Maria Welleda Baldoni • Ciro Ciliberto
Giulia Maria Piacentini Cattaneo

Elementary
Number Theory,
Cryptography
and Codes

123


Maria Welleda Baldoni
Ciro Ciliberto
Giulia Maria Piacentini Cattaneo
Università di Roma - Tor Vergata
Dipartimento di Matematica
Via della Ricerca Scientifica, 1
00133 Roma
Italy




ISBN 978-3-540-69199-0

e-ISBN 978-3-540-69200-3

Library of Congress Control Number: 2008938959
Mathematics Subject Classification (2000): 11G05, 14G50, 94B05

c 2009 Springer-Verlag Berlin Heidelberg
This work is subject to copyright. All rights are reserved, whether the whole or part of the material
is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilm or in any other way, and storage in data banks. Duplication of
this publication or parts thereof is permitted only under the provisions of the German Copyright Law
of September 9, 1965, in its current version, and permission for use must always be obtained from
Springer. Violations are liable to prosecution under the German Copyright Law.
The use of general descriptive names, registered names, trademarks, etc. in this publication does not
imply, even in the absence of a specific statement, that such names are exempt from the relevant
protective laws and regulations and therefore free for general use.
Cover figure from Balla, Ciacomo © VG Bild-Kunst, Bonn 2008
Cover design: WMX Design GmbH, Heidelberg
Printed on acid-free paper
987654321
springer.com


Introduction

Mathematics, possibly due to its intrinsic abstraction, is considered to be a
merely intellectual subject, and therefore extremely remote from everyday
human activities. Surprisingly, this idea is sometimes found not only among
laymen, but among working mathematicians as well. So much so that mathematicians often talk about pure mathematics as opposed to applied mathematics and sometimes attribute to the former a questionable birthright.
On the other hand, it has been remarked that those two categories do
not exist but, just as we have good and bad literature, or painting, or music,
so we have good or bad mathematics: the former is applicable, even if at
first sight this is not apparent, in any number of fields, while the latter is
worthless, even within mathematics itself. However, one must recognise the
truth in the interesting sentence with which two of our colleagues, experts
about applications, begin the preface to the book [47]: In theory there is no
difference between theory and practice. In practice there is.

We believe that this difference cannot be ascribed to the intrinsic nature
of mathematical theories, but to the stance of each single mathematician who
creates or uses these theories. For instance, until recently the branch of mathematics regarded as the closest to applications was undoubtedly mathematical
analysis and especially the theory of differential equations. The branches of
mathematics supposed to be farthest from applications were algebra and number theory. So much so that a mathematician of the calibre of G. H. Hardy
claimed in his book [25] the supremacy of number theory, which was to be
considered the true queen of mathematics, precisely due to its distance from
the petty concerns of everyday life. This made mathematics, in his words,
“gentle and clean”. A strange opinion indeed, since the first developments of
algebra and number theory among the Arabs and the European merchants
in the Middle Ages find their motivation exactly in very concrete problems
arising in business and accountancy.
Hardy’s opinion, dating back to the 1940s, was based upon a prejudice,
then largely shared among scientists. It is quite peculiar that Hardy did not
know, or pretended not to know, that A. Turing, whom he knew very well, had


VI

Introduction

used that very mathematics he considered so detached to break the Enigma
code, working for English secret services, dealing a deadly blow to German
espionage (cf. [28]). However, the role played by algebra and number theory
in military and industrial cryptography is well known from time immemorial.
Perhaps Hardy incorrectly believed that the mathematical tools then used in
cryptography, though sometimes quite complex, were nevertheless essentially
elementary, not more than combinatorial tricks requiring a measure of extemporaneous talent to be devised or cracked, but leading to no solid, important,
and enduring theories.
The advances in computer science in the last sixty years have made cryptography a fundamental part of all aspects of contemporary life. More precisely, cryptography studies transmission of data, coded in such a way that

authorised receivers only may decode them, and be sure about their provenience, integrity and authenticity. The development of new, non-classical cryptographic techniques, like public-key cryptography, have promoted and enhanced the applications of this branch of the so-called discrete mathematics,
which studies, for instance, the enumeration of symbols and objects, the construction of complex structures starting with simpler ones, and so on. Algebra
and number theory are essential tools for this branch of mathematics, which
is in a natural way suitable for the workings of computers, whose language
is intrinsically discrete rather than continuous, and is essential in the construction of all security systems for data transmission. So, even if we are not
completely aware of it, each time we use credit cards, on-line bank accounts
or e-mail, we are actually fully using algebra and numbers. But there is more:
the same techniques have been applied since the 1940s to the transmission
of data on channels where interference is present. This is the subject of the
theory of error-correcting codes which, though unwittingly, we use daily in
countless ways: for instance when we listen to music recorded on a CD or
when surfing the Web.
This textbook originated from the teaching experience of the authors at
the University of Rome “Tor Vergata” where, in the past years, they taught
this subject to Mathematics, Computer Science, Electronic Engineering and
Information Technology students, as well as for the “Scuola di Insegnamento
a Distanza”, and at several different levels. They gave courses with a strong
algebraic or geometric content, but keeping in mind the algorithmic and constructive aspects of the theories and the applications we have been mentioning.
The point of view of this textbook is to be friendly and elementary. Let
us try to explain what we mean by these terms.
By friendly we mean our attempt to always give motivations of the theoretical results we show to the reader, by means of examples we consider to be
simple, meaningful, sometimes entertaining, and useful for the applications.
Indeed, starting from the examples, we have expounded the general methods
of resolution of problems that only apparently look different in form, setting
and language. With this in mind, we have aimed to a simple and colloquial


