UNIT – II

Unit 2 Mathematics of Cryptography

A Euclidean, Extended Euclidean
Algorithm, Euler’s Totient Function, CO3
Ferment little Theorem, Euler’s Theorem
B Primality Testing-Miller Rabin test, CO3,
Chinese Remainder Theorem
CO4
C Exponential- square and multiply CO3,
method, Discrete Logarithm
CO4

Faculty Name : Dr. Amrita 1

 Integer Division
In integer arithmetic, if we divide a by n, we can get q
and r . The relationship between these four integers can
be shown as

a=q×n+r

Faculty Name : Dr. Amrita 2

Division algorithm for integers

Faculty Name : Dr. Amrita 3

 Modulo Operator
The modulo operator is shown as mod. The second
input (n) is called the modulus. The output r is called
the residue.

Figure Division algorithm and modulo operator

Faculty Name : Dr. Amrita 4

 MODULAR ARITHMETIC
Given any integer ‘a’ and a positive integer ‘n’, and given a
division of ‘a’ by ‘n’ that leaves the remainder between 0
and n − 1, both inclusive, we define
a mod n
to be the remainder.
Note : the remainder must be between 0 and n−1, both ends
inclusive, even if that means that
we must use a negative quotient when dividing a by n.

Faculty Name : Dr. Amrita 5

 Example : MODULAR ARITHMETIC
If n is a negative number then you add as many multiples
of m as necessary to get an answer in the range 0 – m.

Examples
17 mod 5 = 2 7 mod 11 = 7
20 mod 3 = 2 11 mod 11 = 0
-3 mod 11 = 8 -1 mod 11 = 10
25 mod 5 = 0 -11 mod 11 = 0

Faculty Name : Dr. Amrita 6

 Set of Residues
The modulo operation creates a set, which in modular
arithmetic is referred to as the set of residues modulo n,
or Zn.
Zn is obviously the set of remainders in arithmetic
modulo n.

Figure Some Zn sets

Faculty Name : Dr. Amrita 7

 Operation in Zn
The three binary operations that we discussed for the
set Z can also be defined for the set Zn. The result may
need to be mapped to Zn using the mod operator.

Figure Binary operations in Zn

Faculty Name : Dr. Amrita 8
 Example
Perform the following operations (the inputs come from Zn):
a. Add 7 to 14 in Z15.
b. Subtract 11 from 7 in Z13.
c. Multiply 11 by 7 in Z20.

Solution

Faculty Name : Dr. Amrita 9

 Congruent Modulo
We will call two integers a and b to be congruent modulo n
if
(a mod n) = (b mod n)
Symbolically, we will express such a congruence by
a ≡ b (mod n)
Here are some congruences modulo 3:
7 ≡ 1 (mod3)
−8 ≡ 1 (mod3)
−2 ≡ 1 (mod3)
7 ≡ − 8 (mod3)
−2 ≡ 7 (mod3)

Faculty Name : Dr. Amrita 10

 Divisors
฀ A non-zero number ‘b’ divides ‘a’ if for some m
have a=mb (a,b,m all integers)
฀ i.e, ‘b’ divides into ‘a’ with no remainder
฀ Denoted as b|a and said as b is a divisor of a
฀ eg. all of 1,2,3,4,6,8,12,24 divide 24

฀ Facts about Divisors

Fact 1: The integer 1 has only one divisor, itself.
Fact 2: Any positive integer has at least two
divisors, 1 and itself (but it can have more).
Faculty Name : Dr. Amrita 11
 Properties of Modular Arithmetic
1. [(a mod n) + (b mod n)] mod n = (a + b) mod n

1. [(a mod n) - (b mod n)] mod n = (a - b) mod n

1. [(a mod n) x (b mod n)] mod n = (a x b) mod n

1. [((a x b) mod n) x ((a x c) mod n)] mod n

= a x (b + c) mod n

Faculty Name : Dr. Amrita 12

 Exponentiation
฀ Exponentiation is done by repeated multiplication, as in
ordinary arithmetic.

