Computer Security

Modular Arithmetic

May 15, 2025 1

 Modular Arithmetic

• Modular Arithmetic is one of the main tools provided by number

theory
– The quotient of n divided by m is n / m  , where m and n are positive integers
– The remainder of this division is called 'n mod m'
– So, the following holds:
n m  n / m   n mod m

where the first term is the quotient and the second the remainder.

2
 Modular Arithmetic

Another way of putting this is:

– Given any positive integer n and any integer m, if we divide m by n, we get an
integer quotient, q, and integer remainder, r, that obey the following relationship:

m qn  r (0 r  n; q  m / n  )
– The remainder, r, is often referred to as a residue of m modulo n, and is the
smallest non-negative integer that differs from m by a multiple of n.
For example,

3
 Modular Arithmetic
• Two integers, a and b are said to be congruent (denoted by) if:
that is, "a is congruent to b modulo m“


• Alternatively, in arithmetic modulo m, a and b are equivalent if their

difference, (a - b), is a multiple of m; that is, m | (a - b)

• The set of integers Zm = {0,1, ... m - 1} form the complete set of residues
modulo m -- there are only m different integers, mod m

• The operation a mod m denotes the residue of a, such that the residue is some
integer from 0 to m - 1. This operation is known as a modular reduction.
– Example:
10 2 (mod 4) because 4 | (10  2) 4
 Modular Arithmetic

• Congruence is an equivalence relation that is, it satisfies:

1) The reflexive law : a a
2) The symmetric law : a b  b a
3) The transitive law : a b c  a c

• Finding the smallest non-negative integer to which k is congruent modulo

n is called reducing k modulo n

5
 Modular Arithmetic

• We can also add and subtract congruent elements without losing

congruence:
a b and c d  a  c b  d (mod m)
 a  c b  d (mod m)

• Multiplication also works:

a b and c d  ac bd (mod m), for integers b, c

6
 Modular Arithmetic

• Modular arithmetic is like ordinary arithmetic. It is:

– commutative (for addition and multiplication)
a+b=b+a
– associative
(a + b) + c = a + (b + c)
and
– distributive
a(b + c) = (ab) + (ac)
and
(b + c)a = (ba) + (ca)

7
 Modular Arithmetic

A very important property of modular arithmetic is:

– Reducing each intermediate result modulo m yields the same result as doing
the entire calculation, and then reducing the result to modulo m:

(a  b) mod m ((a mod m)  (b mod m)) mod m

(a  b) mod m ((a mod m)  (b mod m)) mod m
(a b) mod m ((a mod m) (b mod m)) mod m
(a (b  c)) mod m ((( a b) mod m)  ((a c) mod m)) mod m

This means that we can do modular arithmetic without worrying about whether
we will exceed some large arithmetic bound -- so such calculations can be
done on computers, even for large integer values.
8
 Modular Arithmetic

• Here are the possible values of (a + b) mod 8:

and (a·b) mod 8:

Try a Java applet which demonst

rates modular arithmetic

9
 Modular Arithmetic:
Exponentiation
• Recall that exponentiation is defined:

a 0 e, the identity element

a n a  a    a (i.e.  applied n-1 times)
a -n (a' ) n , where a' is the inverse of a

– In ordinary arithmetic, exponentiation rapidly produces very large numbers

– However, because of the important property of modular arithmetic that

intermediate results can be computed mod m, then is possible in mod m
arithmetic to do powerful exponentiation without producing very large numbers

– Remember, in cryptography, we'll be dealing with very large values of m, so

10
this is important.
 Modular Arithmetic:
Exponentiation
• For example, instead of performing the calculation:
a n mod m (a  a  a  a    a )
we can instead perform fewer multiplications and use intermediate
modular reductions.
– Let's take a specific case of a8 mod n. We can calculate it:
a 8 mod m ((a 2 mod m) 2 mod m) 2 mod m
– Similarly:
a16 mod m (((a 2 mod m) 2 mod m) 2 mod m) 2 mod m
a 25 mod m (((((((a 2 mod m)  a ) mod m) 2 mod m) 2 mod m) 2 mod m)  a ) mod m

11
 Modular Arithmetic: Division

• So far, for mod m arithmetic, we have addition, subtraction (defined through an

additive inverse), and multiplication.
• What about division?
– Division is defined through a multiplicative inverse.
– In regular arithmetic:

• The multiplicative inverse of 5 is 1/5, because 5·1/5 = 1

Find x, where 5 x 1 (mod 7)

– In modular arithmetic, things are not so easy: 1 (a x) mod m

or :
a  1  x (mod m)
which is equivalent to finding an x and a k (both integers) such that:
5x = 7k + 1 12
– The general problem is to find x such that:
Modular Arithmetic: Multiplicative Inverse

• Sometimes the modular multiplicative

inverse has a solution, and sometimes it The mod 14 multiplication table.
doesn't:
– The inverse of 5, mod 14, is 3
5*3 mod 14 = 1
– The inverse of 2, mod 14, doesn't exist.
• Look at the row for 2, at right;
• It does not contain a value 1

• It turns out that has a solution iff a and

n are relatively prime.
a  1  x (mod m)
– For example, look at the rows to the right.
– The only rows that contain a 1 are for
values that are relatively prime to 14:
1, 3, 5, 9, 11, 13

13
Modular Arithmetic: Multiplicative Inverse

• One way of finding the inverse of a modulo m is to extend Euclid's

greatest common divisor algorithm:
– The Extended Euclidean Algorithm:
• While computing gcd(a, m), we can also find two integers u and v such that:
gcd(a, m) = ua + vm
• If a and m are relatively prime, then the gcd(a, m) = 1, and:
1 = ua + vm = ua (mod m) (performing a reduction mod m)
and then, multiplying both sides by a-1:
a-1 = ua·a-1 = u
• So, if gcd(a, m) = 1, then u is the multiplicative inverse of a mod m;
otherwise, there is no multiplicative inverse

14
 Finite, or Galois Fields

• A finite field (also known as a Galois* Field) is a field with a

finite number of elements. Finite fields are critical to the
success of many cryptographic algorithms.
– The finite fields are completely known:
• It can be shown that the order of a finite field (number of
elements in the field) must be a power of a prime, pn, where n is
a positive integer.
• For a given prime, p, the finite field of order p, GF(p) is defined as
the set Zp of integers {0, 1, ... , p - 1}, together with the arithmetic
operations modulo p.

