Modulo Arithmetic

Number Theory and Applications in Crytography

Dr Bobby Yang

1/28
 Modular arithmetic – some symbols
used
• Set of real numbers: R
• Set of integers: Z, e.g {· · · , −2, −1, 0, 1, 2, · · · }
• Set of non-negative integers, e.g. {0, 1, 2, 3, · · · }
• Set of positive integers Z+ , e.g. {1, 2, 3, · · · }
• Set of integers < m, Zm , e.g. {1, 2, · · · , m − 1}
• Greatest common divisor, gcd (a, b) = x, where x is the
largest common factor in a and b.
If a and b are relatively prime, then gcd (a, b) = 1
i.e. a and b do not share a common factor other than 1.

2/28
 Modular arithmetic
• Modulo operation. Let a, r , m ∈ Z where Z a set of integers
and m > 0,
We write
a ≡ r mod m, i.e.
a = k · m + r where k is integer.
m is called the modulus and r is called the remainder
• Often “modulo”, “mod” are used interchangeably.
• Equivalent class – set of numbers with the same
remainder, e.g.
21 ≡ 3 mod 9
12 ≡ 3 mod 9
3 ≡ 3 mod 9
−6 ≡ 3 mod 9
−15 ≡ 3 mod 9
···
3/28
 Equivalence Class

• Equivalence class. These integers

{· · · , −24, −15, −6, 3, 12, 21, · · · } which gives the same
remainder 3 when divided by 9 are equivalent; they form
an equivalence class mod 9. i.e.
−24 ≡ −15 ≡ −6 ≡ 3 ≡ 12 ≡ 21 mod 9
• Similarly {0, 3, 9, 12, 15, · · · } is an equivalence class mod 9
• All members of an equivalence behave equivalently under
mod n
• Addition and multiplication:
(a + b) mod n = (a mod n + b mod n) mod n
(a − b) mod n = (a mod n − b mod n) mod n
(a × b) mod n = (a mod n × b mod n) mod n

4/28
 Example – equivalence class
e.g. Find 6561 mod 7.
Since 6561 = 38 = 34 · 34 = 81 · 81,
and 81 = 11 · 7 + 4,
then 6561 = 38 = 81 · 81 ≡ 4 · 4 = 16 mod 7 = 2 mod 7

5/28
 Groups
Definition: A group is a set G together with one binary
operation ◦ on G, satisfying the following axioms:
1. There is closure for all operations ◦, i.e.,

c = a ◦ b, for all a, b, c ∈ G

2. The operation ◦ is associative, i.e. a ◦ (b ◦ c) = (a◦) ◦ c

3. There is an identity element e ∈ G such that

a ◦ e = e ◦ a = a for all a ∈ G

4. There exist an inverse for all a ∈ G, i.e.

a ◦ (a−1 ) = (a−1 ) ◦ a = e

• Common operations are addition (+) or multiplication (×),

but can be others.

6/28
 Examples of groups

1. The integers Z = {· · · , −2, −1, 0, 1, 2, · · · } is a group

under +
2. The set of non-zero real numbers, R − {0}, under + or ×
3. The set of positive integers Zn with elements
i = {1, · · · , n − 1} where gcd (i, n) = 1 is a group under
multiplication modulo n
e.g. Z9 = {1, 2, 4, 5, 7, 8} is a multiplicative group.
4. The set of integers Z26 = {0, 1, 2, · · · , 25} mod 26 is an
additive group, i.e. Z26 (+) is a group. Application in
Caesar’s cipher.
• However, Z26 under multiplication modulo 26 is NOT a
group. Some elements do NOT have inverses.

