Lecture 9

Euler’s Phi Function

Recall Euler’s phi function - any positive integer $n$ returns the number of positive integers less than $n$ which are coprime with $n$. $\varphi (n)=|\{x\in {\mathbb{Z}}^{+}:(1\le x<n)\wedge (gcd(x,n)=1)\}|$ This function is used in Euler’s Theorem, which states that if $a$ and $n$ are coprime positive integers, then $a^{\varphi (n)}\equiv 1\text{ mod }n$. This result leads to a quick way of working out multiplicative inverses in modular arithmetic.

Euler’s Theorem: Multiplicative Inverses

We know that Euler’s theorem gives a really quick way of working out multiplicative inverses in modular arithmetic.

Since for coprime $a$ and $n$, Euler’s theorem tells that $a^{\varphi (n)}\equiv 1\text{ mod }n$, we can write this as $a(a^{\varphi (n)-1})\equiv 1\text{ mod }n$.

Un-multiplying both sides by $a$ (i.e. multiplication by the multiplicative inverse of a mod n) gives $[a^{\varphi (n)-1}{]}_n\equiv a^{-1}$. Previously in affine ciphers, we saw through repeated multiplication that for modulo 26, the inverse of multiplication by 7 was multiplication by 15.

We can apply Euler’s Theorem to obtain this directly. We know that:

\phi(26)&=&\phi(2)\phi(13)\\ &=&(2-1)(13-1)\\ &=&12 \end{eqnarray}$$ We can now quickly evaluate that the inverse of multiplication by 7 is multiplication by $[7^{11}]_{26}=15$. # Fermat's Little Theorem One other well-known theorem follows easily from Euler's theorem. Fermat's Little Theorem states that: if $p$ is prime and $a$ and $p$ are coprime, then $a^{p-1}\equiv1\text{ mod }p$. For example, $100^{16}\equiv1\text{ mod }17$. This trivially follows from Euler's Theorem, since, for any prime $p$, $\phi(p)=p-1$. ## An Aside - Fermat's Last Theorem Fermat's Last Theorem - for integers $n>2$, no triple of integers ($a,b,c$) exists such that $a^n=b^n+c^n$. # RSA Cryptography It relies on the fact that, for a very large number $n$ (often 100 base 10 digits) which is the product of two (secret, not publicly known) prime numbers $p$ and $q$, factorising $n$ into the product of two primes is prohibitively slow. Testing whether $n$ is divisible by $2$, by $3$, by $5$, by $7$ (etc) is extremely time consuming when the number $n$ is very large. By convention, cryptography problems typically involve Alice communicating with Bob, with a potential eavesdropper Eve. Alice will pick two secret primes, $p$ and $q$, and then calculates $n=pq$ which is made publicly available. Then Alice calculates $\phi(n)=(p-1)(q-1)$ since $p$ and $q$ are both prime. Alice then chooses $e<\phi(n)$ such that $e$ is coprime to $\phi(n)$ and publicises this. She then calculates $d$, such that $de=1\text{ mod }\phi(n)$. Bob wants to send Alice a message which is a number less than or equal to $n$ and coprime to $n$ and calls this number $m$. Bob then calculates $c=m^e\text{ mod }n=[m^e]_n$ and makes this publicly available. Alice now knows $c, d, p$ and $q$, so can calculate $c^d\text{ mod }n\equiv(m^e)^d\text{ mod }n\equiv m^{ed}\text{ mod }n$. She also knows that $ed=1\text{ mod }\phi(n)$. This means that there is an integer $s$ such that $ed\equiv s\phi(n)+1$. She then calculates $m^{ed}\text{ mod }n\equiv m^{s\phi(n)+1}\text{ mod }n\equiv m(m^{s\phi(m)})\text{ mod }n$. By Euler's Theorem, $(m^{\phi(n)})\text{ mod }n\equiv1$ hence $m^{s\phi(n)+1}\text{ mod }n\equiv m$, recovering Bob's message. The RSA-4096 standard (for example) relies on needing to factorise a 4096 bit number, over 1000 base 10 digits long. ## Example Alice picks two prime numbers $5$ and $11$. She computes the product $n=5\times11=55$. She then selects $e$, coprime to $\phi(n), e=3$ and makes this publicly available. Privately, she calculates $\phi(n)=\phi(11)\phi(5)=(11-1)\times(5-1)=10\times4=40$ and works out the multiplicative inverse of $e\text{ mod }40$. In this case, we can spot that $[3\times27]_{40}=[81]_{40}=1$ hence the multiplicative inverse of $3$ is $27$ (mod 40), but in general, we may need to use the Euclidian algorithm in reverse. Bob encrypts the message $m=23$ by calculating $c=m^e\text{ mod }n=[23^3]_{55}=12$ and makes this result publicly available. $c=m^e\text{ mod }n=[23^3]_{55}=[12167]_{55}=12$, since $[12167]_{55}=(221)55+12$. Bob then makes the encrypted message $c=12$ public. Alice can now decrypt this message by calculating $c^d\text{ mod }n=[12^{27}]_{55}=[[12^{16}]_{55}[12^8]_{55}[12^2]_{55}[12^1]_{55}]_{55}$. $[12^8]_{55}$ and $[12^{16}]_{55}=1$, hence: $$\begin{eqnarray} m=c^d\text{ mod }n&=&[[12^2]_{55}[12^1]_{55}]\\ &=&[[114]_{55}[12]_{55}]_{55} \\ &=&[34\times12]_{55}=23 \end{eqnarray}$$ Alice recovers Bob's original message $m=23$. Note, Eve could not do this "quick" calculation, as she does not know that $d=27$. ![[Discrete Mathematics/attachments/Pasted image 20250509132538.png]]