1
Section 13: Primes, Multiplicative Inverses, and
Exponentiation in Modular Arithmetic
Practice HW p. 16 # 1-13 at the end of the notes
The purpose of this section that we cover is to provide the mathematics background
needed to understand the RSA Cryptosystem. We start out by reviewing some basic facts
concerning prime numbers.
Prime Numbers
Recall that a prime number p is a number whose only divisors are 1 and itself (1 and p).
A number that is not prime is said to be composite. The following set represents the set of
primes that are less than 100:
{2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97…}
Here are some basic facts about primes.
Theorem 13.1: There are an infinite number of primes.
Proof:
2
█
3
Example 1: Starting with the prime p1  2 , use the proof of Theorem 13.1 to generate a
list of several primes.
Solution:
█
Theorem 13.2: (Fundamental Theorem of Arithmetic). Every natural number can be
factored into a product of primes. The factorization is unique if the order of the
factorization is disregarded.
For example, to factor 30, we can compute
30  6  5 
2
3 
5 
3 
2 
5
 5
 2
3
 

same prime factorizat ion disregarding order
.
4
Here is another fact that is useful about prime numbers.
Theorem 13.3: Suppose p is an integer and suppose a and b are integers where p | ab .
Then p | a or p | b .
Proof: Suppose p | a . Then since p is prime, gcd( a, p)  1 . Hence, by Theorem 1.4, there
exists integers u and v where
au  pv  1  gcd( a, p)
Multiplying both sides of this equation by b gives
abu  pbv  b .
Since p | ab , ab  kp for some integer k . Substituting this result into the previous
equation gives
pku  pbv  b
or
p(ku  bv)  b .
Hence, p | b . A similar argument can be shown that p | a if we assume p | b . Hence, the
result holds.
█
Finding Multiplicative Inverses in Modular Arithmetic
Recall that for b  Z m to be a unit, that is for b 1 (mod m) , to exist, gcd( b, m)  1 .
Assuming that gcd( b, m)  1 , we find b 1 (mod m) , that is, we solve the congruence
bv  1 (mod m) by finding u and v where mu  bv  1  gcd( b, m) . Hence, the
multiplicative inverse v  b 1 (mod m) by generating a Euclidean Algorithm table as
described in Section 1.
Note When computing mu  bv  1  gcd( b, m) , we would like v  b 1 (mod m) to be a
positive result. If v  0 , this is accomplished by computing v (mod m) .
We demonstrate this process in the following example.
5
Example 2: Compute 131 (mod 81) .
Solution:
█
6
Example 3: Compute 98751 (mod 54321) .
Solution: We first generate an Euclidean algorithm table to find values u and v where
mu  bv  gcd( m, b)  1 for m = 54321 and b = 9875. We first the Euclidean Algorithm to
find that gcd ( 54321, 9875 )  1 using the following process:
Row 1 :
Row 2 :
Row 3 :
Row 4 :
Row 5 :
54321  5  9875  4946
9875  1  4946  4929
4946  1  4929  17
4929  289  17  16
17  1  16  1
16  16  1  0
Hence, the gcd( 54321,9875)  1 and 98751 (mod 54321) will exist. Setting
u 1  1, v1  0 and u 0  0 and v0  1 and using the equations
ui 1  ui 1  qi 1 ui , vi 1  vi 1  qi 1 vi
we generate u and v with the following equations for each row of the table.
Row 1 : q1  5, r1  4946 , u1  u 1  q1u0  1  5  0  1  0  1 , v1  v1  q1v0  0  5  1  0  5  5 .
Row 2 : q2  1, r2  4929 , u 2  u0  q2u1  0  1  1  0  1  1, v2  v0  q2 v1  1  1  (5)  1  5  6 .
Row 3 : q3  1, r3  17 , u3  u1  q3u 2  1  1  (1)  1  1  2, v3  v1  q3v2  5  1  6  5  6  11 .
Row 4 : q4  289, r4  16 , u 4  u 2  q4u3  1  289  2  1  579  579,
v4  v2  q4v3  6  289  (11)  6  3179  3185 .
Row 5 : q5  1, r5  1 , u5  u3  q5u 4  2  1  (579)  2  579  581,
v5  v3  q5 v4  11  1  3185  11  3185  3196 .
The previous results give the following Euclidean Algorithm Table:
Row
1
0
1
2
3
4
5
Q