Faculty Name : Dr. Amrita 13

 Inverses

When we are working in modular arithmetic, we often

need to find the inverse of a number relative to an
operation. We are normally looking for an additive
inverse (relative to an addition operation) or a
multiplicative inverse (relative to a multiplication
operation).

Faculty Name : Dr. Amrita 14

 Additive Inverse
In Zn, two numbers a and b are additive inverses of
each other if

For each w ∈ Zn, there exists a z ∈ Zn such that

w + z = 0 mod n

In modular arithmetic, each integer has an

additive inverse. The sum of an integer and
its additive inverse is congruent to 0 modulo
n.
Faculty Name : Dr. Amrita 15
 Example
Find all additive inverse pairs in Z10.

Solution:

The six pairs of additive inverses are

(0, 0), (1, 9), (2, 8), (3, 7), (4, 6), and (5, 5).

Faculty Name : Dr. Amrita 16

 Multiplicative Inverse
In Zn, two numbers a and b are the multiplicative
inverse of each other if

In modular arithmetic, an integer may or

may not have a multiplicative inverse.
When it does, the product of the integer and
its multiplicative inverse is congruent to 1
modulo n.
Faculty Name : Dr. Amrita 17
 Multiplicative Inverse
• The multiplicative inverses exist for only those
elements of Zn that are relatively prime to n.

• Two integers are relatively prime to each other if

the integer 1 is their only common positive
divisor.

• More formally, two integers a and b are relatively

prime to each other if gcd(a, b) = 1 where gcd
denotes the Greatest Common Divisor.

⇒ gcd (a,n) = 1.
Faculty Name : Dr. Amrita 18
 Example
Find the multiplicative inverse of 8 in Z10.
Solution:
There is no multiplicative inverse because gcd (10, 8) =
2 ≠ 1. In other words, we cannot find any number
between 0 and 9 such that when multiplied by 8, the
result is congruent to 1.

Find all multiplicative inverses in Z10.

Solution:
There are only three pairs: (1, 1), (3, 7) and (9, 9). The
numbers 0, 2, 4, 5, 6, and 8 do not have a multiplicative
inverse.
Faculty Name : Dr. Amrita 19
 Example
Find all multiplicative inverse pairs in Z11.

Solution :

We have seven pairs:

(1, 1), (2, 6), (3, 4), (5, 9), (7, 8), (9, 9), and
(10, 10).

Faculty Name : Dr. Amrita 20

 GCD(Greatest Common Divisor)

• The gcd algorithm is given by Euclid (father of

geometry) and was born around 325 BC.

Greatest Common Divisor

The greatest common divisor of two positive
integers is the largest integer that can divide
both integers.

Faculty Name : Dr. Amrita 21

Common divisors of two integers

Faculty Name : Dr. Amrita 22

 Euclidean Algorithm
Fact 1: gcd (a, 0) = a
Fact 2: gcd (a, b) = gcd (b, r), where r is
the remainder of dividing a by b

Faculty Name : Dr. Amrita 23

Euclidean Algorithm

Faculty Name : Dr. Amrita 24

 Example : Euclid’s GCD Algorithm
Find the greatest common divisor of 2740 and 1760.
Solution :

We have gcd (2740, 1760) = 20.

Faculty Name : Dr. Amrita 25
 Example : Euclid’s GCD Algorithm
Find the greatest common divisor of 25 and 60.
Solution : gcd(25,60)

We have gcd (25, 65) = 5.

