Lecture 02: Modular Arithmetic

Cunsheng Ding

HKUST, Hong Kong

August 30, 2024

Contents

The Floor and Ceiling Function

Greatest Common Divisor

Euclidean Algorithm

Modulo-n Arithmetic

The multiplicative inverse modulo n

The Floor and Ceiling Function

Definition 1
The floor function ⌊x ⌋: The largest integer ≤ x.

Example 2
⌊3.99⌋ = 3. ⌊5/2⌋ = 2. ⌊3⌋ = 3.

Definition 3
The ceiling function ⌈x ⌉: The smallest integer ≥ x.

Example 4
⌈3.99⌉ = 4. ⌈5/2⌉ = 3. ⌈3⌉ = 3.
Quotient and Remainder
Theorem 5 (Division Algorithm)
Let b 6= 0 be an integer and let a be any integer. Then there are two
unique integers q and 0 ≤ r < |b| such that a = qb + r .

Constructive proof.
Define εb = 1 if b > 0 and εb = −1 if b < 0. Let q1 = ⌊a/|b|⌋ and
r = a − q1 |b| = a − q1 εb b = a − qb, where q = εb q1 . By the definition
of the floor function,
a a
≥ q1 > − 1.
|b| |b|
Hence, 0 ≤ r < |b|. The proof of the uniqueness of q and r with
0 ≤ r < |b| is left as an exercise.

Definition 6
The q and r in the proof above are the quotient and remainder when
a is divided by b. We write r = a mod b.
If a mod b = 0, b is called a divisor or factor of a. In this case, we
say that a is divisible by b or b divides a.
Quotient and Remainder

Example 7
73 mod 7 = 3 and −11 mod 7 = 3.

Definition 8
A prime is a positive integer n > 1 with only two positive divisors 1 and
n.

Definition 9
A common divisor of two integers a and b is a divisor of both a and b.

Example 10
60 and 24 have the positive common divisors 1, 2, 3, 4, 6, 12.
The Greatest Common Divisor

Definition 11
The greatest common divisor (GCD) of two integers a and b,
denoted by gcd(a, b), is the largest among all the common divisors of
a and b. .

Example 12
gcd(60, 24) = 12, as all the positive common divisors of 60 and 24 are
1, 2, 3, 4, 6, 12.

Proposition 13
gcd(b, a) = gcd(−b, a) = gcd(b, −a) = gcd(−b, −a) = gcd(a, b).
Because of this proposition, we will consider only the case that a ≥ 0
and b ≥ 0 in the sequel.
The Greatest Common Divisor

Proposition 14
Let a and b be two integers such that (a, b) 6= (0, 0). Then gcd(b, a)
must exist.

Proof.
The total number of positive common divisors of a and b is at most
max{|a|, |b|}.

Question 1
Is there any efficient algorithm for computing gcd(a, b) for any two
positive integers a and b?

Answer
Yes, the Euclidean algorithm.
Computing gcd(a, b) Recursively

Lemma 15
Let b 6= 0. Then gcd(a, b) = gcd(b, a mod b).

Proof.
Note that a = qb + r , where r = a mod b is the remainder.
By this equation, any common divisor of a and b must be a common
divisor of b and r . Conversely, any any common divisor of b and r
must be a common divisor of a and b. Hence a and b have the same
set of common divisors as b and r . Hence, the two sets of integers
have the same GCD.

Remark
A recursive application of this lemma gives an efficient algorithm for
computing the gcd(a, b), which is called the Euclidean algorithm.
Euclidean Algorithm

Example: Find gcd(66, 35).

Algorithm: It works as follows and stops when the remainder
becomes 0:

66 = 1 × 35 + 31 gcd(35, 31)
35 = 1 × 31 + 4 gcd(31, 4)
31 = 7×4+3 gcd(4, 3)
4 = 1×3+1 gcd(3, 1)
3 = 3×1+0 gcd(1, 0)

Hence by the lemma in the previous page

gcd(66, 35) = gcd(35, 31) = gcd(31, 4) = gcd(4, 3)

= gcd(3, 1) = gcd(1, 0) = 1.
Euclidean Algorithm

Pseudo code
1. x ← a; y ← b
2. If y = 0 return gcd(a, b) = x
3. r ← x mod y.
4. x ← y
5. y ← r
6. goto step 2

Remarks
◮ No need to read and explain this code. The example in the
previous slide is clear enough.
◮ The time complexity is O (log |b| × [log |b| + log |a|]2 )
Modulo-n Arithmetic

Definition 16
Let n > 1 be an integer. We define

x ⊕n y = (x + y ) mod n, [12 ⊕5 7 = (12 + 7) mod 5 = 4]

x ⊖n y = (x − y ) mod n, [12 ⊖5 7 = (12 − 7) mod 5 = 0]
x ⊗n y = (x × y ) mod n, [12 ⊗5 7 = (12 × 7) mod 5 = 4]

where +, − and × are the integer operations. The operations ⊕n , ⊖n

and ⊗n are called the modulo-n addition, modulo-n subtraction, and
modulo-n multiplication. The integer n is called the modulus.
Properties of Modulo-n Operations

Proposition 17
Let n > 1 be the modulus, Zn = {0, 1, · · · , (n − 1)}.
◮ Commutative laws:

x ⊕n y = y ⊕n x , x ⊗n y = y ⊗n x .