7/28
 Additive group
• Consider the set Z6 = {0, 1, 2, 3, · · · , 5}. Is this an additive
group? i.e. under modulo 6 addition?
• Construct the Cayley table to represent the operation.
+ 0 1 2 3 4 5
0 0 1 2 3 4 5
1 1 2 3 4 5 0
2 2 3 4 5 0 1
3 3 4 5 0 1 2
4 4 5 0 1 2 3
5 5 0 1 2 3 4
• Closure?
• Associative?
• Is there an identity e such that for every a, e + a = a
• Is there an inverse of a, i.e (a−1 ) written as (−a) such that
for every a, (−a) + a = e

8/28
 Application – Caesar’s cipher

• The characters in the alphabet are assigned ordinal values

as follows:
A B C D E F G H I J K L M
0 1 2 3 4 5 6 7 8 9 10 11 12
N O P Q R S T U V W X Y Z
13 14 15 16 17 18 19 20 21 22 23 24 25
• Denote each character in the plaintext xi and ciphertext yi
by the ordinal number in Z26 which a group under modulo
addition, i.e. xi , yi ∈ Z26
• Key, k the number of steps to shift.
• Encryption: yi ≡ xi + k mod 26
Decryption: xi ≡ yi − k mod 26
• Keyspace:
• Attacks: brute force, frequency analysis

9/28
 Example
E.g. Use Key = 5
1. What is the ciphertext of P = “RETREAT”?
2. What is the plaintext of C=“ANHYTWD”
3. What is the keyspace of this cipher?
4. How many attempts are required at most to break this
cipher?

10/28
 Vigenère Cipher

• Represent each character in plaintext x, ciphertext y, and

key k as ordinal values: A = 0, B = 1, · · · , Z = 25
• Encryption: yi ≡ xi + ki mod 26
• Decryption: xi′ ≡ yi + (−ki ) mod 26

11/28
 Vigenère cipher example
• Plaintext P = ATTACKATDAWN, can be written as
{0 19 19 0 2 10 0 19 3 14 22 13}.
• Key, Ks = CIPHER, written as {2 8 15 7 4 17}, m = 6
(length of Ks ),.
• Write out the plaintext and key (used twice) and do
addition (mod 26)
P 0 19 19 0 2 10 0 19 3 0 22 13
Ks 2 8 15 7 4 17 2 8 15 7 4 17
C 2 1 8 7 6 1 2 1 18 7 0 4
• The corresponding ciphertext is thus
C = CBIHGBCBSHAE
• Decryption using the same modulo 26 addition with −Ks
The original plaintext is recovered.

12/28
 Multiplicative group
• Consider the set Z6 = {0, 1, 2, 3, · · · , 5}.
• Is this a group under multiplication mod 6?
× 0 1 2 3 4 5
0 0 0 0 0 0 0
1 0 1 2 3 4 5
2 0 2 4 0 2 4
3 0 3 0 3 0 3
4 0 4 2 0 4 2
5 0 5 4 3 2 1

• Closure?
• Associative?
• Is there an identity e such that for every a, i.e., e × a = a
• Is there an inverse of a, i.e (a−1 ) such that for every a, i.e.
a−1 × a = e
• For an element a ∈ Zm the inverse a−1 exist iff
gcd (a, m) = 1
• What are the elements in Z6 that form a multiplicative
group?
13/28
 Affine cipher
• Let a, b, x, y ∈ Z26
Encryption key: k = (a, b), plaintext: x, ciphertext: y
Encryption yi ≡ a · xi + b mod m
Decryption xi ≡ a−1 · (yi − b) mod m
• Conditions: a−1 exists, i.e. gcd(a, 26) = 1
• Keyspace = 11 × 26 = 286
• Attacks: Brute force, frequency analysis

14/28
 Affine cipher example
• Plaintext, x = AUTUMN, in ordinals, {0, 20, 19, 20, 12, 13},
• Let key be k = (a, b) where a = 5, b = 12. Note, 5−1 ≡ 21
mod 26 (it exists)
• Encrypt: e.g., y1 ≡ 0 × a + 12 = 12 mod 26, etc.
• Ciphertext, y = {12, 8, 3, 8, 20, 25}, i.e. y = MIDIUZ
• Decrypt: e.g., take y2 , I = 8,
x2 ≡ a−1 (y2 − b) = 21(8 − 12) = 20 mod 26, i.e. x2 = U