*Evariste Galois (1811-1832), French mathematician

15
 Modular Arithmetic

• Here are the values for (a + b) mod 2:

and (a·b) mod 2:

Notice anything?

(a  b) mod 2  a XOR b
(a b) mod 2  a AND b

Try a Java applet which demonstrates modular arithmetic 16

 Modular Arithmetic

• Another useful feature of arithmetic mod 2 is:

– In the field Z2, ({0, 1}), there is only one inversion possible:
1/1 = 1
so division is the same operation as multiplication!

• Not surprisingly, the field Z2 is an important tool to analyze certain

cryptographic algorithms by computer.

17
 Modular Arithmetic

• Cryptography uses modular arithmetic a great deal, because:

– Calculating discrete logarithms and square roots mod n can be hard problems.
– It's easier to work with on computers, because it restricts the range of all
intermediate values and results
• For a k-bit modulus, n, the intermediate results of any addition, subtraction, or
multiplication will not exceed 2k bits in length.
• We can perform modular exponentiation without generating huge intermediate
results
• Arithmetic operations, mod 2, are natural for computers, because of the
equivalence of addition with XOR, and multiplication with AND, etc.

18
 Zn*

• Z is the set of all integers

• We've seen that Zn is the set of integers mod n
– Z10 = {0,1,2,3,4,5,6,7,8,9}

• Zn* is defined as the set of mod n integers that are relatively

prime to n
– Z10* = {1,3,7,9} (0 is missing because gcd(0, 10) = 10)

19
 Zn*

• The multiplication table for Z10* provides some surprises:

• Notice anything? 1 3 7 9
1 1 3 7 9
3 3 9 1 7
7 7 1 9 3
9 9 7 3 1

• Every element in Z10* is present in the table, and no

other elements other than those are present.
Furthermore, every element in Z10* is present in every
row of the table.
What does this mean for Z10*?
• It turns out that this is true for all n:
Zn* is closed under multiplication mod n
20
PRIME NUMBERS
PRIME FACTORIZATION
RELATIVELY PRIME NUMBERS
GREATEST COMMON DIVISOR (GCD)
 Fermat's Little Theorem

This theorem also plays an important role in the derivation of the famous RSA algorithm for
public-key cryptography .

Another application of this theorem will be in the speedup of the modular exponentiation
algorithm .

Fermat's Little Theorem states:

If p is prime and a is a positive integer not divisible by p, then:
a p  1 1 mod p
multiplying both sides by a, we can come up with an alternative form:
a p  1 a a p a mod p
25
 FERMAT’S THEOREM PROOF :

 Consider a set of positive integers less than ‘p’ : {1,2,3,…..,(p-1)}

and multiply each element by ‘a’ and ‘modulo p’ , to get the set

X = {a mod p, 2a mod p,…, (p-1)a mod p}

 No elements of X is zero and equal, since p doesn’t divide a.

 Multiplying the numbers in both sets (p and X) and taking the result
mod p yields
 FERMAT’S THEOREM PROOF :


a * 2a *…* (p-1)a [1 * 2 * 3 *…* (p-1)] (mod p)
a p  1 ( p  1)!( p  1)!(mod p )

Thus on equating (p-1)! term from both the sides, since it is relatively
prime to p, result becomes,
a p  1 1(mod p )

An alternative form of Fermat’s Theorem is given as

a p a (mod p )
 Euler's Totient Function

• An important quantity in number theory is *Euler's Totient

Function:
– The number of positive integers less than n, that are relatively
prime to n.
• It is written φ(n) :
φ(1) 1
φ( p )  p  1 (for p prime)
φ( m)  m  1 (for m composite)
φ( n)
• In other words, Euler's Totient Function is the number of
elements in Zn*
*Leonhard Euler (1707 - 1783), Swiss mathematician

28
 Euler's Totient Function

• Assume we have two distinct prime numbers, p and q, and an

integer n = pq
– Then:
φ(n) φ( pq) φ( p ) φ(q ) ( p  1) (q  1)
– The set of residues in Zn i s{0,1,...,(pq - 1)}
– The residues that are not relatively prime to n are:
• The set {p, 2p, ... ,(q - 1)p}, the set {q, 2q, ... ,(p - 1)q}, and 0
φ(n)  pq  [(q  1)  ( p  1)  1]
– So:  pq  ( p  q )  1
( p  1) (q  1)
φ( p ) φ(q )
29
 Euler's Totient Function

• Here is what the Euler Totient Function values look like for
small values of n. (The dotted red line is the line f(n) = n - 1)

Euler T otient Function

35

30

25
Totient(n)

20

15

10

0
1

11

13

15

17

19

21

23

25

27

29
n 30
 Summary

• Whew! That's all the math we're going to do for now!

• We'll relate this to the cryptographic algorithms we're going

to study in the near future.

31