5
1
1
289
1
R
U
a  54321 u 1  1
b  9875 u 0  0
4946
1
4929
1
17
2
16
 579
1
581
V
v 1  0
v0  1
5
6
 11
3185
 3196
continued on next page
7
From the last row, we see that u  u5  581 and v  v5  3196. This answer can be
verified by checking
mu  bv  (54321)(581)  (9875)( 3196)  31560501  31560500  1  gcd( m, b) .
Since we are working in mod 54321 arithmetic, we can convert v to its equivalent positive
representation by computing v = -3196 (mod 54321) = 51125. We claim that v = 51125 is
the multiplicative inverse, that is b 1 (mod m)  98751 (mod 54321)  51125 . We can
verify this by computing
bv (mod m)  (9875  51125) (mod 54321)  504859375 (mod 54321)  1
█
Example 4: Solve 13x + 1 = 4 (mod 81) for x.
Solution: We must first isolate x on one side of the equation.
13 x  1  4 (mod 81)
13 x  3 (mod 81)
x  (13 1  3) (mod 81)
To finish this problem, we need to find 131 (mod 81) . In example 2, we saw that
131 (mod 81)  25 . Completing the problem, we have
x  (131  3) (mod 81)  (25  3) (mod 81)  75 (mod 81)  75.
█
Note: If gcd( b, m)  1 , b 1 (mod m)
Example 5: Compute 12 1 (mod 40) .
Solution:
.
█
8
Exponentiation in Modular Arithmetic
As we will see later, the RSA Cryptosystem will require exponentiation with modular
arithmetic to encrypt and decrypt messages. For example, we can easily see that
25 (mod 25)  32 (mod 25)  7 . Hence, it is easy to do modular exponentiation when the
exponent k is small. However, if the exponent becomes larger, this presents more of a
challenge. If we are asked to compute 785 (mod 41) , for example, we should note that
785  6.81 1071 , which due to size causes errors in computations due to computer round
off. Our goal next is to present a method that overcomes this problem by demonstrating an
efficient method for doing exponentiation in modular arithmetic.
Method of Successive Squaring for computing a k (mod m).
Idea is to break the exponent k into a sum of powers of 2 (starting with 20 ) and break a k in
terms of exponential terms as these powers of 2, computing the powers of 2 by
“successively squaring” the previous term
Example 6: Compute 7 85 (mod 41)
Solution:
9
█
10
Example 7: Compute 9563 (mod 907)
Solution: We first note that the exponent k  563 . We first determine the powers of 2
that are less than this exponent. Starting with 20 , we see that
20  1 , 21  2 , 22  4 , 23  8 , 24  16 , 25  32 , 26  64 , 2 7  128 , 28  256 , 2 9  512
We can stop at 210  1024 since 210  1024  563. We now decompose the exponent k
into powers of 2.
563  512  51  512  32  19  512  32  16  3  512  32  16  2  1.
We next write
9563 (mod 907)  9512321621 (mod 907)  (9512  932  916  9 2  91 ) (mod 907) .
We next compute the needed powers of 9 needed with respect to the modulus 907. The
ones that we will need are indicated by . Note that arrows are used to indicate the
substitutions from the previous step.
91 (mod 907)  9
9 2 (mod 907)  81 (mod 907)  81
9 4 (mod 907)  (9 2 ) 2 (mod 907)  (81) 2 (mod 907)  6561 (mod 907)  212 .
98 (mod 907)  (9 4 ) 2 (mod 907)  (212) 2 (mod 907)  44944 (mod 907)  501 .
916 (mod 907)  (98 ) 2 (mod 907)  (501) 2 (mod 907)  251001 (mod 907)  669 .
932 (mod 907)  (916 ) 2 (mod 907)  (669) 2 (mod 907)  447561 (mod 907)  410 .
964 (mod 907)  (932 ) 2 (mod 907)  (410) 2 (mod 907)  168100 (mod 907)  305 .
9128 (mod 907)  (964 ) 2 (mod 907)  (305) 2 (mod 907)  93025 (mod 907)  511.
9 256 (mod 907)  (9128 ) 2 (mod 907)  (511) 2 (mod 907)  261121 (mod 907)  812
9512 (mod 907)  (9 256 ) 2 (mod 907)  (812) 2 (mod 907)  659344 (mod 907)  862
continued on next page
11
Hence,
9 563 (mod 907)  9 5123216 21 (mod 907)  (9 512  9 32  916  9 2  91 ) (mod 907)