15/28
 Integer Rings
• Definition: The integer ring is a set
Zm = {0, 1, 2, · · · , m − 1} with 2 operations "+" and "×" for
all a, b, c, d ∈ Zm such that:
1. a + b ≡ c mod m,
2. a × b ≡ d mod m
• Properties:
• Closure Add and multiply any two numbers, result is
always in the ring.
• Addition and multiplication is associative and distributive,
i.e., a + (b + c) = (a + b) + c and a × (b × c) = (a × b) × c
and a × (b + c) = (a × b) + (a × c)
• Addition: There is a neutral and inverse element i.e.
a + 0 = 0 + a = a mod m; a + (−a) = 0 mod m
• Multiplication: There is a neutral element and inverse exists
for some, but not all elements , i.e.
a × 1 = 1 × a = 1 mod m, and a × a−1 ≡ 1 mod m
• For an element a ∈ Zm the inverse a−1 exist iff
gcd(a, m) = 1
16/28
 Fields

• Finite fields, also called Galois field, is a set F of elements

with the following properties:
• All elements of F form an additive group and has the
neutral element 0.
• All elements of F except 0, form a multiplicative group and
has the neutral element 1.
• The distributive law holds, i.e. for all a, b, c, d ∈ F ,
a(b + c) = ab + ac
• A field with order m (the number of elements) exists only if
m is a prime power, i.e. m = p n where n is a positive
integer, and p is a prime integer.
• With n = 1, we have the prime field denoted as
GF (p) = {0, 1, 2, · · · , p − 1}, where all arithmetic in GF (p)
done modulo p.
• GF (p) is also a ring.

17/28
 Hill Cipher

• Represent characters in message as ordinal values

• Form message matrix M of size m×n
• Key matrix K of size n×n,
• Encryption: C = M · K mod 26
• Decryption: C · K−1 = M · K · K−1 = M mod 26
• Conditions:
• the inverse K−1 exists, and
1
• Since K−1 = det(K ) adj(K ), for det(K) to exist, and
−1

gcd(det(K ), 26) = 1
• Usually pad 3 more symbols and use mod 29, a prime
number.

18/28
 Hill cipher example
• Consider the message M = “RETREAT”, i.e.
{17, 4, 19, 17, 4, 0, 19}, Key K = “CAVE”, i.e {2, 0, 21, 4}
• Use the prime field GF29 to represent the letters in the
alphabet, padded with unused symbols, e.g.
{26 =?, 27 = @, 28 = ∗}
• Construct padded message as (4 × 2) and key as (2 × 2)
 C ≡ M· K mod 29, i.e.
matrices,  
17 4   2 16
 19 17  2 0  18 10 
M=   , K = C =  
4 0  21 4  8 0 
19 26 4 17
• C = CQSKIAER

19/28
 Hill cipher example – contd
• Decryption: P ≡ C · K −1 mod 29,
1
• K−1 = det(K −1 exist as 29 is
) adj(K ) exists, since det(K )
prime, i.e.,
 
15 0
K −1 =
2 22
   
2 16   17 4
 18 10  15 0  19 17 
• Plaintext =  8 0  1 22
 = 
 4 0 


4 17 19 26
• What is the key space ?

20/28
 Euclidean algorithm
• Uses:
1. test if a, m are relatively prime
2. find multiplicative inverse a−1
• Find gcd (r0 , r1 ), r0 > r1 , let gcd (r0 , r1 ) = g
i.e. r0 = g · x and r1 = g · y where x > y
write r0 = r1 + r2 , i.e. g · (x − y) = r2
i.e. since g divides r0 , r1 , then g also divides r2
• Since r2 < r0 , easier to find gcd (r2 , r1 ) i.e. gcd (r0 − r1 , r1 )
write r2 = r1 + r3 i.e r2 − r1 = r3
if g divides r1 , r2 , then it divides r3
hence recursively, gcd (r3 , r1 ) = gcd (r2 − r1 , r1 ) =
gcd (r0 − 2r1 , r1 ) = · · · = gcd (r0 − mr1 , r1 )
• choose maximum m for least number of steps.
• E.g. Find gcd (27, 21)