Introduction

VII


style, while never losing sight of the formal rigour required in a mathematical
treatise.
By elementary we mean that we assume our readers to have a quite limited
background in basic mathematical knowledge. As a rule of the thumb, a student having followed a good first semester in Mathematics, Physics, Computer
Science or Engineering may confidently venture through this book. However,
we have tried to make the treatment as self-contained as possible regarding the
elements of algebra and number theory needed in cryptography and coding
theory applications. Elementary, however, does not mean easy: we introduced
quite advanced concepts, but did so gradually and always trying to accompany
the reader, without assuming previous advanced knowledge.
The starting point of this book is the well-known set of integer numbers
and their arithmetic, that is the study of the operations of addition e multiplication. Chapter 1 aims to make the reader familiar with integer numbers.
Here mathematical induction and recursion are covered, giving applications
to several concrete problems, such as the analysis of dynamics of populations
with assigned reproduction rules, the computation of numbers of moves in
several games, and so on. The next topics are divisions, the greatest common
divisor and how to compute it using the well-known Euclidean algorithm, the
resolution of Diophantine equations, and numeral systems in different bases.
These basic notions are first presented in an elementary way and then a more
general theoretical approach is given, by introducing the concept of Euclidean
ring. The last part of the chapter is devoted to continued fractions.
One of the goals of Chapter 1 is to show how, in order to solve concrete
problems using mathematical methods, the first step is to build a mathematical model that allows a translation into one or more mathematical problems.
The next step is the determination of suitable algorithms, that is procedures
consisting of a finite sequence of elementary operations yielding the solution
to the mathematical problems describing the initial question. In Chapter 2
we discuss the fundamental concept of computational complexity of an algorithm, which basically counts the elementary operations an algorithm consists
of, thus evaluating the time needed to execute it. The importance of this concept is manifest: among the algorithms we have to distinguish the feasible
ones, that is those executable in a sufficiently short time, and the unfeasible

ones, due to the time needed for their execution being too long independently
of the computing device used. The algorithms of the first kind are the polynomial ones, while among those of the second kind there are, for instance,
the exponential ones. We proceed then to calculate the complexity of some
fundamental algorithms used to perform elementary operations with integer
numbers.
In Chapter 3 we introduce the concept of congruence, which allows the
passage from the infinite set of integer numbers to the finite set of residue
classes. This passage from infinite to finite enables us to implement the elementary operations on integers in computer programming: a computer, in
fact, can work on a finite number of data only.


VIII

Introduction

Chapter 4 is devoted to the fundamental problem of factoring integer
numbers. So we discuss prime numbers, which are the building blocks of the
structure of integer numbers, in the sense that each integer number may be
represented as a product of prime numbers: this is the so-called factorisation
of an integer number. Factoring an integer number is an apparently harmless
problem from a theoretical viewpoint: the factorisation exists, it is essentially
unique, and it can be found by the famous sieve of Eratosthenes. We show,
however, the unfeasibility of this exponential algorithm. For instance, in 1979
it has been proved that the number 244497 − 1, having 13395 decimal digits, is
prime: by using the sieve of Eratosthenes, it would take a computer executing
one million multiplications per second about 106684 years to get this result!
The modern public-key cryptography, covered in Chapter 7, basically relies
on the difficulty of factoring an integer number. In Chapter 4 elements of the
general theory of factorial rings can also be found, in particular as regards its
application to polynomials.

In Chapter 5 finite fields are introduced; they are a generalisation of the
rings of residue classes of integers modulo a prime number. Finite fields are
fundamental for the applications to cryptography and codes. Here we present
their main properties, expounded with several examples. We give an application of finite fields to the resolution of polynomial Diophantine equations.
In particular, we prove the law of quadratic reciprocity, the key to solving
second degree congruences.
In Chapter 6 most of the theory presented so far is applied to the search for
primality tests, that is algorithms to determine whether a number is prime
or not, and for factorisation methods more sophisticated than the sieve of
Eratosthenes; even if they are in general exponential algorithms, just like
Eratosthenes’, in special situations they may become much more efficient. In
particular, we present some primality tests of probabilistic type: they are able
to discover in a very short time whether a number has a high probability of
being a prime number. Moreover, we give the proof of a recent polynomial
primality test due to M. Agrawal, N. Kayal and N. Saxena; its publication
has aroused a wide interest among the experts.
Chapter 7 describes the applications to cryptography. Firstly, we describe
several classical cryptographic methods, and discuss the general laying out
of a cryptographic system and the problem of cryptanalysis, which studies
the techniques to break such a system. We introduce next the revolutionary
concept of public-key cryptography, on which the transmission of the bulk
of confidential information, distinctive of our modern society, relies. We discuss several public-key ciphers, main among them the well-known RSA system, whose security relies on the computational difficulty of factoring large
numbers, and some of its variants making it possible, for instance, the electronic authentication of signatures. Recently new frontiers for cryptography,
especially regarding security, have been opened by the interaction of classical
algebra and arithmetic with ideas and concepts originating from algebraic geometry, and especially the study of a class of plane curves known as elliptic


