modular arithmetic
DESCRIPTION
Modular Arithmetic. p-1. 1. ´ p. n|m means that m is a an integer multiple of n. We say that “n divides m”. 7|217 divides 21. 2|4 2 divides 4 7|217 divides 21. (a mod n) means the remainder when a is divided by n. If ad + r = n, 0 · r < n Then r = (a mod n) and d = (a div n). - PowerPoint PPT PresentationTRANSCRIPT
Modular Arithmetic
p-1
´p 1
n|m means that m is a an integer multiple of n.
We say that “n divides m”.
7|21 7 divides 21
2|4 2 divides 47|21 7 divides 21
(a mod n) means the remainder when a is
divided by n.
If ad + r = n, 0· r < nThen r = (a mod n)and d = (a div n)
Egyptian Division
95 15 80* 40 20 10*
8 4 2 1
Double and Subtract
95/10 = 8+1 remainder 5
Egyptian in the exponent: Calculate ab mod n:
Except for b, work in a reduced mod system to keep all intermediate results less than b log2 (n) c + 1 bits long.
Phase I (Repeated Multiplication)
For log b stepsmultiply largest so far by a(a, a2, a4, … )
Phase II (Make ab from bits and pieces)Expand n in binary to see how n is the
sum powers of 2. Assemble ab by multiplying together appropriate powers of a.
Modular equivalence of integers a and b:
a ´ b [mod n]a ´n b
“a and b are equivalent modulo n”
iff (a mod n) = (b mod n)iff n|(a-b)
Equivalence mod n implies equivalence mod any divisor of
n.
If (x ´n y) and (k|n)Then: x ´k y
Fundamental lemma of plus, minus, and times modulo n:
If (x ´n y) and (a ´n b)Then: x+a ´n y+b
x-a ´n y-b xa ´n yb
Fundamental lemma of plus minus, and times modulo n:
When doing plus, minus, and times modulo n, I can at any
time in the calculation replace a number with a number in the same residue class modulo n
Please calculate in your head:
329 * 666 mod 331-2 * 4 = -8 = 323
The reduced system modulo
n:
Zn = {0, 1, 2, …, n-1}
Define +n and *n:a +n b = (a+b mod n)
a *n b = (a*b mod n)
The reduced system modulo 3
Z3 = {0, 1, 2}
Two binary, associative operators on Z3:+3
0 1 2
0 0 1 2
1 1 2 0
2 2 0 1
*3 0 1 2
0 0 0 0
1 0 1 2
2 0 2 1
The reduced system modulo 2
Z2 = {0, 1}
Two binary, associative operators on Z2:
+2
0 1
0 0 1
1 1 0
*2 0 1
0 0 0
1 0 1
The Boolean interpretation ofZ2 = {0, 1}
0 means FALSE 1 means TRUE
+2
XOR
0 1
0 0 1
1 1 0
*2
AND
0 1
0 0 0
1 0 1
The reduced systemZ4 = {0, 1,2,3}
+ 0 1 2 3
0 0 1 2 3
1 1 2 3 0
2 2 3 0 1
3 3 0 1 2
* 0 1 2 3
0 0 0 0 0
1 0 1 2 3
2 0 2 0 2
3 0 3 2 1
The reduced systemZ5 = {0, 1,2,3,4,5}
+ 0 1 2 3 4
0 0 1 2 3 4
1 1 2 3 4 0
2 2 3 4 0 1
3 3 4 0 1 2
4 4 0 1 2 3
* 0 1 2 3 4
0 0 0 0 0 0
1 0 1 2 3 4
2 0 2 4 1 3
3 0 3 1 4 2
4 0 4 3 2 1
Theorem: There are exactly n/(c,n) distinct multiples of c modulo n.
Example: n=8, c=3.
7
5 3
1
0
6 2
4
Theorem: There are exactly n/(c,n) distinct multiples of c modulo n.
Example: n=8, c=3.
7
5 3
1
0
6 2
4
Theorem: There are exactly n/(c,n) distinct multiples of c modulo n.
Example: n=8, c=3.
7
5 3
1
0
6 2
4
Theorem: There are exactly n/(c,n) distinct multiples of c modulo n.
Example: n=8, c=3.
7
5 3
1
0
6 2
4
Theorem: There are exactly n/(c,n) distinct multiples of c modulo n.
Example: n=8, c=3.
7
5 3
1
0
6 2
4
Theorem: There are exactly n/(c,n) distinct multiples of c modulo n.
Example: n=8, c=3.
7
5 3
1
0
6 2
4
Theorem: There are exactly n/(c,n) distinct multiples of c modulo n.
Example: n=8, c=3.
7
5 3
1
0
6 2
4
Theorem: There are exactly n/(c,n) distinct multiples of c modulo n.
Example: n=8, c=3.
7
5 3
1
0
6 2
4
Theorem: There are exactly n/(c,n) distinct multiples of c modulo n.
Example: n=8, c=3.
