Computer Security

Modular Arithmetic

December 27, 2024 ©2004, Bryan J. Higgs 1

 Sources
• The Basics of Abstract Algebra, Paul E. Bland, Freeman
• Introduction to Cryptography with Java Applets, David Bishop, Jones &
Bartlett
• Practical Cryptography, Niels Ferguson and Bruce Schneier, Wiley
• Concrete Mathematics, Graham, Knuth, and Patashnik, Addison-Wesley
• Network Security: Private Communications in a Public World, Second Edition
Charlie Kaufman, Radia Perlman, Mike Speciner, Prentice-Hall
• Applied Cryptography: Protocols, Algorithms and Source Code in C, Second
Edition, Bruce Schneier, Wiley
• Cryptography and Network Security: Principles and Practices, William
Stallings, Prentice-Hall
• and a number of web sites...

2
 Modular Arithmetic
• Modular Arithmetic is one of the main tools provided by
number theory
– The quotient of n divided by m is  n / m  , where m and n are
positive integers
– The remainder of this division is called 'n mod m'
– So, the following holds:
n m  n / m   n mod m
where the first term is the quotient and the second the remainder.

3
 Modular Arithmetic
• Another way of putting this is:
– Given any positive integer n and any integer m, if we divide m by n,
we get an integer quotient, q, and integer remainder, r, that obey the
following relationship:
m qn  r (0 r  n; q  m / n  )
– The remainder, r, is often referred to as a residue of m modulo n,
and is the smallest non-negative integer that differs from m by a
multiple of n.
For example,
m 11; n 7; 11 17  4 r 4
m  11; n 7;  11 ( 2) 7  3 r 3

4
 Modular Arithmetic
• Two integers, a and b are said to be congruent (denoted by  ) if:
a b (mod m)  a mod m b mod m
that is, "a is congruent to b modulo m"
• Alternatively, in arithmetic modulo m, a and b are equivalent if
their difference, (a - b), is a multiple of m; that is, m | (a - b)
• The set of integers Zm = {0,1, ... m - 1} form the complete set of
residues modulo m -- there are only m different integers, mod m
• The operation a mod m denotes the residue of a, such that the
residue is some integer from 0 to m - 1. This operation is known
as a modular reduction.
– Example:
10 2 (mod 4) because 4 | (10  2)

5
 Modular Arithmetic
• Congruence is an equivalence relation -- that is, it satisfies:
1) The reflexive law : a a
2) The symmetric law : a b  b a
3) The transitive law : a b c  a c

• Finding the smallest non-negative integer to which k is congruent

modulo n is called reducing k modulo n

6
 Modular Arithmetic
• We can also add and subtract congruent elements without losing
congruence:
a b and c d  a  c b  d (mod m)
 a  c b  d (mod m)

• Multiplication also works:

a b and c d  ac bd (mod m), for integers b, c

7
 Modular Arithmetic
• Modular arithmetic is like ordinary arithmetic. It is:
– commutative (for addition and multiplication)
a+b=b+a
– associative
(a + b) + c = a + (b + c)
and
– distributive
a(b + c) = (ab) + (ac)
and
(b + c)a = (ba) + (ca)

8
 Modular Arithmetic
• A very important property of modular arithmetic is:
– Reducing each intermediate result modulo m yields the same
result as doing the entire calculation, and then reducing the result
to modulo m:
(a  b) mod m ((a mod m)  (b mod m)) mod m
(a  b) mod m ((a mod m)  (b mod m)) mod m
(a b) mod m ((a mod m) (b mod m)) mod m
(a (b  c)) mod m ((( a b) mod m)  ((a c) mod m)) mod m

– This means that we can do modular arithmetic without worrying

about whether we will exceed some large arithmetic bound -- so
such calculations can be done on computers, even for large integer
values.
9
 Modular Arithmetic
• Here are the possible values of (a + b) mod 8:

and (a·b) mod 8:

Try a Java applet which demonst

rates modular arithmetic

10
Modular Arithmetic: Exponentiation
• Recall that exponentiation is defined:
a 0 e, the identity element
a n a  a    a (i.e.  applied n-1 times)
a -n (a' ) n , where a' is the inverse of a
– In ordinary arithmetic, exponentiation rapidly produces very large
numbers
– However, because of the important property of modular arithmetic
that intermediate results can be computed mod m, then is is possible
in mod m arithmetic to do powerful exponentiation without
producing very large numbers
– Remember, in cryptography, we'll be dealing with very large values
of m, so this is important.
11
Modular Arithmetic: Exponentiation
• For example, instead of performing the calculation:
a n mod m (a  a  a  a    a )
we can instead perform fewer multiplications and use
intermediate modular reductions.
– Let's take a specific case of a8 mod n. We can calculate it:
a 8 mod m ((a 2 mod m) 2 mod m) 2 mod m
– Similarly:
a16 mod m (((a 2 mod m) 2 mod m) 2 mod m) 2 mod m
a 25 mod m (((((((a 2 mod m)  a ) mod m) 2 mod m) 2 mod m) 2 mod m)  a ) mod m

12
 Modular Arithmetic: Division
• So far, for mod m arithmetic, we have addition, subtraction (defined
through an additive inverse), and multiplication.
• What about division?
– Division is defined through a multiplicative inverse.
– In regular arithmetic:
• The multiplicative inverse of 5 is 1/5, because 5·1/5 = 1
– In modular arithmetic, things are not so easy:
Find x, where 5 x 1 (mod 7)
which is equivalent to finding an x and a k (both integers) such that:
5x = 7k + 1
– The general problem is to find x such that:
1 (a x) mod m
or :
a  1  x (mod m)
13
 Modular Arithmetic: Multiplicative Inverse
• Sometimes the modular multiplicative The mod 14 multiplication table.
inverse has a solution, and sometimes it
doesn't:
– The inverse of 5, mod 14, is 3
5*3 mod 14 = 1
– The inverse of 2, mod 14, doesn't exist.
• Look at the row for 2, at right;
• It does not contain a value 1