Introduction

IX


curves. At the end of the chapter an introduction to these important developments is given.
Chapter 8 presents an introduction to coding theory, already mentioned
above. This is a recent branch of mathematics in which sophisticated combinatorial, algebraic and geometric techniques converge, in order to study the
mathematical aspects of the problem of transmitting data through noisy channels. In other words, coding theory studies techniques to send data through a
channel when we give for granted that some errors will happen during transmission. These techniques enable us to correct the errors that might arise, as
well as to quickly encode and decode the data we intend to send.
In Chapter 9 we give a quick glance at the new frontiers offered by quantum cryptography, which relies on ideas originating in quantum mechanics.
This branch of physics makes the creation of a quantum computer at least
conceivable; if such a computer were actually built, it could execute in polynomial time computations a usual computer would need an exponential time
to perform. This would make all present cryptographic systems vulnerable,
seriously endangering civil, military, financial security systems. This might result in the collapse of our civilisation, largely based on such systems. On the
other hand, by its very nature, the concept of a quantum computer allows the
design of absolutely unassailable quantum cryptographic systems, even by a
quantum computer; furthermore, such systems have the astonishing property
of being able to detect if eavesdroppers attempt, even unsuccessfully, to hear
in on a restricted communication.
Each chapter is followed by an appendix containing:
• a list of exercises on the theory presented there, with several levels of
difficulty; in some of them proofs of supplementary theorems or alternative
proofs of theorems already proved in the text are given;
• a list of exercises from a computational viewpoint;
• suggestions for programming exercises.
The most difficult exercises are marked by an asterisk. At the end of the
book many of the exercises are solved, especially the hardest theoretical ones.
Some sections of the text may be omitted in a first reading. They are set
in a smaller type, and so are the appendices.
We wrote this book having in mind students of Mathematics, Physics,
Computer Science, Engineering, as well as researchers who are looking for an
introduction, without entering in too many details, to the themes we have

quickly described above.
In particular, the book can be useful as a complementary text for first and
second year students in Mathematics, Physics or Computer Science taking
a course in Algebra or Discrete Mathematics. In Chapters 1, 3, and 4 they
will find a concrete approach, with many examples and exercises, to some
basic algebraic theories. Chapters 5 and 6, though more advanced, are in our
opinion within the reach of a reader of this category.


X

Introduction

The text is particularly suitable for a second or third year course giving
an introduction to cryptography or to codes. Students of such a course will
probably already have been exposed to the contents of Chapters 1, 3, and 4;
so teachers can limit themselves to quick references to them, suggesting to
the students only to solve some exercises. They can then devote more time to
the material from Chapter 5 on, and particularly to Chapter 7, giving more
or less space to Chapters 8 and 9.
The bibliography lists texts suggested for further studies in cryptography
and codes, useful for more advanced courses.
A first version of this book, titled “Note di matematica discreta”, was
published in 2002 by Aracne; we are very grateful to the publishers for their
permission for the publication of this book. This edition is widely expanded
and modified: the material is presented differently, several new sections and
in-depth analysis have been added, a wider selection of solved exercises is
offered.
Lastly, we thank Dr Alberto Calabri for supervising the layout of the book
and the editing of the text, especially as regards the exercise sections.


Rome,
August 2008

M. Welleda Baldoni
Ciro Ciliberto
Giulia Maria Piacentini Cattaneo


Contents

1

A round-up on numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.1 Mathematical induction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2 The concept of recursion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2.1 Fibonacci numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2.2 Further examples of population dynamics . . . . . . . . . . . . .
1.2.3 The tower of Hanoi: a non-homogeneous linear case . . . .
1.3 The Euclidean algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3.1 Division . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3.2 The greatest common divisor . . . . . . . . . . . . . . . . . . . . . . . .
1.3.3 B´ezout’s identity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3.4 Linear Diophantine equations . . . . . . . . . . . . . . . . . . . . . . .
1.3.5 Euclidean rings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3.6 Polynomials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.4 Counting in different bases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.4.1 Positional notation of numbers . . . . . . . . . . . . . . . . . . . . . .
1.4.2 Base 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.4.3 The four operations in base 2 . . . . . . . . . . . . . . . . . . . . . . . .

1.4.4 Integer numbers in an arbitrary base . . . . . . . . . . . . . . . . .
1.4.5 Representation of real numbers in an arbitrary base . . . .
1.5 Continued fractions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.5.1 Finite simple continued fractions and rational numbers .
1.5.2 Infinite simple continued fractions and irrational
numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.5.3 Periodic continued fractions . . . . . . . . . . . . . . . . . . . . . . . . .
1.5.4 A geometrical model for continued fractions . . . . . . . . . . .
1.5.5 The approximation of irrational numbers by convergents
1.5.6 Continued fractions and Diophantine equations . . . . . . . .
Appendix to Chapter 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
A1 Theoretical exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
B1 Computational exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
C1 Programming exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

1
1
5
6
11
13
14
14
16
17
20
21
23
30
30

32
33
39
40
43
44
48
56
57
58
61
62
62
73
84


XII

Contents

2

Computational complexity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
2.1 The idea of computational complexity . . . . . . . . . . . . . . . . . . . . . . 87
2.2 The symbol O . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
2.3 Polynomial time, exponential time . . . . . . . . . . . . . . . . . . . . . . . . . 92
2.4 Complexity of elementary operations . . . . . . . . . . . . . . . . . . . . . . . 95
2.5 Algorithms and complexity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
2.5.1 Complexity of the Euclidean algorithm . . . . . . . . . . . . . . . 98

2.5.2 From binary to decimal representation: complexity . . . . . 101
2.5.3 Complexity of operations on polynomials . . . . . . . . . . . . . 101
2.5.4 A more efficient multiplication algorithm . . . . . . . . . . . . . . 103
2.5.5 The Ruffini–Horner method . . . . . . . . . . . . . . . . . . . . . . . . . 105
Appendix to Chapter 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
A2 Theoretical exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
B2 Computational exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
C2 Programming exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

3

From infinite to finite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
3.1 Congruence: fundamental properties . . . . . . . . . . . . . . . . . . . . . . . . 115
3.2 Elementary applications of congruence . . . . . . . . . . . . . . . . . . . . . . 120
3.2.1 Casting out nines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
3.2.2 Tests of divisibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
3.3 Linear congruences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
3.3.1 Powers modulo n . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
3.4 The Chinese remainder theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
3.5 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
3.5.1 Perpetual calendar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
3.5.2 Round-robin tournaments . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Appendix to Chapter 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
A3 Theoretical exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
B3 Computational exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
C3 Programming exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

