The Integers
3.1 THE DIVISION ALGORITHM
PROPOSITION 3 (The Division Algorithm.) If yandbare integers such that b> 0, then
᭚unique integers qandrsuch that 0 ≤r<bandy=bq+r. This qis called the quotient, r the remainder, bthe divisor, and ythe dividend.
Proof. LetSbe the set of all integers of the form y⫺bkwherekis an integer. Further, letTbe the set of all nonnegative members of S.Tis not the empty set, since y⫺bk> 0 wheneverk<y/b. So, Tmust have a smallest element; choose qto be the value of kso that y⫺bqis the smallest member of T. Now, set r=y⫺bq. We will show that this choice of qandrare exactly those desired. First, we know that r≥0, (since y⫺bqis nonnegative) andr<b, since if r≥bwe would have r>r⫺b=y⫺bq⫺b=y⫺b(q+ 1) ≥0, which says we have a nonnegative integer smaller than rinT, a contradiction. Thus, 0 ≤r<b.
We have shown that randqexist; now we must show that they are unique. Suppose we have two equations
y=bq1+r1 (*) y=bq2+r2
with 0 ≤r1<band 0 ≤r2<b. Subtract the second from the first to get 0 = b(q1⫺q2) + (r1⫺r2), or r2⫺r1=b(q1⫺q2). Thus, b|(r2⫺r1). Since 0 ≤r1<band 0 ≤r2<bwe get
⫺b<r2⫺r1<b. Because 0 is the only multiple of bbetween⫺bandb(not including ⫺b andb),bdividesr2⫺r1only if r2⫺r1= 0, or when r1=r2. Replacing r2withr1in the equa-tions in (*), we easily establish that q1=q2, and thus qandrare indeed unique. I
E
XAMPLES.
We wish to find qandras defined in the division algorithm for all of the fol-lowing equations:• 65 = 3q+r. Divide 65 by 3 to get q= 21, r= 2.
• ⫺21 = 5q+r. If we simply divide ⫺21 by 5, we get a quotient of ⫺4, and a remainder of⫺1. To place the remainder in the proper range, simply add 5 to it, while subtracting 1 from the quotient. This yields q=⫺5,r= 4. This is a simple way of calculating qand rwhen the dividend is negative.
3.1 The Division Algorithm 67
Prime numbers play a huge role in number theory, and in modern cryptography as well.
Thus, the definition of a prime number follows.
Definition
A prime number, or a prime, is an integer greater than 1 divisible by no positive inte-gers other than itself and 1. A positive integer greater than 1 that is not prime is said to be composite.
E
XAMPLES.
All of the following integers are primes: 2, 7, 23, 29, and 163. None of these bers has positive factors except themselves and 1. On the other hand, the following num-bers are composite: 4 = 2 ⫻2, 100 = 2 ⫻2⫻5⫻5, and 39 = 3 ⫻13. You should be careful to note, however, that many integers are neither prime nor composite, as all primes and composite numbers are positive integers greater than 1. For example, the following integers are neither prime nor composite: 1, 0, ⫺21, and⫺5.It is important to establish that every positive integer greater than 1 has a prime divisor, for it helps us establish that there are infinitely many primes. It also helps us determine the whereabouts of a prime factor for composite numbers.
PROPOSITION 4 Every positive integer greater than 1 has a prime divisor.
Proof. First, assume there is a positive integer greater than 1 having no prime divisors.
Thus, the set of all such integers is not empty, and so has a least element, say m. Since m has no prime divisors and m|m,mis not prime. So mis composite, and we write m=bcwhere 1 < b<mand 1 < c < m. Now, since b<m,bmust have a prime divisor, say p, since mis the least nonnegative integer having no prime divisors. But pthen also divides mby
Propo-sition 1, and so mhas a prime divisor, a contradiction. I
PROPOSITION 5 There are infinitely many primes.