7
5 3
1
0
6 2
4
Theorem: There are exactly n/(c,n) distinct multiples of c modulo n.
Example: n=8, c=4.
7
5 3
1
0
6 2
4
Theorem: There are exactly n/(c,n) distinct multiples of c modulo n.
Example: n=8, c=4.
7
5 3
1
0
6 2
4
Theorem: There are exactly n/(c,n) distinct multiples of c modulo n.
Example: n=8, c=8.
7
5 3
1
0
6 2
4
Theorem: There are exactly n/(c,n) distinct multiples of c modulo n.
Example: n=8, c=6.
7
5 3
1
0
6 2
4
Theorem: There are exactly n/(c,n) distinct multiples of c modulo n.
Example: n=8, c=6.
7
5 3
1
0
6 2
4
Theorem: There are exactly n/(c,n) distinct multiples of c modulo n.
Example: n=8, c=6.
7
5 3
1
0
6 2
4
Theorem: There are exactly n/(c,n) distinct multiples of c modulo n.
Example: n=8, c=6.
7
5 3
1
0
6 2
4
Theorem: There are exactly n/(c,n) distinct multiples of c modulo n.
Example: n=8, c=6.
7
5 3
1
0
6 2
4
The multiples of c modulo n is the set:{0, c, c +n c, c +n c +n c, ….}
= {kc mod n | 0· k · n-1}
7
5 3
1
0
6 2
4
Multiples of 6
Theorem: There are exactly n/(c.n) distinct multiples of c modulo n:
{kc mod n | 0· k < n/(c,n)}
Let k= n/(c,n), which implies ck ´n 0There are · k distinct multiples of c mod
n: c*0, c*1, c*2, …, c*(k-1)
cx ´n cy $ n|c(x-y) $ (x-y) ¸ n/(c.n) = kThere are ¸ k multiples of c
Is there a fundamental lemma of division modulo n?
cx ´n cy ) x ´n y ?
2*2 ´6 2*5, but not 2 ´6 5.
Repaired fundamental lemma of division modulo n?
c 0 (mod n), cx ´n cy ) x ´n y ?
6*3 ´10 6*8, but not 3 ´10 8.
Which c are safe for cancellation mod n, i.e., cx ´n cy
) x ´n y ?
Hint: There are only n/(n,c) distinct multiples of c.
Which c are safe for cancellation mod n, i.e., cx ´n cy
) x ´n y ?
Hint: There are only n/(n,c) distinct multiples of c.
If (c,n)\neq 1, then there exists distinct x,y<n s.t. cx=cy.
Fundamental lemma of division modulo n.
(c,n)=1, ca ´n cb ) a ´n b
mod
| ( )
| ( )
| since ( , ) 1
mod
ab ac n
n ab ac
n a b c
n b c a n
b c n
A sense in which you can always cancel by c:
Theorem: cx ´n cy ) x ´n/(c,n) y
cx ´n cy ) cx ´n/(c,n) cy and ( c, n/(c,n) )=1
) x ´n/(c,n) y
Fundamental lemma of division modulo n.
(c,n)=1, ca ´n cb ) a ´n b
Zn* = {x 2 Zn | GCD(x,n) =1}
Multiplication over Zn* will have the
cancellation property.
Z12* = {1,5,7,11}
*12 1 5 7 11
1 1 5 7 11
5 5 1 11 7
7 7 11 1 5
11 11 7 5 1
Z15*
* 1 2 4 7 811
13
14
1 1 2 4 7 811
13
14
2 2 4 814
1 711
13
4 4 8 113
214
711
7 714
13
4 11 2 1 8
8 8 1 211
413
14
7
11
11
714
2 13 1 8 4
13
13
11
7 1 14 8 4 2
14
14
13
11
8 7 4 2 1
The column permutation property is equivalent to the right cancellation
property:
[b * a = c * a] ) b=c
* 1 2 a 4
b 1 2 3 4
2 2 4 1 3
c 3 1 4 2
4 4 3 2 1
The row permutation property is equivalent to the left cancellation
property:
[a * b = a *c] ) b=c
* b 2 c 4
1 1 2 3 4
2 2 4 1 3
a 3 1 4 2
4 4 3 2 1
Z5* = {1,2,3,4}
*5 1 2 3 4
1 1 2 3 4
2 2 4 1 3
3 3 1 4 2
4 4 3 2 1
Euler Phi Function
(n) = size of zn*
= number of 1<k<n that are relatively prime to n.
p prime ) Zp*= {1,2,3,…,p-1}
) (p) = p-1
The additive inverse of a2 Zn is the unique b2 Zn such that a +n b ´n 0. We denote this inverse by “–
a”.
It is trivial to calculate: “-a” = (n-a).
The multiplicative inverse of a2 Zn* is
the unique b2 Zn* such that
a *n b ´n 1. We denote this inverse by “a-1” or “1/a”.
