"Turn" Elementary number theory--Huangen, index and its application

turn from: http://blog.163.com/[email protected]/blog/static/172279052201641935828402/

Study Summary: Elementary number Theory (3)--Huangen, index and its application

2016-05-19 15:58:28|  Category: Informatics-learning Total | Tags: Elementary number Theory Mathematics | Report | Font size subscription

Study Summary: Elementary number Theory (3)--Huangen, index and its application

Recently learned a book called "The Introduction of Number Theory (3rd edition)" (A friendly Introduction to number theory), a simple turn over, feel this book is very good. It is a pity to think that I have not read this book to get started when I first approached number theory. This book is intended for non-mathematics professional readers, with vivid and humorous language, with a focus on perceptual knowledge (with a large number of examples), and infiltration of mathematical ideas and methods (e.g., bold conjecture, proof of the "counting" method, etc.). This book is highly recommended here!

The following summarizes the contents of the study these days.

First, the order of integers

A and n are the two numbers of the coprime. It can be found that there is always a number x, which satisfies ax≡1 (mod n).

The smallest positive integer x that ax≡1 (mod n) satisfies is called the order (or number) of a-modulo n, which is recorded as ENA (some places do Ordna).

How do you understand it? You have to keep calculating a,a2,a3, ..., (note to modulo n) we know that, according to the pigeon Nest principle, there must be a cycle. When A and n coprime, there will always be 1 at some point, the next moment is a, ... So there is the cycle. This is the smallest exponent that appears in 1, called A's order.

For example: We want to find the order of 3 modulo 7, calculate the value of 31,32,...,36 modulo 7 in order:

3,2,6,4,5,1,

So we get the order of 3 modulo 7 is 6.

A and n coprime, according to Euler theorem there is a? (n) ≡1 (mod n). So, just now we are constantly calculating the length of the circular section of a power (that is, the order of a) "amplification" several times should be? (n). So

Ena |? (n).

Similarly, in order for the equation ax≡1 (mod n) to have a solution, the loop length should be "amplified" several times after X, so

Ena | X

Second, the original root

Set A and n are integers of coprime, when the order of a-modulo n is? (n), A is called the original root of N.

How do you understand it? We calculate the sequence of the power of a, the first time we get 1, we get a complete follow-up link. We've already said that, huh? (n) must be a multiple of (the order of a modulo n). What if the length of the circular section happens to be? (n) (the length of the circular section has reached its maximum), then A is the original root of N.

(1) The existence of Huangen

A number may have many roots, or it may not have an original root. Can prove that:

A positive integer n exists in the original root, and only if

n = 2, 4, PT or 2pt (where p is an odd prime and T is a positive integer).

For example: 5 of the original root has 2 and 3;7 the original root has 3 and 5.

(2) a property of Huangen

Why is the original root so important?

Set G to be an original root of N, then: G,g2,g3,...,g? (n) (i.e. g0≡1 (mod n)) must be 22 different. (If there is the same, for example, there is 0≤i<j<? (n) meet Gi≡gj (mod n), then there will be gj-i≡1 (mod n), and j–i< (n), at this time? (n) is not the order of G)

Look at the equation ax≡1 (mod n), if x is present, then a must be the number of n coprime (if A and n have a common factor greater than 1, no matter how a powers the second modulo n, this common factor is "no", there will be no ax mod n = 1). So the "legal" A has? (n) A. And we find a root g, the power of G (g,g2,g3,...,g? (n) must be these legitimate a (i.e., n coprime?). (n) number. Because G and N coprime, the Power of G also with N coprime, and these powers 22 different, must be able to "with N coprime number" take out).

One sentence summarizes the above: for the N of an original root g, to meet

{1,g,g2,g3,...,g? (n) –1} = {x | x and N coprime, 1≤x<n}

In particular, for an original root g of an odd prime number p, it satisfies

{1,g,g2,g3,...,gp–2} = {1, 2, 3, ..., p–1}

(3) Number of Huangen

A number n, if there is the original root, it must be? (? (n)) A. How to prove it? For this we will discuss the following question:

If we know the order of Ena N, how do we find the order of AU's modulo n?

If the order of AU modulo n is set to T, then t should be the smallest positive integer that satisfies (AU) t≡aut≡1 (mod n).

By the previous discussion, it can be known that UXT should be a multiple of ENA and T is the smallest.

The basic knowledge of number theory can be drawn, Enau = t = ena/gcd (U, ENA).

If we find a root g, how do we get the other roots?

First, the other roots must be several powers of G.

Which "several powers of G" can become the original root?

With the definition of the original root!

For some power of "G", such as GI (0≤i< n), from the above conclusion, the order of modulo n is

? (n)/gcd (I,? ( N))

Do you want to make the order of it? (n), i.e.

? (n)/gcd (I,? ( n)) =? (n)

Need to make gcd (I,? ( n)) = 1, i.e. I and? (n) coprime.