Faculty Name : Dr. Amrita 26
 Example : Euclid’s GCD Algorithm
Q. : Find GCD of 70 and 38 by using Euclidean
Algorithm. GCD(70,38)
Solution :
gcd( 70, 38 )
= gcd( 38, 70 mod 38 ) = gcd( 38, 32 )
= gcd( 32, 38 mod 32 ) = gcd( 32, 6 )
= gcd( 6, 32 mod 6 ) = gcd( 6, 2 )
= gcd( 2, 6 mod 2 ) = gcd( 2, 0 )
Therefore, gcd( 70, 38 ) = 2
Faculty Name : Dr. Amrita 27
 Example : Euclid’s GCD Algorithm
Q. : Find GCD of 40902 and 24140 by using
Euclidean Algorithm
Solution :
gcd( 40902, 24140 )
= gcd( 24140, 16762 )
= gcd( 16762, 7378 )
= gcd( 7378, 2006 )
= gcd( 2006, 1360 )
= gcd( 1360, 646 )
= gcd( 646, 68 ) = gcd( 68, 34 )
= gcd( 34, 0 )
Therefore, gcd( 40902, 24140 ) = 34
Faculty Name : Dr. Amrita 28
 Euclidean Algorithm
If

gcd (a, b) = 1,

Then,

a and b are relatively prime.

Faculty Name : Dr. Amrita 29

 Example : relatively prime pair of integers
Q. : Find GCD of 70 and 38 by using Euclidean Algorithm

Solution : gcd( 8, 17 ):
= gcd( 17, 8 )
= gcd( 8, 17 mod 8 ) = gcd( 8, 1 )
= gcd( 1, 8 mod 1 ) = gcd( 1, 0 )
Therefore, gcd( 8, 17 ) = 1
When the smaller of the two numbers is 1 (which
happens when the two starting numbers are relatively
prime), there is no need to go to the last step in which
the smaller of the two numbers is 0.
Faculty Name : Dr. Amrita 30
 Extended Euclidean Algorithm
Given two integers a and b, we often need to find
other two integers, s and t, such that

The extended Euclidean algorithm can calculate

the gcd (a, b) and at the same time calculate
the value of s and t.

Faculty Name : Dr. Amrita 31

 Extended Euclidean algorithm
r1 = a; r2 = b; s1=1;s2 =0; t1 =0;t2 =1;(Initialization)

while (r2 > 0 ) {

q = r 1 / r2 ;
r = r 1 – q x r2 ; (Updating r’s)
r1 = r2 ; r2 = r;
s = s 1 – q x s2 ; (Updating s’s)
s1 = s 2 ; s2 = s;
t = t1 – q x t2 ; (Updating t’s)
t1 = t 2 ; t2 = t; }
gcd (a,b) = r1; s = s1; t = t1;
Faculty Name : Dr. Amrita 32
 Extended Euclidean algorithm: Process
q = r1 / r2 r = r1 – q x r2 ; s = s1 – q x s2 t = t1 – q x t2

Faculty Name : Dr. Amrita 33

 Example
Given a = 161 and b = 28, find gcd (a, b) and the values of s
and t.
Solution

We get gcd (161, 28) = 7, s = −1 and t = 6.

Faculty Name : Dr. Amrita 34
 Example
Given a = 17 and b = 0, find gcd (a, b) and the
values of s and t.
Solution

We get gcd (17, 0) = 17, s = 1, and t = 0.

Faculty Name : Dr. Amrita 35

 Example
Given a = 0 and b = 45, find gcd (a, b) and the values of s and
t.
Solution

We get gcd (0, 45) = 45, s = 0, and t = 1.

Faculty Name : Dr. Amrita 36
 What can we do with the egcd?
● Given two numbers a,b, the extended euclidean algorithm
finds their gcd g and two numbers s and t such that as + bt
= g.
● In particular, if a and b have no common factors (aside
from 1) (i.e. they are “relatively prime”), we can find two
numbers s,t such that as + bt = 1
● For modular division, if p is prime, given a, we can find s
and t such that as + tp = 1. s is then the “multiplicative
inverse” of a (suitably reduced, if necesary).

Faculty Name : Dr. Amrita 37

Extended Euclidean algorithm finds the
multiplicative inverses
The extended Euclidean algorithm finds
the multiplicative inverses of b in Zn when n
and b are given and

gcd (n, b) = 1.