◮ Associative laws:

(x ⊕n y ) ⊕n z = x ⊕n (y ⊕n z )
(x ⊗n y ) ⊗n z = x ⊗n (y ⊗n z ).

◮ Distribution law:

z ⊗n (x ⊕n y ) = (z ⊗n x ) ⊕n (z ⊗n y ).
Properties of Modulo-n Operations

Proof of Proposition 17 (for reading off-line only)

◮ Commutative laws: x ⊕n y = y ⊕n x , x ⊗n y = y ⊗n x .
Proof: By definition and the commutative lows of integer addition
and multiplication.
◮ Associative laws:

(x ⊕n y ) ⊕n z = x ⊕n (y ⊕n z )
(x ⊗n y ) ⊗n z = x ⊗n (y ⊗n z ).

Proof: By definition and the associative lows of integer addition

and multiplication.
◮ Distribution law: z ⊗n (x ⊕n y ) = (z ⊗n x ) ⊕n (z ⊗n y ).
Proof: By definition and the distribution low of integer addition
and multiplication.
The Multiplicative Inverse
Definition 18
Let x ∈ Zn = {0, 1, · · · , n − 1}. If there is an integer y ∈ Zn such that

x ⊗n y =: (x × y ) mod n = 1.

The integer y is called a multiplicative inverse of x, usually denoted

x −1 (it is unique if it exists).

Example 19
Let n = 15. Then 2 has the multiplicative inverse 8. But 3 does not
have one.

Question 2
◮ Which elements of Zn have a multiplicative inverse?
◮ If x has a multiplicative inverse, is it unique?
◮ If x has a multiplicative inverse, is there any efficient algorithm for
computing the inverse?
gcd(a, b) as a Linear Combination of a and b

Lemma 20
There are two integers u and v such that gcd(a, b) = ua + vb.

Proof.
Set a0 = a and a1 = b. By the EA, we have

a0 = q1 × a1 + a2
a1 = q2 × a2 + a3
..
.
at −2 = qt −1 × at −1 + at
at −1 = qt × at + 0

where ai 6= 0 for i ≤ t. Hence gcd(a, b) = at . Reversing back, we can

express at as a linear combination of a0 and a1 .
gcd(a, b) as a Linear Combination of a and b

Example 21
Find integers u and v such that gcd(66, 35) = u66 + v35.

Solution 22
The extended Euclidean algorithm works as follows:

66 = 1 × 35 + 31 1 = −9 × 66 + 17 × 35
35 = 1 × 31 + 4 1 = 8 × 35 − 9 × 31
31 = 7×4+3 1 = −1 × 31 + 8 × 4
4 = 1×3+1 1 = 4−1×3
3 = 3×1+0

Hence u = −9 and v = 17.

The Multiplicative Inverse

Proposition 23
If a ∈ Zn has a multiplicative inverse, then it is unique.

Proof.
Let b ∈ Zn and c ∈ Zn be two multiplicative inverses of a. Then
a ⊗n b = 1 and a ⊗n c = 1. By definition

a ⊗n b ⊗n c = (a ⊗n b) ⊗n c = 1 ⊗n c = c .

On the other hand, by the associativity and commutativity,

a ⊗n b ⊗n c = b ⊗n (a ⊗n c ) = b ⊗n 1 = b.

Hence b = c.
The Multiplicative Inverse

Theorem 24
Let n > 1 be an integer. Then any a ∈ Zn has the multiplicative inverse
modulo n if and only if gcd(a, n) = 1.

Proof.
Suppose that gcd(a, n) = e 6= 1. Then n = en1 for some 0 < n1 < n,
and a = ea1 . Then n1 ⊗n a = 0. If there were an element b ∈ Zn such
that a ⊗n b = 1, then we would have

n1 ⊗n (a ⊗n b) = n1 ⊗ 1 = n1 mod n = n1

n1 ⊗n (a ⊗n b) = (n1 ⊗n a) ⊗n b = 0.

Hence, n1 = 0, a contradiction.
If gcd(a, n) = 1, by Lemma 20, there are two integers u and v such
that 1 = ua + vn. Hence au mod n = 1. Define a′ = u mod n. Then
aa′ mod n = 1.
Computing the Multiplicative Inverse

The algorithm
Let a ∈ Zn with gcd(a, n) = 1. Apply the Extended Euclidean
Algorithm to a and n to compute the two integers u and v such that
1 = ua + vn. Then u mod n is the inverse of a modulo n.

Example 25
Compute the inverse 35−1 mod 66.

Solution 26
In Solution 22, we got

1 = −9 × 66 + 17 × 35.

Hence, 35−1 mod 66 = (17) mod 66 = 17.

Finite Fields Zp (denoted also by GF(p))

Theorem 27
Let p be a prime. Then every nonzero element in Zp has the
multiplicative inverse modulo p.

Definition 28
Let p be a prime. Then the triple (Zp , ⊕p , ⊗p ) is called a finite field
with p elements.

+ 0 1 2 x 0 1 2
0 0 1 2 0 0 0 0
1 1 2 0 1 0 1 2
2 2 0 1 2 0 2 1

Finite field Z 3

Remarks: Where + stands for ⊕3 , and × for ⊗3 .