Proof. Take the integer z=n!+1, where n≥1. Proposition 4 says zhas a prime divisor, sayp. Suppose p≤n. Then we would have p|n!. This is so since
n! = n(n⫺1)(n⫺2) . . . 3 · 2 · 1,
and if p≤n, it must divide one of the numbers in the sequence. But then, by Proposition 2, we would have p|(z⫺n!) = 1, an impossibility. So the prime pmust be greater than n, and sincenis completely arbitrary, we have found a prime larger than nfor any integer n. This
establishes that there must be infinitely many primes. I
It is important for us to establish that there are infinitely many primes, as we must be able to freely select primes for use in cryptographic applications. The primes we choose are usu-ally kept secret, so there must be enough primes scattered about to make finding the primes you choose very difficult for an attacker.
# Factor of 101?
2 3 4 5 6 7 8 9 10
No No No No No No No No No Table 3.1
PROPOSITION 6 Ifnis composite, then nhas a prime factor not exceeding the square root of n.
Proof. Supposenis the product of integers bandc, and say 1 < b≤c<n. Note that bis no greater than √nbcause if it were, cwould also be greater than 兹n苶, implying that bc>兹n苶
·兹n苶=n, a contradiction. Proposition 4 says that bmust have a prime divisor, which must also divide nby Proposition 1. Thus, a prime divisor smaller than 兹n苶exists. I
The previous result tells us that if we wish to search sequentially for a prime factor of some numbern, we need not exceed its square root. This can reduce our workload considerably. For example, if we wish to know whether or not 101 is prime, we need only search for factors up to 10, which is the largest integer ≤兹101苶. We check for factors in Table 3.1.
We conclude, therefore, that 101 is prime. Proposition 6 proves it is not necessary to search for factors of 101 greater than 10, for one such factor, if it exists, must be ≤10.
This sequential method for determining whether or not numbers are prime is known as trial division by small primes.
Say we want to find a prime factor of an integer consisting of 500 decimal digits. (This is typical in modern cryptography.) Then the square root of that number would still be about 250 decimal digits. Asking the computer to search each number in a sequential fashion up to the square root would take an enormous amount of time. Thus, trial division is limited to integers having small prime factors. If we want to factor large integers, we must find bet-ter methods of factoring.
We can speed up trial division by noting that it isn’t necessary to divide by every inte-ger not exceeding the square root of n, but only those integers which are prime. If we make
3.1 The Division Algorithm 69
Table 3.2
2 3 5 7
11
31 41
61 71
13 17 19
29
59
79 89 37
47
67
97 23
43 53
73 83
a table of all integers from 2 to n, we can begin by successively crossing out all multiples of 2, then multiples of 3, then multiples of 5, and so on. In this way, we can determine all primes less than or equal to any integer; they are the numbers which have not been crossed out.
For instance, we make a list of all the integers from 2 to 99, and begin by crossing out all multiples of 2 in the list, then all multiples of 3, then the multiples of 5 (because 4 and all of its multiples are already crossed out), and so on until we reach 9, the largest integer
≤兹99苶 艑9.95. Its multiples have already been crossed out; thus the numbers in the list which have not been crossed out are the primes ≤99. See Table 3.2. Integers which are mul-tiples of 2, 3, 5, or 7 have been removed.
This method of identifying primes by crossing out multiples is known as the Sieve of Eratosthenes. Because of great storage requirements, it is not very efficient for determining large primes.
Java Algorithm We can write a Java program which sequentially searches up to 兹n苶 for the smallest prime factor of n, then returns it if found. Otherwise, we conclude nis prime, and return n. Since trial division would perform poorly for large integers, we will just write it for primitive ints.
The main method prompts the user to enter an integer ngreater than 1; it then calls the sieveFactor() method, which will return the first prime divisor it finds, or nitself if nis prime.
import javax.swing.*;
public class TestSieveFactor {
public static void main(String[] args) { boolean idiot;
do {
idiot=false;
try {
int n=new Integer(JOptionPane.showInputDialog
(“Enter an integer > 1:”)).intValue();
if (n<=1) { idiot=true;
JOptionPane.showMessageDialog(null,”Invalid integer entered!”);
} else {
int d=sieveFactor(n);
if (d==n) JOptionPane.showMessageDialog(null,n+” is prime.”);
else JOptionPane.showMessageDialog(null,d+” divides “+n+”.”);
}
} catch (NumberFormatException e) { idiot=true;
JOptionPane.showMessageDialog(null,e.toString());
}
} while (idiot);
System.exit(0);
}
private static int sieveFactor(int n) { int divisor; boolean prime=true;
for (divisor=2;divisor<=Math.sqrt(n);divisor++) if (n%divisor==0) {prime=false; break;}
return prime?n:divisor;
} }
If we run the previous program with some test data, we get the results shown in Figure 3.1a–h.