The multiplicative inverse of b is the

value of t after being mapped to Zn.
Faculty Name : Dr. Amrita 38
 Extended Euclidean algorithm to find
multiplicative inverse
r1 = n; r2 = b; t1 =0;t2 =1; (Initialization)
while (r2 > 0 )
{
q = r 1 / r2 ;
r = r 1 – q x r2 ; (Updating r’s)
r1 = r2 ; r2 = r;

t = t1 – q x t2 ; (Updating t’s)
t1 = t 2 ; t2 = t;
}
If ( r1 = 1 ) then b-1 = t1;
Faculty Name : Dr. Amrita 39
Extended Euclidean Process to find
multiplicative inverse
q = r1 / r2 r = r1 – q x r 2 ; t = t1 – q x t2

Faculty Name : Dr. Amrita 40

 Example
Find the multiplicative inverse of 11 in Z26.
Solution

The gcd (26, 11) is 1; the inverse of 11 is −7 or 19.

Faculty Name : Dr. Amrita 41

 Example
Find the multiplicative inverse of 23 in Z100.
Solution

gcd (100, 23) =1; the inverse of 23 is −13 or 87.

Faculty Name : Dr. Amrita 42
 Example
Find the multiplicative inverse of 12 in Z26.
Solution

The gcd (26, 12) = 2; the inverse does not exist.

Faculty Name : Dr. Amrita 43
Addition and Multiplication
Tables

Faculty Name : Dr. Amrita 44

additive inverses multiplicative inverses
Some Zn and Zn* sets

We need to use Zn when additive inverses

are needed; we need to use Zn* when
multiplicative inverses are needed.
Faculty Name : Dr. Amrita 45
 Two More Sets

Cryptography often uses two more sets: Zp and

Zp*. The modulus in these two sets is a prime
number.

Faculty Name : Dr. Amrita 46

Euler’s Phi-Function / Euler’s totient function
฀ Euler’s phi-function, φ(n), which is sometimes
called the Euler’s totient function plays a very
important role in cryptography.
฀ Euler’s Totient function φ(n) for an input n is the
count of numbers in {1, 2, 3, …, n-1} that are
relatively prime to n, i.e., the numbers whose GCD
(Greatest Common Divisor) with n is 1.

Faculty Name : Dr. Amrita 47

 Euler’s Phi-Function

1. ϕ(1)=1
2. ϕ(p)=p−1 if p is prime
3. ϕ(n)=ϕ(pq)= ϕ(p)ϕ(q)=(p−1)(q−1) if p and
q are relatively prime and n=pq.
4. ϕ(pa)= pa − pa-1 if p is a prime and a is a
positive integer

Faculty Name : Dr. Amrita 48

We can combine the above four rules to find the value
of φ(n). For example, if n can be prime factored as
n = p1e × p2e2 × … × pke
1 k

then we combine the third and the fourth rule to find

The difficulty of finding φ(n) depends on the

difficulty of finding the factorization of n.

Faculty Name : Dr. Amrita 49

Q1. What is the value of φ(13)? Example
Q2. What is the value of φ(10)?
Q3. What is the value of φ(21)?
Q4. What is the number of elements in Z14*?

Solution 1: Because 13 is a prime, φ(13) = (13 −1) = 12.

Solution 2: We can use the third rule: φ(10) = φ(2x5) = φ(2)
× φ(5) = (2 - 1) * (5 - 1) = 1 × 4 = 4, because 2 and 5 are
relative primes.
Solution 3: We can use the third rule: φ(21) = φ(3x7)= φ(3) ×
φ(7) = (3 - 1) * (7 - 1) = 2 * 6 = 12, because 3 and 7 are
relative primes.
Solution 4: The answer is φ(14) = φ(7) × φ(2) = 6 × 1 = 6.
The members are 1, 3, 5, 9, 11, and 13.
Faculty Name : Dr. Amrita 50
Example

Q1. What is the value of φ(240)?

