1 / 21

The structure of finite rings

The structure of finite rings. and finite exponentiation. The multiplicative residues. We have seen that the finite ring Z p is a field, that is, every non-zero element of Z p has a multiplicative inverse.

adam-monroe
Download Presentation

The structure of finite rings

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The structure of finite rings and finite exponentiation

  2. The multiplicative residues • We have seen that the finite ring Zp is a field, that is, every non-zero element of Zp has a multiplicative inverse. • It is a convention to write Zp* for the non-zero elements {1, 2, 3, ..., p-1}. • Zp* is the set of multiplicative residues modulo p.

  3. Modular exponentiation • Public key cryptography explores the properties of the exponentiation function in Zp* • Defined as repeated multiplication: • g5mod p := g * g * g * g * g mod p. • To exponentiate by negative values, exponentiate the inverse: • g-3 := g-1 * g-1 * g-1mod p.

  4. Exponent rules • Addition/subtraction rules: • gk gj = gk+jin Zn* • gk g-j = gk-jin Zn* • Multiplication rule: • (gk)j = gkj in Zn*

  5. Non-prime modulus • If n is not prime, then not all non-zero elements are invertible. • In this case, we write Zn* for the invertible elements only. • Examples: • Z14* = {1, 3, 5, 9, 11, 13} • Z15* = {1, 2, 4, 7, 8, 11, 13, 14}

  6. Generators • Consider the following: • In Z14* = {1, 3, 5, 9, 11, 13}; • 32 =9 mod 14; 33 =13 mod 14; 34 = 11 mod 14; 35 = 5 mod 14; 36 = 1 mod 14. • In Z14* every element is a power of 3. We say that 3 is a generator. • Do generators always exist?

  7. Prime modulus • If n is a prime, or twice a prime, then Zn* always has a generator. • We have already seen this for n = 14 = 2*7. • Otherwise, generators do not exist. • An important case is when n = pq, where both p and q are odd and prime. In this case, there is an element that generates 1/2 of Zn* .

  8. Example • Z15* = {1, 2, 4, 7, 8, 11, 13, 14} • 21 =2 mod 15; 22 =4 mod 15; 23 =8 mod 15; 24 =1 mod 15 • 41 = 4 mod 15; 42 = 1 mod 15; • 71 =7 mod 15; 72 =4 mod 15; 73 =13 mod 15; 74 =1 mod 15; • 81 =8 mod 15; 82 =4 mod 15; 83 =2 mod 15; 84 =1 mod 15; • 111 =11 mod 15; 112= 1 mod 15; • 131 =13 mod 15; 132 =4 mod 15; 133 =7 mod 15; 134 =1 mod 15; • 141 = 14 mod 15; 142 =1 mod 15; • No element is a generator, as predicted

  9. Order of an element • Take g in Zn* . The list • g1, g2, ..., gk, k = 1, 2, ... must eventually repeat. • Otherwise get infinite sequence of elements from a finite set, a contradiction. • Let gj = gk, j < k. k = j + t. • gj = gk = g j+t; • gj = g j+t = gj gt; • gt = 1 • Cancellation rule applies because g is invertible

  10. Order (continued) • We have shown that: • g is invertible if and only if there is t > 1 such that gt = 1 mod Zn* . • Indeed, if g is invertible we have shown that t exists. On the other hand, if t exists, then g has an inverse, equal to gt-1. • g g t-1 = gt = 1 in Zn* . • The smallest such t is the order of g.

  11. Order of Zn* • The order of an element can also be defined as the size of the set generated by it: • t = order(g) = #{g, g2, g3, ..., gt = 1} • The order of the group Zn* is simply its cardinality | Zn* |. The function • (n) = | Zn* | is called the Euler totient function.

  12. Euler totient • We know that all non-zero residues modulo a prime p are invertible. In other words: • (p) = p - 1, if p is a prime. • It is easy to see that, if n = p q is a product of two primes, then • (n) = (p - 1)(q - 1) = (p)(q) • In general: • (n)(m) = (nm)if n, m are relatively prime.

  13. Relations between orders • Fact: If g is a residue in Zn* , then • order(g) divides (n) = order(Zn* ). • An important special case is when p is a prime. In that case, • order(g) divides p-1 • gp-1 = (gt)k = 1k = 1 mod p; t = order(g)

  14. Fermat’s Little Theorem • The previous result is called Fermat’s Little Theorem. • (FLT) For every non-zero g in Zp* , where p is a prime: • gp-1 = 1 mod p • This can be generalized for all g in Zp* , • gp = gmod p

  15. Generalizing FLT • For any finite ring Zn* : • g(n) = 1 mod n,g in Zn* . • Proof will not be given. • The special case n = pq is important. • Claim: If n is a product of two primes: • g(n)+1 = g mod n,g in Zn= {0, 1, ..., n-1}

  16. The Remainder Theorem • In order to appreciate the structure of finite rings when the modulus is composite, the remainder theorem applies: • Given n = s t, where GCD(s, t) = 1 • For each element a mod n, there corresponds a unique pair • (b mod s, c mod t).

  17. Example (CRT) • n = 15 = 3*5 • a = 7 mod 15 corresponds to • (1 mod 3, 2 mod 5) • To go from “a mod n” to (b mod s, c mod t): • Just compute b = a mod s, c = a mod t. • How to go backwards? • Let  represent s-1 mod t, •  represents t-1 mod s.

  18. CRT backwards • Given (b mod s, c mod t), compute • a = c s + b t  mod n • In other words a = c s + b t  + k n • Consider ”a mod s” (similar for a mod t) • a mod s = • c s + b t  + k s t mod s = • b t  mod s = • b mod s

  19. CRT backwards example • given b = 1 mod 3, c = 5 mod 7 • Compute 3-1 mod 7 = 5, as 3*5 = 1 mod 7 • Compute 7-1 mod 3 = 1, as 7 = 1 mod 3 • a =1 * 7 * 1 + 5 * 3 * 5 = 82 mod 21 = 19 mod 21

  20. Returning to FLT for n = pq • To prove: • g(n)+1 = g mod n,g in Zn= {0, 1, ..., n-1}, when n = pq, and p, q are primes. • For invertible elements, i.e., GCD(g, n) = 1, it is the previous claim • For g=0 mod n, i.e.,GCD(g, n) = n it is clear. • Consider now the case GCD(g, n) = p.

  21. FLT (continued) • By the CRT, g is defined by • g is invertible mod q • g = 0 mod p • We get that • gq = g mod q • gq = 0 = g mod p • By backwards CRT, we get • gq = g mod pq; g (n)+1 = gpq- p - q +2 = = g-p+2 (gq)p-1 = g mod pq

More Related