin), Dr. Gavin Doherty (Rutherford Appleton Laboratory, Oxfordshire), Mr. Robert Pargeter (Tiver ton, Devon), Mr. Alexandros Papanikolaou (Aston University, Birmingham), and particularly Prof. Richard Brent (Oxford University Computing Labora tory), Dr. Rodney Coleman (Universite Joseph Fourier, Grenoble) and Prof. Glyn James (Coventry University) für reading the variüus versiüns üf the book. As communicated by Dr. Hans Wössner: nothing is perfect and no body is perfect. This book and the author are no exception. Any comments, corrections and suggestions from readers of the book are especially very wel come and can be sent to the author either by ordinary mail or by e-mail to [email protected]. Birmingham, February 2000 S. Y. Y. Table of Contents 1. Elementary N umber Theory ............................. 1 1.1 Introduction............................................... 1 1.1.1 What is Number Theory? ............................. 1 1.1.2 Algebraic Preliminaries ............................... 12 1.2 Theory of Divisibility ....................................... 20 1.2.1 Basic Properties of Divisibility . . . . . . . . . . . . . . . . . . . . . . . .. 20 1.2.2 Fundamental Theorem of Arithmetic. . . . . . . . . . . . . . . . . . .. 24 1.2.3 Mersenne Primes and Fermat Numbers. . . . . . . . . . . . . . . . .. 27 1.2.4 Euclid's Algorithm ................................... 32 1.2.5 Continued Fractions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 36 1.3 Diophantine Equations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 41 1.3.1 Basic Concepts of Diophantine Equations. . . . . . . . . . . . . . .. 41 1.3.2 Linear Diophantine Equations. . . . . . . . . . . . . . . . . . . . . . . . .. 42 1.3.3 Pell's Equations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 45 1.4 Arithmetic Functions ....................................... 50 1.4.1 Multiplicative Functions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 50 1.4.2 Functions r(n), a(n) and 8(n) ......................... 51 1.4.3 Perfect, Amicable and Sociable Numbers . . . . . . . . . . . . . . .. 54 1.4.4 Functions <jJ(n), A(n) and f-t(n) ......................... 61 1.5 Distribution of Prime Numbers. . .. . . . . . . . . . . . . . . . . . . . . . . . . . .. 64 1.5.1 Prime Distribution Function 7r(x) ...................... 65 1.5.2 Approximations of7r(x) by x/lnx ...................... 67 1.5.3 Approximations of 7r(x) by Li(x) ....................... 73 1.5.4 The Riemann (-Function ((8) . . . . . . . . . . . . . . . . . . . . . . . . .. 74 1.5.5 The nth Prime.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 83 1.5.6 Distribution of Twin Primes . . . . . . . . . . . . . . . . . . . . . . . . . .. 86 1.5.7 The Arithmetic Progression of Primes. . . . . . . . . . . . . . . . . .. 89 1.6 Theory of Congruences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 90 1.6.1 Basic Properties of Congruences. . . . . . . . . . . . . . . . . . . . . . .. 90 1.6.2 Modular Arithmetic .................................. 94 1.6.3 Linear Congruences. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 96 1.6.4 The Chinese Remainder Theorem ...................... 101 1.6.5 High-Order Congruences .............................. 104 1.6.6 Legendre and Jacobi Symbols .......................... 107 X Table of Contents 1.6.7 Orders and Primitive Roots ............................ 115 1.6.8 Indices and kth Power Residues ........................ 120 1. 7 Arithmetie of Elliptie Curves ................................. 124 1.7.1 Basic Coneepts of Elliptie Curves ....................... 125 1.7.2 Geometrie Composition Laws of Elliptie Curves .......... 128 1. 7.3 Algebraie Computation Laws far Elliptic Curves .......... 129 1. 7.4 Group Laws on Elliptic Curves ......................... 133 1. 7.5 N umber of Points on Elliptic Curves .................... 134 1.8 Bibliographie Notes and Further Reading ...................... 135 2. Algorithmic Number Theory ............................. 139 2.1 Introduetion ............................................... 139 2.1.1 What is Algorithmie Number Theory? .................. 139 2.1.2 Effective Computability ............................... 