How many I meet it and and what? (n) coprime? In other words, at 0 ~? (n) The number of –1, how many are associated with? (n) coprime? What should be the answer? (? (n)). So, a number if there is an original root, then it has? (? (n)) An original root.

Here's an example:

7 of the original root has? (? (7)) =? (6) = 2, the smallest one is 3.

In 32,33,...,36, which index is 6 coprime? Only 5, so another original root is 35≡5 (mod 7).

How to find the root?

Usually the smallest root is relatively small, so the violence starts with 1 enumeration. Judging if a number A is n the original root, need to judge? (n) is the order of a, the direct method of judging is the enumeration? (n) each factor d (except for itself) to determine if ad≡1 (mod n). But this makes a lot of repeated judgments.

For example, if we want to determine whether the order of a-mode n=37 is 36, then we just need to find out 36 of the two qualitative factors 2 and 3, just to determine 36/2 and 36/3 as the exponent of a power, (a power) mod n is 1. If the order of a is 36/4,36/9,36/6,36/12, ..., the situation is already included in the above judgment. (for example, if a36/9≡a4≡1 (mod n), then it will certainly satisfy a36/2≡3618≡1 (MODN)).

Iii. indicators (discrete logarithm)

What is the role of the root? In order to calculate the indicator!

For a root g of N, satisfies

{1,g,g2,g3,...,g? (n) –1} = {x | x and N coprime, 1≤x<n}

More specifically, you can define a "exponentiation" operation that reveals a one by one correspondence between two sets:

I→gi (1≤i≤? ( N))

Why is one by one correspondence related? Because GI must be 22 different. This has already been discussed.

So, is there a inverse for the "exponentiation" operation? Yes!

Find a root g of N, know how many times a number a,n with n coprime is G?

We use I (a) to denote this "sub-square" number, which is called the indicator of a modulo n at the base of G. (Some places remember to do Indga)

That is, according to the definition, there should be GI (a) ≡a (mod n) (A and n coprime).

Clearly, the scope of the indicator is 0≤i (a) < (n) when the indicator exceeds? (n) When there is a loop, can you put the indicator mod? (n) Simplification.

Kinda like the logarithm we've learned before? (Not strictly speaking, a bit like Logga?) Maybe that's why the indicator is also called the discrete logarithm.

When n is prime, the original root g must exist, and? (n) = n–1, so that each number within the 1~n–1 range has an indicator!

We can calculate the algorithm of the indicator according to the arithmetic of power:

(1) I (AB) = I (a) + I (b) (mod? ( n)) (analogy: Loganm = LogaN + LOGBM)

(2) I (AK) = Kxi (a) (analogy: Loganm = Mxlogan)

The indicator multiplies the multiplication and multiplies the power, which is similar to the logarithm algorithm!

If there is a table of indicators, we can do it very easily. Example:

n = 37, one of its original roots is a = 2.

To calculate the value of 23x19 mod 17, you can calculate

I (23x19) ≡i (+) + I (19) ≡15 + 35≡50≡14 (mod 36)

Then, the table can be concluded that the indicator is 14 of the number is 30, is the required answer.

Very troublesome?

Let's look at an example:

I (2914) ≡14xi (29) ≡294≡6 (mod 36)

By table: I (27) = 6, so 2914≡27 (mod 37)

You might say, "There's a quick power!" In the first two examples, it seems that the advantages of the indicator are not reflected. However, the indicator is useful when solving the equation.

Juchenchu Type:

Expand Euclid? It seems to be able to solve. But what about the same formula as below?

Only the indicator can be used to solve. Both sides simultaneously seek the discrete logarithm:

Can solve the following:

In fact, the last example is one of the most important uses of indicators. We'll discuss it in detail later.

However, the previous calculations were made in the case that the indicator table was given. What if there are no indicator tables? How do I find a number indicator (discrete logarithm)?

To be more precise, give G, A, p, how to find the smallest k of gk≡a (mod p)? To simplify the problem, p is specified here as prime number.

Here is an algorithm called Stride small Step (Gaint-step baby-step). The core idea of the algorithm is chunking. Take m = [sqrt (p–1)] + 1 and then represent the K as the form of XM + y (0≤y < m). Thus, the range of x and Y is 0~m (y does not contain m). So Gk≡ (GM) Xxgy, can find all the Gy (m), and then enumerate X, Calculate (GM) x, look for: Is there a Gy meet (GM) xxgy≡a (mod p)? Other words:

Is there a GY that satisfies Gy≡ax (GMX) –1 (mod p)?

The inverse (gmx) –1 is calculated using the Fermat theorem and the fast power, and then the ax (GMX) –1 is calculated. Check if there is a "match" for the Gy. If we first put Gy in a hash table (or a C + + map), then the query for this step is O (1) (or O (log2m) =o (log2p)). The core steps of the algorithm are still enumerations, but the chunking changes the time complexity to O (sqrt (P) xlog2p) (Note the time to calculate the inverse).