The ability to factor efficiently is at the heart of breaking many cryptosystems. We thus begin the study of finding divisors, or factors. In particular, we want to find the greatest common divisor of two integers.
Definition
The greatest common divisor of two integers xandy, where at least one is nonzero, is the largest integer that divides both xandy. We also call this the gcd of xandy, and write it as (x,y). We define the greatest common divisor of 0 and 0 as 0; that is, (0, 0) = 0.
3.1 The Division Algorithm 71
Figure 3.1 (a)
(b)
(c)
(d)
(e)
Figure 3.1 (f)
(g)
(h)
E
XAMPLE.
The divisors of 30 are ⫾1,⫾2,⫾3,⫾5,⫾6,⫾10,⫾15, and ⫾30. The divisors of 18 are ⫾1,⫾2,⫾3,⫾6,⫾9,⫾18. The largest integer in both lists is 6, so the gcd of 30 and 18 is 6.Definition
Two integers are said to be relatively prime if their gcd is 1.
E
XAMPLES.
The following pairs of integers are relatively prime. (Verify.) a. 8 and 9b. 23 and 44 c. 27 and 55
3.1 The Division Algorithm 73
Note that the sign of the integers is not important when computing the gcd. This is easy to see if one simply notices that the divisors of nare exactly the same as the divisors of ⫺n. So, all of the following are equal:
(x,y) = (x,⫺y) = (⫺x,y) = (⫺x,⫺y) = (|x|, |y|) Thus, we need only concern ourselves with the gcd of positive integers.
E
XAMPLE.
(18,⫺54) = (18, 54) = 9.PROPOSITION 7 Letx,y, and zbe integers with (x,y) = d. Then a. (x/d,y/d) = 1
b. (x+cy,y) = (x,y).
c. An integer cdivides both xandyif and only if c|(x,y).
Proof. (Part a.) First, suppose there is some integer nthat divides both x/dandy/d. Then
᭚integersjandksuch that x/d=jnandy/d=knor, alternatively, x=djnandy=dkn. From this we establish that dnis a common divisor of both xandy. But dis the greatest common divisor of both xandy, so dn≤d, implying that n= 1. So the gcd of x/dandy/dis 1.
(Part b.) Let x,c, and ybe integers, and suppose eis a common divisor of xandy. By Proposition 2 we know e|(x+cy), so edivides both x+cyandy. On the other hand, sup-posefis a common divisor of x+cyandy. Then falso divides (x+cy)⫺cy=xby Propo-sition 2. So fis then a common divisor of xandy. Consequently, we conclude that the common divisors of xandyare identical to the common divisors of x+cyandy, and so they share the same greatest common divisor.
(Part c.) The “if ” part is obvious, since (x,y) divides both xandy, and because if we have c|(x,y) we must have c|xandc|yby proposition 1. This tells us that the divisors of (x,y) is a subset of the common divisors of xandy. We can represent this with a Venn diagram, as shown in Figure 3.2.
Now we write xandyas multiples of their gcd; that is, x= (x,y)e, and y= (x,y)f.
and note (e,f) = 1 by part (a). Thus, no common divisor of xandy(except 1) can simulta-neously divide eandf, and so any common divisor of xandymust also divide (x,y).
Thus, the set of divisors of (x,y) and the set of common divisors of xandyare the same
set. (See Figure 3.3.) I
E
XAMPLES.
To satisfy our cynical natures, we’ll test the previous proposition with some data.Divisors of x Divisors of (x,y) Divisors of y Figure 3.2
Figure 3.3
Divisors of x Divisors of (x,y) Divisors of y
• Note that (24, 42) = 6, and that if we divide both 24 and 42 by 6, we can verify that (24/6, 42/6) = (4, 7) = 1.