4

Finite is not enough: factoring integers . . . . . . . . . . . . . . . . . . . . . 149

4.1 Prime numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
4.1.1 The Fundamental Theorem of Arithmetic . . . . . . . . . . . . . 150
4.1.2 The distribution of prime numbers . . . . . . . . . . . . . . . . . . . 152
4.1.3 The sieve of Eratosthenes . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
4.2 Prime numbers and congruences . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
4.2.1 How to compute Euler function . . . . . . . . . . . . . . . . . . . . . . 160
4.2.2 Fermat’s little theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
4.2.3 Wilson’s theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
4.3 Representation of rational numbers in an arbitrary base . . . . . . 166
4.4 Fermat primes, Mersenne primes and perfect numbers . . . . . . . . 168
4.4.1 Factorisation of integers of the form bn ± 1 . . . . . . . . . . . . 168
4.4.2 Fermat primes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170


Contents

XIII

4.4.3 Mersenne primes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
4.4.4 Perfect numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
4.5 Factorisation in an integral domain . . . . . . . . . . . . . . . . . . . . . . . . . 173
4.5.1 Prime and irreducible elements in a ring . . . . . . . . . . . . . . 174
4.5.2 Factorial domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
4.5.3 Noetherian rings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
4.5.4 Factorisation of polynomials over a field . . . . . . . . . . . . . . 179
4.5.5 Factorisation of polynomials over a factorial ring . . . . . . . 182
4.5.6 Polynomials with rational or integer coefficients . . . . . . . . 188
4.6 Lagrange interpolation and its applications . . . . . . . . . . . . . . . . . . 191
4.7 Kronecker’s factorisation method . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Appendix to Chapter 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

A4 Theoretical exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
B4 Computational exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
C4 Programming exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
5

Finite fields and polynomial congruences . . . . . . . . . . . . . . . . . . . 213
5.1 Some field theory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
5.1.1 Field extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
5.1.2 Algebraic extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
5.1.3 Splitting field of a polynomial . . . . . . . . . . . . . . . . . . . . . . . 217
5.1.4 Roots of unity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
5.1.5 Algebraic closure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
5.1.6 Finite fields and their subfields . . . . . . . . . . . . . . . . . . . . . . 220
5.1.7 Automorphisms of finite fields . . . . . . . . . . . . . . . . . . . . . . . 222
5.1.8 Irreducible polynomials over Zp . . . . . . . . . . . . . . . . . . . . . . 222
5.1.9 The field F4 of order four . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
5.1.10 The field F8 of order eight . . . . . . . . . . . . . . . . . . . . . . . . . . 225
5.1.11 The field F16 of order sixteen . . . . . . . . . . . . . . . . . . . . . . . . 226
5.1.12 The field F9 of order nine . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
5.1.13 About the generators of a finite field . . . . . . . . . . . . . . . . . 227
5.1.14 Complexity of operations in a finite field . . . . . . . . . . . . . . 228
5.2 Non-linear polynomial congruences . . . . . . . . . . . . . . . . . . . . . . . . . 229
5.2.1 Degree two congruences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
5.2.2 Quadratic residues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
5.2.3 Legendre symbol and its properties . . . . . . . . . . . . . . . . . . . 238
5.2.4 The law of quadratic reciprocity . . . . . . . . . . . . . . . . . . . . . 243
5.2.5 The Jacobi symbol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
5.2.6 An algorithm to compute square roots . . . . . . . . . . . . . . . . 248
Appendix to Chapter 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
A5 Theoretical exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

B5 Computational exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
C5 Programming exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260


XIV

Contents

6

Primality and factorisation tests . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
6.1 Pseudoprime numbers and probabilistic tests . . . . . . . . . . . . . . . . 261
6.1.1 Pseudoprime numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
6.1.2 Probabilistic tests and deterministic tests . . . . . . . . . . . . . 263
6.1.3 A first probabilistic primality test . . . . . . . . . . . . . . . . . . . . 263
6.1.4 Carmichael numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
6.1.5 Euler pseudoprimes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
6.1.6 The Solovay–Strassen probabilistic primality test . . . . . . 268
6.1.7 Strong pseudoprimes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
6.1.8 The Miller–Rabin probabilistic primality test . . . . . . . . . . 272
6.2 Primitive roots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
6.2.1 Primitive roots and index . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
6.2.2 More about the Miller–Rabin test . . . . . . . . . . . . . . . . . . . . 279
6.3 A polynomial deterministic primality test . . . . . . . . . . . . . . . . . . . 281
6.4 Factorisation methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290
6.4.1 Fermat factorisation method . . . . . . . . . . . . . . . . . . . . . . . . 291
6.4.2 Generalisation of Fermat factorisation method . . . . . . . . . 292
6.4.3 The method of factor bases . . . . . . . . . . . . . . . . . . . . . . . . . 294
6.4.4 Factorisation and continued fractions . . . . . . . . . . . . . . . . . 299
6.4.5 The quadratic sieve algorithm . . . . . . . . . . . . . . . . . . . . . . . 300

6.4.6 The ρ method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
6.4.7 Variation of ρ method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Appendix to Chapter 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
A6 Theoretical exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
B6 Computational exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
C6 Programming exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317

