Number theory and algebra play an increasingly significant role in computing and communications, as evidenced by the striking applications of these subjects to such fields as cryptography and coding theory. My goal in writing this book was to provide an introduction to number theory and algebra, with an emphasis on algorithms and applications, that would be accessible to a broad audience. In particular, I wanted to write a book that would be accessible to typical students in computer science or mathematics who have a some amount of general mathematical experience, but without presuming too much specific mathematical knowledge.

Prerequisites. The mathematical prerequisites are minimal: no particular mathematical concepts beyond what is taught in a typical undergraduate calculus sequence are assumed.

The computer science prerequisites are also quite minimal: it is assumed that the reader is proficient in programming, and has had some exposure to the analysis of algorithms, essentially at the level of an undergraduate course on algorithms and data structures.

Even though it is mathematically quite self contained, the text does presuppose that the reader is comfortable with mathematical formalism and has some experience in reading and writing mathematical proofs. Readers may have gained such experience in computer science courses such as algorithms, automata or complexity theory, or some type of “discrete mathematics for computer science students” course.

It is sometimes useful to endow our algorithms with the ability to generate random numbers. To simplify matters, we only consider algorithms that generate random bits. Where such random bits actually come from will not be of great concern to us here. In a practical implementation, one would use a pseudo-random bit generator, which should produce bits that “for all practical purposes” are “as good as random.” While there is a welldeveloped theory of pseudo-random bit generation (some of which builds on the ideas in §6.9), we will not delve into this here. Moreover, the pseudorandom bit generators used in practice are not based on this general theory, and are much more ad hoc in design. So, although we will present a rigorous formal theory of probabilistic algorithms, the application of this theory to practice is ultimately a bit heuristic.

Basic definitions

Formally speaking, we will add a new type of instruction to our random access machine (described in §3.2):

random bit

This type of instruction is of the form α ← RANDOM, where α takes the same form as in arithmetic instructions. Execution of this type of instruction assigns to α a value sampled from the uniform distribution on {0, 1}, independently from the execution of all other random-bit instructions.

In describing algorithms at a high level, we shall write “b ←R {0, 1}” to denote the assignment of a random bit to the variable b, and “s ←R {0, 1}×ℓ” to denote the assignment of a random bit string of length ℓ to the variable s.

This chapter introduces the basic properties of congruences modulo n, along with the related notion of congruence classes modulo n. Other items discussed include the Chinese remainder theorem, Euler's phi function, arithmetic functions and Möbius inversion, and Fermat's little theorem.

Definitions and basic properties

For positive integer n, and for a, b ∈ ℤ, we say that a is congruent tobmodulon if n | (a - b), and we write a ≡ b (mod n). If n ∣ (a - b), then we write a ≢ b (mod n). The relation a ≡ b (mod n) is called a congruence relation, or simply, a congruence. The number n appearing in such congruences is called the modulus of the congruence. This usage of the “mod” notation as part of a congruence is not to be confused with the “mod” operation introduced in §1.1.

A simple observation is that a ≡ b (mod n) if and only if there exists an integer c such that a = b + cn. From this, and Theorem 1.4, the following is immediate:

Theorem 2.1.Let n be a positive integer. For every integer a, there exists a unique integer b such that a ≡ b (mod n) and 0 ≤ b < n, namely, b ≔ a mod n.

This chapter develops a number of other concepts concerning rings. These concepts will play important roles later in the text, and we prefer to discuss them now, so as to avoid too many interruptions of the flow of subsequent discussions.

Algebras

Let R be a ring. An R-algebra (or algebra overR) is a ring E, together with a ring homomorphism τ: R → E. Usually, the map τ will be clear from context, as in the following examples.

Example 17.1. If E is a ring that contains R as a subring, then E is an R-algebra, where the associated map τ: R → E is just the inclusion map.

Example 17.2. Let E1, …, En be R-algebras, with associated maps τi: R → Ei, for i = 1, …, n. Then the direct product ring E:= E1 × … × En is naturally viewed as an R-algebra, via the map τ that sends a ∈ R, to (τ1(a), …, τn(a)) ∈ E.

Example 17.3. Let E be an R-algebra, with associated map τ: R → E, and let I be an ideal of E. Consider the quotient ring E/I. If ρ is the natural map from E onto E/I, then the homomorphism ρ ∘ τ makes E/I into an R-algebra, called the quotient algebra ofEmoduloI.

As we have seen in Theorem 9.16, for a prime is a cyclic group of order p - 1. This means that there exists a generator, such that for all, α can be written uniquely as α = γx, where x is an integer with 0 ≤ x < p - 1; the integer x is called the discrete logarithm of α to the base γ, and is denoted logγ α.

This chapter discusses some computational problems in this setting; namely, how to efficiently find a generator γ, and given γ and α, how to compute logγ α.

More generally, if γ generates a subgroup G of of order q, where q | (p - 1), and α ∈ G, then logγ α is defined to be the unique integer x with 0 ≤ x < q and α = γx. In some situations it is more convenient to view logγ α as an element of ℤq. Also for x ∈ ℤq, with x = [a]q, one may write γx to denote γa. There can be no confusion, since if x = [a′]q, then γa′ = γa. However, in this chapter, we shall view logγ α as an integer.

Although we work in the group, all of the algorithms discussed in this chapter trivially generalize to any finite cyclic group that has a suitably compact representation of group elements and an efficient algorithm for performing the group operation on these representations.

We establish here a few notational conventions used throughout the text.

Arithmetic with ∞

We shall sometimes use the symbols “∞” and “–∞” in simple arithmetic expressions involving real numbers. The interpretation given to such expressions is the usual, natural one; for example, for all real numbers x, we have -∞ < x < ∞, x + ∞ = ∞, x - ∞ = -∞, ∞ + ∞ = ∞, and (-∞) + (-∞) = -∞. Some such expressions have no sensible interpretation (e.g., ∞-∞).

Logarithms and exponentials

We denote by log x the natural logarithm of x. The logarithm of x to the base b is denoted logbx.

We denote by ex the usual exponential function, where e ≈ 2.71828 is the base of the natural logarithm. We may also write exp[x] instead of ex.

Sets and relations

We use the symbol ∅ to denote the empty set. For two sets A, B, we use the notation A ⊆ B to mean that A is a subset of B (with A possibly equal to B), and the notation A ⊆ B to mean that A is a proper subset of B (i.e., A ⊆ B but A ≠ B); further, A ∪ B denotes the union of A and B, A ∩ B the intersection of A and B, and A \ B the set of all elements of A that are not in B.