• Take the same two integers, 24 and 42. Compute = 24 + (⫺3)(42) = ⫺102, and note that (⫺102, 42) = 6 = (24, 42).
Definition
Ifxandyare integers, we will say a linear combination of xandyis a sum of the form mx+nywheremandnare integers.
3.1 The Division Algorithm 75
PROPOSITION 8 The gcd of integers xandy, not both zero, is the least positive inte-ger that is a linear combination of xandy.
Proof. Supposedis the least positive integer that is a linear combination of xandy. We know that the set of such integers must be nonempty, as at least one of the following linear combinations must be positive:
x+ 0 · y,
⫺x+ 0 · y, 0 · x+y, or 0 · x⫺y.
So, a least such element in this set, say d, exists. We must first show dis a divisor of both xandy. We have d=mx+nywheremandnare integers, and by the division algorithm we can obtain
x=dq+r where 0 ≤r<d. From this equation, and because d=mx+ny, we can derive
r=x⫺dq=x⫺q(mx+ny) = (1 ⫺qm)x⫺qny.
So we can write ralso as a linear combination of xandy. Now, by construction, ris non-negative, strictly less than d, and dis the least positive integer which may be written as a linear combination of xandy. So rmust be zero. This means that ddividesx, which is what we want to show. Similarly, we can show that d|y, and that dis therefore a common divisor ofxandy, as desired.
Now, it remains to be shown that dis the gcd of xandy. Suppose cis a common divisor ofxandy. Then, since d=mx+ny,cdividesdby proposition 2. Hence, because cis arbi-trary, dmust be the greatest common divisor of xandy. I
We now turn our attention to common divisors of more than two integers.
Definition
The greatest common divisor of a set of integers a1,a2, . . . , an, not all zero, is the largest divisor of all the integers in the set. We write this as (a1,a2, . . . , an).
E
XAMPLE.
The greatest common divisor of 20, 30, and 15 is 5.PROPOSITION 9 (a1,a2,a3, . . . , an) = ((a1,a2),a3, . . . , an).
Proof. Note that any common divisor of the nintegers in the list a1,a2, . . . , anis, in par-ticular, a common divisor of the first two, a1anda2. This divisor then also divides the gcd
ofa1anda2by proposition 7 (part c). Now consider an integer that divides the last n⫺2 integers in the list, and that also divides the gcd of a1anda2. This divisor must then also sep-arately divide both a1anda2, and so then is a common divisor of all the nintegers. We now see that the common divisors of all the nintegers are exactly the same as the common divi-sors of the last n⫺2 integers taken with the gcd of the first two. Hence, they also have the
same greatest common divisor. I
E
XAMPLE.
The previous proposition is very handy in that it turns a large problem into a small one. It says, for example, that we can compute the gcd of 28, 126, 21, and 10 in the following way:(28, 126, 21, 10)
= ((28, 126), 21, 10)
= (14, 21, 10)
= ((14, 21), 10)
= (7, 10)
= 1.
Note that the previous numbers, when taken together, have a gcd of 1. However, if we examine each pair from the list, we see that some pairs are not relatively prime. (For exam-ple, (28, 21) = 7.) This motivates us to make a distinction between these two situations, and thus make a definition.
Definition
We say that the integers a1,a2, . . . , anare mutually relatively prime if the gcd of the set of integers is 1. We say the integers are pairwise relatively prime if each pair of integers taken from the set are relatively prime.
E
XAMPLE.
The numbers 18, 9, and 25 are mutually relatively prime. The largest divisor all have in common is 1. But, they are not pairwise relatively prime because (18, 9) = 9.Until now, we have presented a lot of propositions about the gcd, but no really good way of finding it has been presented. We could make a list of all the divisors of our numbers, then choose the largest divisor that they have in common, but this is not really efficient. The next proposition, which you should be able to prove, leads us to the Euclidean algorithm, a lightning-fast way of finding the gcd.
PROPOSITION 10 Ifcanddare integers and c=dq+rwhereqandrare integers, then (c,d) = (d,r).