7

Secrets. . . and lies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
7.1 The classic ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
7.1.1 The earliest secret messages in history . . . . . . . . . . . . . . . . 319
7.2 The analysis of the ciphertext . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
7.2.1 Enciphering machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
7.3 Mathematical setting of a cryptosystem . . . . . . . . . . . . . . . . . . . . . 330
7.4 Some classic ciphers based on modular arithmetic . . . . . . . . . . . . 334
7.4.1 Affine ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
7.4.2 Matrix or Hill ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
7.5 The basic idea of public key cryptography . . . . . . . . . . . . . . . . . . . 341
7.5.1 An algorithm to compute discrete logarithms . . . . . . . . . . 344
7.6 The knapsack problem and its applications to cryptography . . . 345
7.6.1 Public key cipher based on the knapsack problem,
or Merkle–Hellman cipher . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
7.7 The RSA system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
7.7.1 Accessing the RSA system . . . . . . . . . . . . . . . . . . . . . . . . . . 351
7.7.2 Sending a message enciphered with the RSA system . . . . 352
7.7.3 Deciphering a message enciphered with the
RSA system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354



Contents

XV

7.7.4 Why did it work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
7.7.5 Authentication of signatures with the RSA system . . . . . 360
7.7.6 A remark about the security of RSA system . . . . . . . . . . . 362
7.8 Variants of RSA system and beyond . . . . . . . . . . . . . . . . . . . . . . . . 363
7.8.1 Exchanging private keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
7.8.2 ElGamal cryptosystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
7.8.3 Zero-knowledge proof: persuading that a result is
known without revealing its content nor its proof . . . . . . 365
7.8.4 Historical note . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366
7.9 Cryptography and elliptic curves . . . . . . . . . . . . . . . . . . . . . . . . . . . 366
7.9.1 Cryptography in a group . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
7.9.2 Algebraic curves in a numerical affine plane . . . . . . . . . . . 368
7.9.3 Lines and rational curves . . . . . . . . . . . . . . . . . . . . . . . . . . . 369
7.9.4 Hyperelliptic curves . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
7.9.5 Elliptic curves . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
7.9.6 Group law on elliptic curves . . . . . . . . . . . . . . . . . . . . . . . . . 374
7.9.7 Elliptic curves over R, C and Q . . . . . . . . . . . . . . . . . . . . . . 380
7.9.8 Elliptic curves over finite fields . . . . . . . . . . . . . . . . . . . . . . 381
7.9.9 Elliptic curves and cryptography . . . . . . . . . . . . . . . . . . . . . 384
7.9.10 Pollard’s p − 1 factorisation method . . . . . . . . . . . . . . . . . . 385
Appendix to Chapter 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386
A7 Theoretical exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386
B7 Computational exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390
C7 Programming exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
8


Transmitting without. . . fear of errors . . . . . . . . . . . . . . . . . . . . . 405
8.1 Birthday greetings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406
8.2 Taking photos in space or tossing coins, we end up at codes . . . 407
8.3 Error-correcting codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410
8.4 Bounds on the invariants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413
8.5 Linear codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419
8.6 Cyclic codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425
8.7 Goppa codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429
Appendix to Chapter 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436
A8 Theoretical exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436
B8 Computational exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
C8 Programming exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443

9

The future is already here: quantum cryptography . . . . . . . . . 445
9.1 A first foray into the quantum world: Young’s experiment . . . . . 446
9.2 Quantum computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449
9.3 Vernam’s cipher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
9.4 A short glossary of quantum mechanics . . . . . . . . . . . . . . . . . . . . . 454
9.5 Quantum cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460
Appendix to Chapter 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467


XVI

Contents

A9
B9

C9

Theoretical exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467
Computational exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468
Programming exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469

Solution to selected exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
Exercises of Chapter 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471
Exercises of Chapter 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482
Exercises of Chapter 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483
Exercises of Chapter 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487
Exercises of Chapter 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 492
Exercises of Chapter 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496
Exercises of Chapter 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498
Exercises of Chapter 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501
Exercises of Chapter 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511


1
A round-up on numbers

This chapter rounds up some basic notions about numbers; we shall need them
later on, and it is useful to fix the ideas on some concepts and techniques which
will be investigated in this book. Some of what follows will be studied again
in more detail, but we shall assume a basic knowledge about:
• some elements of set theory and logic (see for instance [43]);
• the construction of the fundamental number sets:
N = the set of natural numbers,

Z = the set of integer numbers,
Q = the set of rational numbers,
R = the set of real numbers,
C = the set of complex numbers,
and of the operations on them (see [15] or [22]);
• the idea of limit and of numerical series (as given in any calculus text, for
instance [12]);
• some elements of algebra (see [4], [15], [32] or [45]): in particular, the reader
will need the definitions of the main algebraic structures, like semigroups,
groups, rings, integral domains, fields;
• basic notions of linear algebra (see [13]): vector spaces, matrices, eigenvalues, and eigenvectors;
• elementary concepts of probability theory (see [5] or [29]).

1.1 Mathematical induction
In this section we shall fix our attention on the set N = {0, 1, 2, 3, . . .} of
natural numbers on which, as is well known, the operations +, the addition,
and ·, the multiplication, as well as a natural order relation ≤ are given. Recall