Q2. Can we say that φ(49) = φ(7) × φ(7) = 6 × 6 =
36?
Solution 1:
We can write 240 = 24 × 31 × 51. Then

φ(240) = (24 −23) × (31 − 30) × (51 − 50) = 64

Solution 2:
No. The third rule applies when m and n are relatively prime.
Here 49 = 72. We need to use the fourth rule: φ(49) = 72 − 71
= 42.
Faculty Name : Dr. Amrita 51
Three groups of positive integers

A prime is divisible only by itself and 1.

Faculty Name : Dr. Amrita 52

 Prime Numbers
●prime numbers only have divisors of 1 and self
– they cannot be written as a product of other numbers
– note: 1 is prime, but is generally not of interest
●eg. 2,3,5,7 are prime, 4,6,8,9,10 are not
●prime numbers are central to number theory
●list of prime number less than 200 is:
2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59
61 67 71 73 79 83 89 97 101 103 107 109 113
127 131 137 139 149 151 157 163 167 173 179
181 191 193 197 199

Faculty Name : Dr. Amrita 53

 Fermat’s Little Theorem
First Version : if p is prime and a is an integer such that p
does not divide a, then

ap − 1 ≡ 1 mod p
Second Version : This version removes the condition on
a. If p is prime and a is an integer, then

ap ≡ a mod p

Faculty Name : Dr. Amrita 54

Example
Find the result of 610 mod 11.
Solution
We have 610 mod 11 = 1. This is the first version of
Fermat’s little theorem where p = 11.
Example
Find the result of 312 mod 11.
Solution
Here the exponent (12) and the modulus (11) are not
the same. With substitution this can be solved using
Fermat’s little theorem.

Faculty Name : Dr. Amrita 9.55

 Fermat’s Little Theorem: Example
Find the least non-negative residue x in the following congruence 352
≡ x (mod 11).

Faculty Name : Dr. Amrita 56

 Fermat’s Little Theorem: Example
Find the least non-negative residue x in the following congruence
5101 ≡ x (mod 31).

Faculty Name : Dr. Amrita 57

 Multiplicative Inverse by Fermat’s Little Theorem

Let p be prime and n be a non-zero residue modulo p.

then np-2 is the multiplicative inverse of n modulo p.

In our case we examine nx ≡ 1 (mod p) and need to show

that x ≡ np-2 (mod p).

Faculty Name : Dr. Amrita 58

 Multiplicative Inverses

a−1 mod p = a p − 2 mod p

Example

The answers to multiplicative inverses modulo a prime can be

found without using the extended Euclidean algorithm:

Faculty Name : Dr. Amrita 59

 Euler’s Theorem
First Version : If a and n are coprime, then

aφ(n) ≡ 1 (mod n)
Second Version : It removes the condition that
a and n are coprime. If n=p*q, a < n, and k is
an integer, then
a k × φ(n) + 1 ≡ a (mod n)
The second version of Euler’s theorem is used in the
RSA cryptosystem
Faculty Name : Dr. Amrita 60
Example
Find the result of 624 mod 35.
Solution φ(35)= φ(7 X 5) = φ(7) X φ(5) =6 X 4=24
We have 624 mod 35 = 6φ(35) mod 35 = 1.

Example
Find the result of 2062 mod 77.
Solution : φ(77)= φ(11 X 7) = φ(7) X φ(11) =6 X 10=60
If we let k = 1 on the second version, we have
2062 mod 77
= (20 mod 77) (20φ(77) + 1 mod 77) mod 77
= (20)(20) mod 77 = 15.
Faculty Name : Dr. Amrita 61
 Multiplicative Inverses
Euler’s theorem can be used to find multiplicative
inverses modulo a composite.
(First Version)

a−1 mod n = aφ(n)−1 mod n

Faculty Name : Dr. Amrita 9.62

Example

The answers to multiplicative inverses modulo a composite

can be found without using the extended Euclidean algorithm
if we know the factorization of the composite:

Faculty Name : Dr. Amrita 63