The unique inverse of a must exist because the a row contains a permutation of the
elements and hence contains a unique 1.* 1 b 3 4
1 1 2 3 4
2 2 4 1 3
a 3 1 4 2
4 4 3 2 1
Zn = {0, 1, 2, …, n-1}Zn
* = {x 2 Zn | GCD(x,n) =1}
Define +n and *n:
a +n b = (a+b mod n) a *n b = (a*b mod n)
c *n ( a +n b) ´n (c *n a) +n (c*n b)
<Zn, +n>1. Closed2. Associative3. 0 is identity4. Additive Inverses5. Cancellation6. Commutative
<Zn*, *n>
1. Closed2. Associative3. 1 is identity4. Multiplicative Inverses5. Cancellation6. Commutative
The multiplicative inverse of a2 Zn* is the unique b2
Zn* such that
a *n b ´n 1. We denote this inverse by “a-1” or “1/a”.
Efficient algorithm to compute a-1 from a and n.
Execute the Extended Euclid Algorithm on a and n (previous lecture). It will give two
integers r and s such that:ra + sn = (a,n) = 1
Taking both sides mod n, we obtain:rn ´n 1
Output r, which is the inverse of a
What is 1/29 mod 67?
Euclid’s Extended GCD algorithm
Input: X,Y Output: r,s,d such that rX+sY = d = GCD(X,Y) 67=<1,0>
29=<0,1>Euclid(67,29) 9=67 – 2*29 9 =<1,-2>Euclid(29,9) 2=29 – 3*9 2=<-3,7>Euclid(9,2) 1=9 – 4*2 1=<13,-30>Euclid(2,1) 0=2 – 2*1 2=<-3,7>
Euclid(1,0) outputs 1 = 13*67 – 30*29
HENCE 1/29 = 30.
Fundamental lemma of powers?
If (a ´n b) Then xa ´n xb ?
If (a ´n b) Then xa ´n xb ?
NO!
(16 ´15 1) , but it is not the case that: 21 ´15 216
Two names for the same set:
Zn* = Zn
a
Zna = {a *n x | x 2 Zn
*}, a2 Zn*
* b 2 c 4
1 1 2 3 4
2 2 4 1 3
a 3 1 4 2
4 4 3 2 1
Two products on the same set:
Zn* = Zn
a
Zna = {a *n x | x 2 Zn
*}, a2 Zn*
x ´n ax [as x ranges over Zn* ]
x ´n x (asize of Zn*) [Commutativity]
1 = asize of Zn* [Cancellation] a(n) = 1
Euler’s Theorem
a2 Zn*, a(n) ´n 1
Fermat’s Little Theorem
p prime, a2 Zp*) ap-1 ´p 1
(pq) = (p-1)(q-1) if p,q distinct primes
pq = # of numbers from 1 to pqp = # of multiples of q up to pqq = # of multiples of p up to pq1 = # of multiple of both p and q up to pq
(pq) = pq – p – q + 1 = (p-1)(q-1)
Fundamental lemma of powers.
Suppose x2 Zn*, and a,b,n are naturals.
If a ´(n) b Then xa ´n xb
Equivalently,xa mod (n) ´n xb mod (n)
Zn = {0, 1, 2, …, n-1}Zn
* = {x 2 Zn | GCD(x,n) =1}
Quick raising to power.
<Zn, +n>1. Closed2. Associative3. 0 is identity4. Additive Inverses
Fast + amd -5. Cancellation6. Commutative
<Zn*, *n>
1. Closed2. Associative3. 1 is identity4. Multiplicative Inverses
Fast * and /5. Cancellation6. Commutative
Euler Phi Function
(n) = size of zn*
= number of 1<k<n that are relatively prime to n.
p prime ) Zp*= {1,2,3,…,p-1}
) (p) = p-1
(pq) = (p-1)(q-1) if p,q distinct primes
pq = # of numbers from 1 to pqp = # of multiples of q up to pqq = # of multiples of p up to pq1 = # of multiple of both p and q up to pq
(pq) = pq – p – q + 1 = (p-1)(q-1)
The RSA Cryptosystem
Rivest, Shamir, and Adelman (1978)
RSA is one of the most used cryptographic protocols on the net. Your browser uses it to establish a
secure session with a site.
Pick secret, random k-bit primes: p,q “Publish”: n = p*q (n) = (p) (q) = (p-1)*(q-1)
Pick random e Z*(n)
“Publish”: eCompute d = inverse of e in Z*
(n)
Hence, e*d = 1 [ mod (n) ]
“Private Key”: d
n,e is my public key.
Use it to send a message to
me.
p,q random primes, e random Z*(n)
n = p*qe*d = 1 [ mod (n) ]
n,e
p,q prime, e random Z*(n)
n = p*qe*d = 1 [ mod (n) ]
m
n,e
p,q prime, e random Z*(n)
n = p*qe*d = 1 [ mod (n) ]
m
me [mod n]
n,e
p,q prime, e random Z*(n)
n = p*qe*d = 1 [ mod (n) ]
m
me [mod n]
(me)d ´n m