2

1 A round-up on numbers

that both (N, +) and (N, ·) are semigroups, that is to say, the operations are
associative, and admit an identity element.
On the set N the map
succ : n ∈ N → n + 1 ∈ N
is defined, associating with each natural number its successor. This mapping
is injective but not surjective, as 0 is not the successor of any natural number.
The existence of such an injective but not surjective mapping of N in itself

implies that it is an infinite set.
Furthermore, the following fundamental property holds in N:
Mathematical induction. Let A be a subset of N satisfying the following
two properties:
(1) n0 ∈ A;
(2) if n ∈ A then, for each n, succ(n) = n + 1 ∈ A.
Then A includes all natural numbers greater or equal than n0 . In particular,
if n0 = 0, then A coincides with N.
It is well known that the existence of the mapping succ and mathematical
induction uniquely determine the set of natural numbers. Mathematical induction is important not only for the formal construction of the set N, but is
also a fundamental proof tool to which we want to draw the reader’s attention.
Let us look at a simple example. Suppose we want to solve the following problem: compute the sum of the first n natural numbers, that is to say
compute the number
1 + 2 + · · · + (n − 1) + n.
Some of the readers might already know that this problem, in the case
n = 100, appears in an episode of Carl Friedrich Gauss’s life. When he was
six years old, his teacher gave it to his unruly pupils, in the hope that it
would take them some time to solve it, to keep them quiet in the meantime.
Unfortunately (for the teacher), Gauss noticed that
n + 1 = (n − 1) + 2 = (n − 2) + 3 = · · · ,
that is, the sum of the last term and of the first one equals the sum of the
last but one plus the second one, and so forth; so he guessed in a few seconds
the general formula
1 + 2 + · · · + (n − 1) + n =

n(n + 1)
2

and immediately obtained
1 + 2 + · · · + 99 + 100 = 5050.


(1.1)


1.1 Mathematical induction

3

But how may we prove that, as young Gauss guessed, formula (1.1) always
holds? Of course, it is not possible to check it for each n by actually summing
up the terms, because we should verify an infinite number of cases. What
mathematical induction allows us to do is precisely solving problems of this
kind, even in more general cases.
Consider a set X and a sequence {Pn } of propositions defined in X, that
is, for each number n ∈ N, Pn is a proposition about the elements of X. For
instance, in the case X = N, we may take
Pn = formula (1.1) holds,
that is, Pn is the claim that for the number n ∈ N the sum 1+2+· · ·+(n−1)+n
equals n(n + 1)/2. Suppose we want to prove that the proposition Pn is true
for each n. Thus, we have to prove infinitely many propositions. Consider the
set
A := {n ∈ N | Pn is true}.
We have to prove that A coincides with N. Applying mathematical induction
it suffices to proceed as follows:
(1) basis of the induction: prove that P0 is true;
(2) inductive step: prove that, for each k ≥ 0, from the truth of Pk (induction
hypothesis), it follows that Pk+1 is true.
Then we may conclude that Pn is true for each n ∈ N.
With a proof by induction we may obtain infinitely many results in just
two steps. In this sense, it is a method of reduction from infinite to finite, and

so it has a crucial importance, infinity being by its very nature intractable.
Further on we shall show several methods, techniques and ideas in the same
spirit of reducing from infinite to finite.
An apparently more restrictive, but actually equivalent (see Exercises
A1.1–A1.3) formulation of the same principle is as follows:
Complete induction (or Strong induction) (CI). Let A be a subset of N
satisfying the following properties:
(1) n0 ∈ A;
(2) if k ∈ A for each k such that n0 ≤ k < n, then n ∈ A as well.
Then A includes all natural numbers greater than n0 . In particular, if n0 = 0,
then A coincides with N.
This yields, as above, the following formulation:
(1) basis of the induction: prove that P0 is true;
(2) inductive step: prove that, for each k ≥ 0, from the truth of Ph for each
h ≤ k, it follows that Pk+1 is true.


4

1 A round-up on numbers

Then we may conclude that Pn is true for each n ∈ N.
Let the reader be warned that, as implicitely stated above, mathematical
induction, in itself, does not yield formulas, but allows us to prove them if
we already know them. In other words, if we already are in possession of the
sequence of propositions Pn we may hope to prove their truth by mathematical induction, but this method in itself will not give us the sequence Pn . In
practice, if we have a problem like the one given to Gauss as a young boy, in
order to guess the right sequence of propositions Pn it is necessary to study
what happens for the first values of n and, following Gauss’s example, venture
a conjecture about the general situation.

As an example, we prove by induction formula (1.1).
The basis of the induction lies just in observing that the formula is obviously true for n = 1. Suppose now that the formula is true for a particular
value of n, and let us prove its truth for its successor n + 1. We have:
1 + 2 + · · · + (n − 1) + n + (n + 1) =
= [1 + 2 + · · · + (n − 1) + n] + (n + 1) =
=

(by induction hypothesis)

n(n + 1)
(n + 1)(n + 2)
+ (n + 1) =
.
2
2

This proves the inductive step for each n, and so proves formula (1.1).
Other examples in which mathematical induction is used to prove formulas
similar to (1.1) are given in the appendix at the end of this chapter (see
Exercises B1.5–B1.11).
Remark 1.1.1. Before carrying on, it might be useful to warn readers of the snares
deriving by erroneous applications of mathematical induction. In a proof by induction, both steps, the basis of the induction and the inductive step, are indispensable
to a correct application of the procedure, and both are to be correctly carried out.
Otherwise, we are in danger of making gross mistakes. For instance, an erroneous
application of mathematical induction might yield a proof of the following ludicrous
claim: All cats are the same colour.
Let us proceed by induction, by proving that for each n ∈ N, any set of n cats
is made up of cats of the same colour:
•
•


basis of the induction: It is obvious; indeed any set including a single cat is made
up of cats of the same colour, that is, the colour of the unique cat in the set.
inductive step: Suppose that every time we have n − 1 cats they are the same
colour and let us prove that the same claim holds for n cats. Examine the
following picture, where the dots represent cats:
n−1

• • • • •··· • • • ••.

(1.2)

n−1

By induction hypothesis, the first n − 1 cats are all the same colour. By the
same reason, the last n − 1 cats are the same colour as well, this colour being
a priori different from the colour of the first cats. But the common cats, that is
the cats appearing both among the first n − 1 and the last n − 1, must be the
same colour. So all the cats are the same colour.