21/28
 Eucliden algorithm example

• Eg. Find gcd (27, 21)

gcd (27, 21) = gcd (27 − 1 × 21, 21)

= gcd (21, 6) = gcd (21 − 3 × 6, 6)
) = gcd (6, 3) = gcd (2×3−0, 3) = 3

• Another approach:

gcd (27, 21) = gcd (27 − 21, 21)

= gcd (21, 6) = gcd (15, 6) = gcd (9, 6)
= gcd (6, 3) = gcd (3, 3) = 3

• Eg. Find gcd (973, 301)

22/28
 Extended Euclidean algorithm

• Find gcd (r0 , r1 ), where r0 > r1

• Let gcd (r0 , r1 ) = g, i.e. r0 = xg, r1 = yg
• Write r0 = k1 r1 + r2 where k1 is an integer.
• Rewrite

r0 = k1 r1 + r2
xg = k1 yg + r2

• i.e. g divides r0 , r1 , r2 .
• Hence, instead of finding gcd (r0 , r1 ), find gcd (r1 , r2 ) since
r1 , r2 are smaller numbers.
• Proceed recursively until rn = 0

23/28
 Extended Euclidean algorithm
• Example: find gcd (973, 301)
• Since,

973 = 3 × 301 + 70
301 = 4 × 70 + 21
70 = 3 × 21 + 7
21 = 3 × 7 + 0
• since 7 divides 21, 70, 301, and 973, then
gcd (973, 301) = 7
• We also see gcd (973, 301) = 7 and

7 = 70 − 3 × 21 = 70 − 3 · (301 − 4 × 70)
= 70 − 3 × 301 + 12 × 70 = 13 × 70 − 3 × 301
= 13 · (973 − 3 × 301) − 3 × 301 = 13 × 973 − 42 × 301
= s · 973 + t · 301, where s = 13, t = −42
24/28
 Extended Euclidean algorithm example

• Find gcd (12, 67)

67 = 5 × 12 + 7
Find gcd(12,7) instead
12 = 1 × 7 + 5
7 = 1×5+2
5 = 2 × 2 + 1 ← gcd (2, 1) = 1
2 = 2×1+0

i.e. gcd (12, 67) = 1

25/28
 Finding inverse, a−1 mod m
• Write: gcd (a, m) = s · a + t · m where s, t are integers
• If gcd (a, m) = 1, then 1 = s · a + t · m
Taking mod m, 1 ≡ s · a mod m
inverse of a mod m, is by definition, a−1 mod m = s
i.e. the inverse a−1 mod(m) exists iff gcd (a, m) = 1
• Use extended Euclidean algorithm in reverse to find s, t

26/28
 Finding inverse
• E.g. Find the inverse 12−1 mod 67.

1 = 5−2×2
From finding gcd (67, 12) = 5 − 2(7 − 1 × 5)
= 3×5−2×7
67 = 5 × 12 + 7 = 3 × (12 − 7) − 2 × 7
12 = 1 × 7 + 5 = 3 × 12 − 5 × 7
7 = 1×5+2 = 3 × 12 − 5(67 − 5 × 12)
5 = 2×2+1 = 28 × 12 − 5 × 67
1 ≡ 28 × 12 mod 67

• i.e. 12−1 = 28

27/28
 Summary
• Groups are sets which
1 has one operation,
2 is closed,
3 associative,
4 has a neutral element (identity) e, such that a ◦ e = a, has
inverse such the a ◦ a−1 = e
• For multiplicative group mod m, an inverse a−1 exist iff
gcd(a,m) = 1
?
• Euclidean algorithm used to test gcd (a, m) = 1
• Extended Euclidean algorithm used to find a mod m
−1

• Informally, rings are similar to groups, but have two binary

operations, not all elements have multiplicative inverses,
• fields are similar to ring but all elements, except zero, have
multiplicative inverses.

28/28