Four, n times remaining

Here to solve a problem like this:

Give N, a, p to satisfy all solutions X of Xn≡a (mod p) (P is prime).

It can be visually understood as the N-square root of a in modulo p sense.

Just now we have used examples to get a preliminary look at the practice:

Xn≡a (mod p), find a primary root of P G, using the "big step" algorithm to find a G-base A-mode P indicator I (a).

The same formula becomes:

Nxi (x) ≡a (mod p–1)

The knowledge of a congruence equation is known, and the condition of the solution is

GCD (N, p–1) | A

Moreover, the solution has gcd (N, p–1).

Solve all possible I (x), then x = GI (x). These x repetitions are to be removed.

Code:

#include <cstdio> #include <cstring> #include <algorithm> #include <cmath> #include <vector> #include <map> using namespace Std; typedef long Long LL; int gcd (int a, int b) { return b = = 0? A:GCD (b, a% B); } void _gcd (int a, int b, LL &x, LL &y) { if (b = = 0) { x = 1; y = 0; return; } _GCD (b, A%b, y, x); Y-= (A/b) * x; } int extend_gcd (int a, int b, int c, LL &x, ll &y, int &dx, int &dy) { int g = GCD (A, b); if (c% g) return 0; _GCD (A, B, X, y); x *= (c/g); Y *= (c/g); DX = b/g; dy = a/g; return g; } Ax = B (mod N) Set ax =-yn + B Then ax + Ny = B BOOL Line_mod_equ (int A, int B, int N, int &x, int &k) { LL x0, y0; int dx, DY; if (!EXTEND_GCD (A, N, B, x0, y0, dx, dy)) return false; x0%= DX; if (x0 < 0) x0 + = DX; x = (int) x0; k = DX; return true; } ll Pow_mod (ll A, ll B, ll P) { if (b = = 0) return 1; LL tmp = Pow_mod (A, (b>>1), p); if (b & 1) return TMP * TMP% p * a% P; ELSE return TMP * tmp% P; } Decomposition factorization void factor (int x, vector<int> &divs) { Divs.clear (); for (int i = 2; I * I <= x; + + i) if (x% i = = 0) { Divs.push_back (i); while (x% i = = 0) x/= i; } if (x > 1) divs.push_back (x); } BOOL G_test (int g, vector<int> &divs, int P) { for (int i = 0; i < (int) divs.size (); + + i) if (Pow_mod (g, (P-1)/divs[i], P) = = 1) return false; return true; } Find the original root, p is prime, guaranteed to have the original root int primitive_root (int P) { Static vector<int> divs; Factor (P-1, divs); int g = 1; while (!g_test (g, divs, P)) + + G; return g; } Solve the discrete logarithm B (p is prime number) with a as the base n in the sense of modulo p i.e. a ^ b = N (mod P) Step-by-step algorithm (chunking) Take s = sqrt (P), set B = x * s + y Then a ^ (x*s + y) = (a^s) ^x * a^y = N (mod P) A^y the value of y = 0~s-1, then enumerates S, calculates (A^s) ^x, finds if there is a matching Y int Discrete_log (int a, int N, int P) { Map<int, Int> Rec; int s = (int) sqrt (P + 0.5); while (S * S <= P) + + s; LL cur = 1; for (int y = 0; y < s; + + y) { rec[cur] = y; cur = cur * a% P; } LL a_s = cur; A^s cur = 1; for (int x = 0; x < s; + + x) { ll a_y = Pow_mod (cur, P-2, p) * LL (N)% p; Map<int,int>:: Iterator it = Rec.find (a_y); if (It! = Rec.end ()) return x * s + IT--second; cur = cur * a_s% P; } return-1; } x ^ K = a (mod p) (where P is a prime) Looking for a root g of P, find out the indicator K I (x) = I (A) (mod P-1) Conditions of the solution gcd (I (x), P-1) | I (A) void Discrete_root (int K, int A, int P, vector<int> &x) { X.clear (); if (A = = 0) {x.push_back (0); return;} int g = Primitive_root (P); int IA = Discrete_log (g, A, P); int Ix, Delta; if (!line_mod_equ (K, IA, P-1, Ix, Delta)) return; while (Ix < P) { X.push_back (Pow_mod (g, Ix, P)); Ix + = Delta; } Sort (X.begin (), X.end ()); X.erase (Unique (X.begin (), X.end ()), X.end ()); } int main () { int P, K, A; scanf ("%d%d%d", &p, &k, &a); static vector<int> x; Discrete_root (K, A, P, x); printf ("%u\n", X.size ()); for (int i = 0; i < (int) x.size (); + + i) printf ("%d\n", X[i]); return 0; }

2016-09-06 20:59:38

"Turn" Elementary number theory--Huangen, index and its application