• It turns out that a  1  x (mod m) has a

solution iff a and n are relatively prime.
– For example, look at the rows to the right.
– The only rows that contain a 1 are for
values that are relatively prime to 14:
1, 3, 5, 9, 11, 13

14
 Modular Arithmetic: Multiplicative Inverse
• One way of finding the inverse of a modulo m is to extend Euclid's
greatest common divisor algorithm:
– The Extended Euclidean Algorithm:
• While computing gcd(a, m), we can also find two integers u and v such that:
gcd(a, m) = ua + vm
• If a and m are relatively prime, then the gcd(a, m) = 1, and:
1 = ua + vm = ua (mod m) (performing a reduction mod m)
and then, multiplying both sides by a-1:
a-1 = ua·a-1 = u
• So, if gcd(a, m) = 1, then u is the multiplicative inverse of a mod m;
otherwise, there is no multiplicative inverse

15
 Finite, or Galois Fields
• A finite field (also known as a Galois* Field) is a field with a
finite number of elements. Finite fields are critical to the
success of many cryptographic algorithms.
– The finite fields are completely known:
• It can be shown that the order of a finite field (number of
elements in the field) must be a power of a prime, pn, where n is
a positive integer.
• For a given prime, p, the finite field of order p, GF(p) is defined as
the set Zp of integers {0, 1, ... , p - 1}, together with the arithmetic
operations modulo p.

*Evariste Galois (1811-1832), French mathematician

16
 Modular Arithmetic
• Here are the values for (a + b) mod 2:

and (a·b) mod 2:

Notice anything?

(a  b) mod 2  a XOR b
(a b) mod 2  a AND b

Try a Java applet which demonstrates modular arithmetic

17
 Modular Arithmetic
• Another useful feature of arithmetic mod 2 is:
– In the field Z2, ({0, 1}), there is only one inversion
possible:
1/1 = 1
so division is the same operation as multiplication!

• Not surprisingly, the field Z2 is an important tool to analyze

certain cryptographic algorithms by computer.

18
 Modular Arithmetic
• Cryptography uses modular arithmetic a great deal, because:
– Calculating discrete logarithms and square roots mod n can be hard
problems.
– It's easier to work with on computers, because it restricts the range
of all intermediate values and results
• For a k-bit modulus, n, the intermediate results of any addition,
subtraction, or multiplication will not exceed 2k bits in length.
• We can perform modular exponentiation without generating huge
intermediate results
• Arithmetic operations, mod 2, are natural for computers, because
of the equivalence of addition with XOR, and multiplication with
AND, etc.

19
 Zn*
• Z is the set of all integers
• We've seen that Zn is the set of integers mod n
– Z10 = {0,1,2,3,4,5,6,7,8,9}

• Zn* is defined as the set of mod n integers that are

relatively prime to n
– Z10* = {1,3,7,9} (0 is missing because gcd(0, 10) = 10)

20
 Zn*
• The multiplication table for Z10* provides some surprises:
• Notice anything? 1 3 7 9
1 1 3 7 9
3 3 9 1 7
7 7 1 9 3
9 9 7 3 1

• Every element in Z10* is present in the table, and no

other elements other than those are present.
Furthermore, every element in Z10* is present in every
row of the table.
What does this mean for Z10*?
• It turns out that this is true for all n:
Zn* is closed under multiplication mod n
21
 Fermat's Little Theorem
• *Fermat's Little Theorem states:
– If p is prime and a is a positive integer not divisible by p, then:

a p  1 1 mod p
– If we multiply both sides by a, we can come up with an alternative
form:
a p  1 a a p a mod p

*Pierre de Fermat (1601 - 1665), French mathematician most famous

for Fermat's Last Theorem, which was considered one of mathematics'
most difficult theorems, and has only recently been finally proven. His
Little Theorem has nothing to do with his Last Theorem.
22
 Euler's Totient Function
• An important quantity in number theory is *Euler's Totient
Function:
– The number of positive integers less than n, that are relatively
prime to n.
• It is written φ(n) :
φ(1) 1
φ( p )  p  1 (for p prime)
φ( m)  m  1 (for m composite)
• In other words, Euler's Totient Function φ(n) is the number of
elements in Zn*

*Leonhard Euler (1707 - 1783), Swiss mathematician

23
 Euler's Totient Function
• Assume we have two distinct prime numbers, p and q, and an
integer n = pq
– Then:
φ(n) φ( pq) φ( p ) φ(q ) ( p  1) (q  1)
– The set of residues in Zn i s{0,1,...,(pq - 1)}
– The residues that are not relatively prime to n are:
• The set {p, 2p, ... ,(q - 1)p}, the set {q, 2q, ... ,(p - 1)q}, and 0
– So:
φ(n)  pq  [(q  1)  ( p  1)  1]
 pq  ( p  q )  1
( p  1) (q  1)
φ( p ) φ(q )

24
 Euler's Totient Function
• Here is what the Euler Totient Function values look like for
small values of n. (The dotted red line is the line f(n) = n - 1)
Euler T otient Function

35

30

25
Totient(n)

20

15

10

0
1

11

13

15

17

19

21

23

25

27

29
n

25
 Summary
• Whew! That's all the math we're going to do for now!

• We'll relate this to the cryptographic algorithms we're going

to study in the near future.

26