crypto-slides-12-num2.1x1

crypto-slides-12-num2.1x1 - Introduction to Number Theory 2...

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Introduction to Number Theory 2 c circlecopyrt Eli Biham - August 18, 2010 346 Introduction to Number Theory 2 (12) Quadratic Residues Definition : The numbers 0 2 , 1 2 , 2 2 , . . . , ( n − 1) 2 mod n , are called quadratic residues modulo n . Numbers which are not quadratic residues modulo n are called quadratic non-residues modulo n . Example : Modulo 11: i 0 1 2 3 4 5 6 7 8 9 10 i 2 mod 11 0 1 4 9 5 3 3 5 9 4 1 There are six quadratic residues modulo 11: 0, 1, 3, 4, 5, and 9. There are five quadratic non-residues modulo 11: 2, 6, 7, 8, 10. c circlecopyrt Eli Biham - August 18, 2010 347 Introduction to Number Theory 2 (12) Quadratic Residues (cont.) Lemma : Let p be prime. Exactly half of the numbers in Z ∗ p are quadratic residues. With 0, exactly p +1 2 numbers in Z p are quadratic residues. Proof : There are at most p +1 2 quadratic residues, since 2 1 2 ≡ ( p − 1) 2 (mod p ) 2 2 ≡ ( p − 2) 2 (mod p ) . . . i 2 ≡ ( p − i ) 2 (mod p ) ∀ i . . . Thus, all the elements in Z p span at most p +1 2 quadratic residues. There are at least p +1 2 quadratic residues, otherwise, for some i negationslash = j ≤ p − 1 2 it holds that i 2 = ( p − i ) 2 = j 2 = ( p − j ) 2 , in contrast to Lagrange theorem that states that the equation x 2 − i 2 = 0 has at most two solutions (mod p ). c circlecopyrt Eli Biham - August 18, 2010 348 Introduction to Number Theory 2 (12) Quadratic Residues (cont.) Since Z ∗ p is cyclic, there is a generator. Let g be a generator of Z ∗ p . 1. g is a quadratic non-residue modulo p , since otherwise there is some b such that b 2 ≡ g (mod p ). Clearly, b p − 1 ≡ 1 (mod p ), and thus g p − 1 2 ≡ b p − 1 ≡ 1 (mod p ). However, the order of g is p − 1. Contradiction. 2. g 2 , g 4 , . . . , g ( p − 1) mod p are quadratic residues, and are distinct, therefore, there are at least p − 1 2 quadratic residues. 3. g, g 3 , g 5 , . . . , g ( p − 2) mod p are quadratic non-residues, since if any of them is a quadratic residue, g is also a quadratic residue. QED c circlecopyrt Eli Biham - August 18, 2010 349 Introduction to Number Theory 2 (12) Euler’s Criterion Theorem : Let p negationslash = 2 be a prime, and let a ∈ Z ∗ p . Then, a is a quadratic residue modulo p iff a p − 1 2 ≡ 1 (mod p ). Proof : ( ⇒ ) If a is a quadratic residue, there is some b such that a ≡ b 2 (mod p ). Thus, a p − 1 2 ≡ ( b 2 ) p − 1 2 ≡ b p − 1 ≡ 1 (mod p ) . c circlecopyrt Eli Biham - August 18, 2010 350 Introduction to Number Theory 2 (12) Euler’s Criterion (cont.) ( ⇐ ) If a is a quadratic non-residue: For any r there is a unique s such that rs ≡ a (mod p ), i.e., s = ar − 1 , and there is no r ∗ negationslash = r such that s = ar ∗ − 1 ....
View Full Document

Page1 / 24

crypto-slides-12-num2.1x1 - Introduction to Number Theory 2...

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online