142 2.1.3 Computational Complexity ............................ 146 2.1.4 Complexity of Number-Theoretic Algorithms ............ 153 2.1.5 Fast Modular Exponentiations ......................... 159 2.1.6 Fast Group Operations on Elliptic Curves ............... 163 2.2 Algorithms for Primality Testing ............................. 167 2.2.1 Deterministie and Rigorous Primality Tests .............. 167 2.2.2 Fermat's Pseudoprimality Test ......................... 170 2.2.3 Strong Pseudoprimality Test ........................... 173 2.2.4 Lueas Pseudoprimality Test ............................ 179 2.2.5 Elliptic Curve Test ................................... 186 2.2.Q Historical Notes on Primality Testing ................... 190 2.3 Algorithms for Integer Faetorization .......................... 192 2.3.1 Complexity of Integer Factorization ..................... 192 2.3.2 Trial Division and Fermat Method ...................... 196 2.3.3 Legendre's Congruence ................................ 198 2.3.4 Continued FRACtion Method (CFRAC) ................ 201 2.3.5 Quadratie and Number Field Sieves (QSjNFS) ........... 204 2.3.6 Polland's "rho" and "p - I" Methods ................... 208 2.3.7 Lenstra's Elliptic Curve Method (ECM) ................. 215 2.4 Algorithms for Diserete Logarithms ........................... 218 2.4.1 Shanks' Baby-Step Giant-Step Algorithm ................ 219 2.4.2 Silver-Pohlig-Hellman Algorithm ....................... 222 2.4.3 Subexponential Algarithms ............................ 226 2.4.4 Algorithm for the Root Finding Problem ................ 227 2.5 Quantum Number-Theoretie Algorithms ....................... 230 2.5.1 Quantum Information and Computation ................. 230 2.5.2 Quantum Computability and Complexity ................ 235 2.5.3 Quantum Algorithm far Integer Factarization ............ 236 2.5.4 Quantum Algorithms for Discrete Logarithms ............ 241 2.6 Miscellaneous Algorithms in N"umber Theory ................... 243 2.6.1 Algorithms for Computing 1f(x) ................ , ....... 243 Table of Contents XI 2.6.2 Algorithms for Generating Amieable Pairs ............... 249 2.6.3 Algorithms for Verifying Goldbaeh's Conjecture .......... 252 2.6.4 Algorithm for Finding Odd Perfeet Numbers ............. 255 2.7 Bibliographie Notes and Further Reading ...................... 257 3. Applied Number Theory ................................. 259 3.1 Why Applied Number Theory? ............................... 259 3.2 Computer Systems Design ................................... 261 3.2.1 Representing Numbers in Residue Number Systems ....... 261 3.2.2 Fast Computations in Residue Number Systems .......... 264 3.2.3 Residue Computers ................................... 269 3.2.4 Complementary Arithmetie ............................ 269 3.2.5 Hashing Functions .................................... 273 3.2.6 Error Deteetion and Correction Methods ................ 277 3.2.7 Random Number Generation .......................... 282 3.3 Cryptography and Information Seeurity ....................... 287 3.3.1 Introduetion ......................................... 288 3.3.2 Seeret-Key Cryptography .............................. 289 3.3.3 Data/ Advaneed Eneryption Standard (DES/ AES) ........ 299 3.3.4 Publie-Key Cryptography ............................. 303 3.3.5 Diserete Logarithm Based Cryptosystems ................ 309 3.3.6 RSA Publie-Key Cryptosystem ......................... 313 3.3.7 Quadratic Residuosity Cryptosystems ................... 326 3.3.8 Elliptic Curve Publie-Key Cryptosystems ................ 332 3.3.9 Digital Signatures .................................... 336 3.3.10 Digital Signature Algorithm/Standard (DSA/DSS) ....... 342 3.3.11 Database Seeurity .................................... 344 3.3.12 Seeret Sharing ....................................... 348 3.3.13 Internet/Web Seeurity and Eleetronic Commeree ......... 352 3.3.14 Steganography ....................................... 356 3.3.15 Quantum Cryptography ............................... 358 3.4 Bibliographie Notes and Further Reading ...................... 359 Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363 Index ......................................................... 375