1.2 The concept of recursion

5

Since, fortunately, there are cats of different colours, we are confident that we
have made a mistake. Where is it? In the inductive step we used the fact that there
are cats in common to the two sets we were considering, the first n − 1 cats and the
last n − 1 cats. But this is true only if n ≥ 3. So the inductive step does not hold
for each n because the implication from the case n = 1 to n = 2 does not hold.

Notice that if we want to prove a proposition Pn not for all values of n, but for
all n ≥ n0 , it is enough to prove as the basis for the induction the proposition Pn0
and then verifying the inductive step for each n ≥ n0 . Studying again the example
about cats, the inductive steps holds for n ≥ 2, but the basis of the induction does
not hold for n = 2, that is, it is not true that each pair of cats consists of cats of
the same colour!

1.2 The concept of recursion
Recursion is a fundamental concept, strictly connected to mathematical induction. Suppose we have a function defined on the set N of natural numbers
taking values in a set X. Such a function is commonly said to be a sequence
in X and denoted by {an }n∈N , or simply {an }, where an is the value taken
by the function on the integer n. The values an are said to be the terms of
the sequence.
Suppose now we have a method allowing us to determine the term an for
each integer n greater or equal than a fixed integer n0 when we know the term
an−1 . Suppose moreover we know the initial terms of the sequence, that is
a0 , a1 , a2 , . . ., an0 −1 , an0 . We claim that, with these premises, we are able
to compute the value of the sequence for each natural number n. This is a
consequence of mathematical induction and its easy proof is left to the reader
(see Exercise A1.10).
A particular but very interesting example of this procedure is the case of
numeric sequences satisfying linear recurrence relations. Let us give a general
definition:
Definition 1.2.1. Let {an }n∈N be a sequence of elements in a vector space V
on a field K. A linear recurrence relation, or formula, for the sequence is a
formula of the kind
an+k = fk−1 (an+k−1 ) + fk−2 (an+k−2 ) + · · · + f0 (an ) + dn ,

(1.3)


holding for each integer n ≥ 0; here k is a positive integer, a0 , a1 , . . ., ak−1 are
the initial values or conditions, f0 , f1 , . . ., fk−1 are linear maps of V in itself,
called coefficients of the recurrence relation, and {dn } is a (possibly constant)
sequence of elements in V said constant term. If dn = 0, the relation is said
to be homogeneous.
So, formula (1.3) gives an expression for the (n+k)-th term of the sequence
{an } as a function of the k preceding terms. We shall mostly consider the case
where {dn } is a constant sequence with each term equal to d. The word linear


6

1 A round-up on numbers

refers to the fact that we are working in a vector space V . In particular, it is
possible to consider sequences {an }n∈N of elements of K verifying a recurrence
relation. In this case f0 , f1 , . . ., fk−1 are the product by elements b0 , b1 , . . .,
bk−1 of K and relation (1.3) is of the form
an+k = bk−1 an+k−1 + bk−2 an+k−2 + · · · + b0 an + dn .

(1.4)

A sequence {an }n∈N is said to be a solution of a linear recurrence relation
of the form (1.3) if the terms an of the sequence satisfy the relation. It is
obvious that the sequence is uniquely determined by relation (1.3) and by the
initial terms a0 , a1 , . . ., ak−1 .
On the other hand, if we know that a sequence {an }n∈N of elements of the
field K verifies a linear recurrence relation of the form (1.4), but we do not
know the coefficients b0 , b1 , . . ., bk−1 and the constant term d, we may expect
to be able to determine these coefficients, and then the whole sequence, if we

know sufficiently many terms of the sequence (see, as a particular instance,
Exercise A1.27).
Recurrence relations appear in a natural way when studying several different kinds of problems, like computing increments or decrements of populations with given reproduction rules, colouring pictures with just two colours,
computing the number of moves in different games, computing compounded
interests, solving geometrical problems and so forth. Some of these problems
will be shown as examples or suggested as exercises in the appendix.
1.2.1 Fibonacci numbers
Example 1.2.2. Two newborn rabbits, a male and a female, are left on a
desert island on the 1st of January. This couple becomes fertile after two
months and, starting on the 1st of March, they give birth to two more rabbits,
a male and a female, the first day of each month. Each couple of newborn
rabbits, analogously, becomes fertile after two months and, starting on the
first day of their third month, gives birth to a new couple of rabbits. How
many couples are there on the island after n months?
In order to answer this question, we must construct a mathematical model
for the population increase of rabbits, as described in the example. Denote by
fn the number of couples of rabbits, a male and a female, that are present in
the island during the nth month. It is clear that fn is the sum of two numbers
completely determined by the situation in the preceding months, that is fn is
the sum
(1) of the number fn−1 of the couples of rabbits in the island in the (n − 1)-th
month, as no rabbit dies;
(2) of the number of the couples of rabbits born on the first day of n-th
month, which are as many as the couples of rabbits which are fertile on
that day, and these in turn are as many as the fn−2 couples of rabbits
that were in the island two months before.


