Chapter 4 Cryptography the secret life of primes（第2页）

EuclidshowsAlicehowtofindherdegnumber

Aliputerddusioolthatisover2，300yearsold，theEuAlgorithm，whichwillbeexplainedi。Eve'sputercouldofethingifitjustknewwhichequationtosolve。However，sindqareprivatetoAlice，sois（p-1）（q-1）akobegin。

&otheEuAlgorithm，thisbeginsfromtheobservationthatitispossibletofionfabersa〉bbysuccessivesubtra。（Thehcfisalsoknownasthegcd–greatestondivisor。）Wejustr=a-bhasthepropertythatanyonfaytwoofthethreenumbersa，b，andrwillalsobeafactorofthethird。Forexample，ifonfactorofaandb，sothata=db=cb1say，weseethatr=a-b=ca1-cb1=c（a1-b1），givingusafactorizationofrinvolvingthedivisorparticular，thehdbisthesameasthehdr。Sihesenumbersarelessthana，wehesameproblembutappliedtoasmallernumberpair。Repetitionofthisideatheuallyleadtoapairwherethehcfisobvious。（Iwonumbersinhauallybethesame，forifnotwecouldproorestep;theirohenthenumberweseek。）

&ofindthehcfofa=558andb=396，thefirstsubtrawouldgiveusr=558-396=162，soournewpairwouldbe396and162。Since396-162=234，ourthirdpairbees234and162，aihefulllistofnumberpairsis:

（558，396）→（396，162）→（234，162）→（162，72）→（90，72）→→（72，18）→（54，18）→（36，18）→（18，18）

andsothehd396is18。

Itispossibletowritedownthehberpairfromtheprimefactorizationsofthenumbersiion。Inthisexample，558=2×32×31，while396=22×32×11;takingtheonporimeeothefactorizatiohehcfas2×32=18。heless，ferakesmuchlessworktouseEuclid’sAlgorithmasitisgeoperformsubtrasthantofiorizations。

AnotherbonusoftheEuAlgorithmisthatitisalossibletoworkitbadinsodoihehtermsinaltwooseethisinathepreviousexample，itisbesttopressthecalwhenthesamenumberappearsseveraltimesoverinthecourseofthesubtras，representingthisasasiionasfollows:

558=396+162

396=2×162+72

162=2×72+18

72=4×18。

Beginningwiththesedtolastline，weleequatioetheieremaiime。Inthisexample，byusingfirstthepeioheo>

18=162-2×72=162-2×（396-2×162）=5×162-2×396

andfinallyusiequatioethefirstieremainderof162:

=5×（558-396）--2×396=5×558-7×396=18。

Thaterformthisreverseprocedureisimportantforbothpradtheoretis。Inparticular，tofindAlice’sdegnumberd，wewantdtosatisfythethatdeleavesaremainderof1whendividedbyφ（n）。（Forbrevity，weshalldehesinglesymbolk。）Weowseethereasooneandkbeingaepair，asiftheirhighestonfactoris1，wheheEuAlgorithmonthepaireandk，thefihatappearsis，ofcourse，1。Byreversihm，wewilleventuallyexpress1asabinationofeandk;inparticular，wewillfondintegersddsuchthatck+de=1，orinotherwordsde=1-ck，sothatdewillleavearemainderof1whendividedbyk。

ThisrelativelysimpleprocesswillyieldAlice’sdegheinitialvalueofdobtaiheequationmayheraokbutifnot，byaddingasuitablemultipleofk，wewilleventuallyfindtheuniquehatrahasthemagicpropertythatdeleavesaremainderof1wheheuniquenessofdiseasilyproved，butwewoofurtherexplaishowthedegnumberdiscalculatedasweshtotheexamplegivenearlierwherep=5，q=13，sothatn=pq=5×13=65。-1）（q-1）=4×12=48。Alicesetse=11，andsind48aree，thisiswithihegame。TheEuAlgorithmappliedtoφ（n）=k=48ahengives:

48=4×11+4

11=2×4+3

4=1×3+1

ingthatthehdeisindeed1。Reversihm>

1=4-3=4-（11-2×4）=3×4-11=3（48-4×11）-11

=3×48-13×11。

Thisgivesaninitialvalueofd=-13asthesolutiontotherequirementthat11dleavesremainder1upondivisionby48，setapositivevalueofdintherequiredraothisd=48-13=35。

ThereasonwhydworksforAliceisalldowntomodulararithmetidthefactthatdeleavesaremainderof1whendividedbyk=φ（es（me）d=mdemoduloheform1+krforsomeintegerr。Asexplainedbefore，mkleavesaremainderof1whehisisoftenkheorem）andsothesameistrueof（mk）r=mkr。Hencem1+kr=m×mkrleavestheremaindermwhendividedbyailedverifiofthisrequiresalittlealgebra，butthatisens。）Inthisway，AliceretrievesBob’smessage，m。

AndinpassingitiswelltopointoutthattheEuAlgorithmprovidesthemissinglinkinourproofoftheuniquenessofprimefactorizationasitallowsustoverifytheeupropertythatifaprimepisafactoroftheproductab，sothatab=pcsay，thenpisafactorofatleastoneofaandb。Thereasonforthisisthatifpisnotafactorofathen，sincepisprime，thehdpis1。ByreversingtheEuAlgorithmliedtothepairaahenfindintegersrandssaysuchthatra+sp=1。Thisisenoughtoshoisthenafactorofbfor，sinceab=pc，>

b=b×1=b（ra+sp）=r（ab）+psb=r（pc）+psb=p（rc+sb）。

Thisistherequiredfactorizationofbthatfeaturestheprimepasafa，theheRSAengmakesthesystemsound，althoughvariousprotocolsthathavenotbeenexplaiberespeuardtheiyofthesystem。Thereareissuesofauthentifi（whatifEvetactsAlidingtobeBob?），ion（whatifBobpretendsthatitwasEvewhoseoAlididentityfraud（whatifAliceabusestialidentifittoherbyBobaoimpersonatehimonliherweakhesystembeexposedwheableorrepeatedmessagesproliferate。However，thesedifficultiesmaypotentiallyariseinanypublickey。Theyeandinthemaiotheunderlyieiquesthatensurehighqualityandrobusten。

ThischapterhasdemonstratedamajorappliehetheoryofdivisibilityandremaimathematicsofEudthe18th-turytributionofEulerallowsthistobeexplaionlyinbroadpriiail。

&partofourbookclosester5whiespecialclassesofintegersassociatedwiththeeiourallyroupings。