1.2 The concept of recursion


7

As a consequence, we may write for the sequence {fn }n∈N the following
recurrence relation:
fn = fn−1 + fn−2
for each n ≥ 2 with the obvious initial conditions f0 = 0 e f1 = 1.
The sequence {fn } of natural numbers satisfying the following recurrence
relation with given initial conditions
f0 = 0,

f1 = 1,

fn = fn−1 + fn−2

for n > 1,

(1.5)

is called Fibonacci sequence, and the terms of the sequence are called Fibonacci
numbers. Each term of the sequence is the sum of the two preceding terms and
knowing this sequence it is possible to give an answer to the problem described
in Example 1.2.2. The first terms of the sequence are easy to compute:
0, 1, 1, 2, 3, 5, 8, 13, 21, 34, 55, 89, 144, 233, . . .
Fibonacci numbers are not only related to population increase, but are often found in the description of several natural phenomenona. For instance,
sunflowers’ heads display florets in spirals which are generally arranged with
34 spirals in one direction and 55 in the other. If the sunflower is smaller, it
has 21 spirals in one direction and 34 in the other, or 13 and 21. If it is very
large, it has 89 and 144 spirals! In each case these numbers are, not by chance,
Fibonacci numbers.
Fibonacci numbers were introduced by Leonardo Fibonacci, or Leonardo

Pisano, in 1202, with the goal of describing the increase of a rabbit population. These numbers have many interesting mathematical properties, so much
that along the centuries they have been, and still are, studied by many mathematicians. For instance, at the end of the 19th century Edouard Lucas used
some properties of Fibonacci numbers to show that the 39-digit number
170141183460469231731687303715884105727 = 2127 − 1
is a prime number (see Chapter 4).
Let us remark that writing relation (1.5) is not an altogether satisfying
way of answering the question posed in Example 1.2.2. We would like, in fact,
to have a solution of the recurrence relation (1.5), that is a closed formula
giving the n-th term of Fibonacci sequence, without having to compute all
the preceding terms. In order to do so, we shall use matrix operations and
some principles of linear algebra.
Consider the matrix on R
A=

0 1
1 1

.

We may rewrite conditions (1.5) in the following way:
A

fn−2
fn−1

=

fn−1
fn


for all n ≥ 2,

(1.6)


8

1 A round-up on numbers

that is, setting Xn =

fn−1
, consider the linear system
fn
AXn−1 = Xn ,

for all n ≥ 2,

and so
An X0 = Xn .
Thus, if we know An , to find the closed formula expressing fn as a function
of the initial conditions it suffices to multiply the second row of An by X0 .
In this case it is easy to prove by induction, using formula (1.5), that (see
Exercise A1.28):
Proposition 1.2.3. For each integer number n ≥ 1 we have
An =

fn−1 fn
fn fn+1


,

where {fn } is Fibonacci sequence.
Unfortunately, in the general case it is not easy to compute the powers of
a matrix: in Chapter 2 we shall fully appreciate this problem, when we study
the computational complexity of some operations. In some cases, however, as
in the present one, the computation is not difficult, as we are going to show.
If we have a diagonal matrix D, that is one of the form
D=

a 0
0 b

,

then computing Dn is trivial, because we have
Dn =

an 0
0 bn

.

Let us recall that a matrix B on a field K is said to be diagonalisable
if there exists a matrix C whose determinant is not equal to zero such that
B = C · D · C −1 , where D is a diagonal matrix. For diagonalisable matrices
computing powers is also simple. In fact, if B is as above, we trivially have
B n = C · Dn · C −1 . As Dn is easy to compute, it suffices to know D and C
in order to know the powers of B. Now, there is an easy criterion to ascertain
whether a matrix is diagonalisable: an m × m matrix B is diagonalisable if its

characteristic polynomial PB (t) has m distinct roots in K (see the definitions
recalled in § 1.3.6). Let us recall that PB (t) is the polynomial of degree m on
K defined as the determinant |B − tIm |, where Im is identity matrix , that is
the square m×m matrix with entries equal to 1 on the main diagonal and zero
elsewhere. The roots of the characteristic polynomial PB (t) that are elements
of K are called the eigenvalues of B. If B = C · D · C −1 with diagonal D, the
elements on the main diagonal of D are the eigenvalues of B.


1.2 The concept of recursion

9

For the real matrix A in (1.6) we have that
PA (t) = det

−t 1
1 1−t

= t2 − t − 1

is a polynomial having two distinct real roots given by
√
√
1+ 5
1− 5
,
λ2 =
.
λ1 =

2
2

(1.7)

Thus A is diagonalisable and as a consequence we have an expression of the
form A = C · D · C −1 , with
√
0
(1 + 5)/2
√
.
(1.8)
D=
0
(1 − 5)/2
The matrix C is easy to write down. The reader may verify (see Exercises
B1.12 and B1.13) that
√
1
1
1
−(1 −√ 5)/2 1
−1
√
√
, C =√
C=
. (1.9)
(1 + 5)/2 (1 − 5)/2

(1 + 5)/2 −1
5
In conclusion, by Proposition 1.2.3, we have the relation
√
n
fn−1 fn
(1 + 5)/2
√0
=C·
fn fn+1
0
(1 − 5)/2

n

· C −1 .

Hence, by multiplying the matrices in the right-hand side, we get the following
closed formula for the n-th Fibonacci number:
√ n
√ n
1+ 5
1
1− 5
.
fn = √
−
(1.10)
2
2

5
We give the following proposition, which generalises what we have proved
in the case of the recurrence relation (1.5).
Proposition 1.2.4. Given a positive integer k, consider the homogeneous linear recurrence relation defined on a field K
an+k = bk−1 an+k−1 + bk−2 an+k−2 + · · · + b0 an ,

for n ≥ 0,

(1.11)

where b0 , b1 , . . . , bk−1 are the coefficients and a0 , a1 , . . . , ak−1 the initial values.
Consider the square k × k matrix defined by
⎛
⎞
0 1 0 0 ... 0
⎜ 0 0 1 0 ... 0 ⎟
⎜
⎟
⎜ 0 0 0 1 ... 0 ⎟
⎜
⎟
A=⎜ . . . . .
. ⎟
⎜ .. .. .. .. . . .. ⎟
⎜
⎟
⎝ 0 0 0 0 ... 1 ⎠
b0 b1 b2 b3 . . . bk−1