9 5123216 21 (mod 907)
 (9 512  9 32  916  9 2  91 ) (mod 907)
 (862  410  669  81  9) (mod 907)

(353420  54189  9) (mod 907)

(597  676  9) (mod 907)

(3632148) (mod 907)

520
Substituti ng from
' s above
Note that 862  410  353420 and 669  81  54189
Note 353420 (mod 907)  597 and 54189 (mod 907)  676
597  676  9  3632148
Hence, 9 563 (mod 907)  520
█
Note: In Example 7, to compute 9563 (mod 907) by ordinary exponentiation, 562
multiplications are required. Using successive squares requires only 13 multiplications.
12
Fermat’s Little Theorem
Fermat’s Little Theorem in special cases can be used to simplify the process of modular
exponentiation. We state it now.
Theorem 13.4: (Fermat’s Little Theorem) Let p be a prime number, a an integer where
p | a . Then
a p1  1(mod p) .
Proof: Consider the integers a, 2a, 3a,  , ( p  1)a modulo p. We first claim that for each
integer of the p  1 distinct integers is this list, there is a distinct integer in the list of
integers 1, 2, 3,  , ( p  1) modulo p that is in its congruence class. For the list
a, 2a, 3a,  , ( p  1)a , p | ia for 1  i  p  1 (see Exercise 12). Suppose that two of the
integers in the list a, 2a, 3a,  , ( p  1)a are in the same congruence class, that is, suppose
that
ja  ka (mod p) for 1  k  j  p  1 .
Then by definition of congruence, p | ( ja  ka) or p | ( j  k )a . Since p | a by
assumption, then p | ( j  k ) . But this is impossible since | j  k | p . Thus
ja  ka (mod p) only when j  k . Thus a, 2a, 3a,  , ( p  1)a are distinct modulo p. But
there are only p  1 distinct non-zero integers modulo p, namely 1, 2, 3,  , ( p  1) . Hence,
a, 2a, 3a,  , ( p  1)a and 1, 2, 3,  , ( p  1) are the same integers, possibly appearing in a
different order. Hence, there products would give an integer in the same congruence class,
that is
a  2a  3a  ( p  1)a  (1  2  3 ( p  1)) (mod p)
or
a p1 ( p  1)! ( p  1)! (mod p)
Since gcd(( p  1)!, p)  1 (see Exercise 13), then ( p  1)! has a multiplicative inverse.
Multiplying both sides by [( p  1)!]1 gives
a p1[( p  1)!][( p  1)!]1  [( p  1)!] [( p  1)!]1 (mod p) ,
which produces the result
a p1  1(mod p)
█
13
Example 8: Use Fermat’s Little Theorem to simplify the following.
a. 2130 (mod 31)
b. 10782 (mod 79)
Solution:
█
14
Euler-Phi Function
Given an integer m, the Euler-Phi function, denoted by  (m) , is the number of integers
between 1 and m that are relatively prime to m. That is,
 (m) #{a :1  a  m and gcd( a, m)  1}
For example,  (30)  8 since 1, 3, 7, 11, 13, 17, 19, 23, and 29 are the eight integers
between 1 and 30 that are relatively prime to 30, that is, where
1  gcd(1, 30)  gcd( 7, 30)  gcd(11, 30)  gcd(13, 30)  gcd(17, 30)  gcd(19, 30)  gcd( 23, 30)  gcd( 29, 30)
We would like to have a method of computing  (m) when m is larger. The next theorems
describe some efficient ways of doing this.
Theorem 13.5: If p is a prime number, then  ( p )  p  1 .
Proof:
█
Example 9: Compute  (11) and  (97) .
Solution:
█
15
Theorem 13.6: If p is a prime number, then  ( p k )  p k  p k 1 .
Proof: The only divisors of p k are 1 and the powers of p less than k, that is p i | p k for
1  i  k . Let a be an integer where 1  a  p k . If gcd( a, p k )  1 , then a must have a
factor of p , that is p | a . Thus, a number a is not relatively prime ( gcd( a, p k )  1) when
p | a . Thus
 ( p k )  p k  #{a : 1  a  p k and p | a}
If p | a , then a  kp for some integer k. The multiples of p between 1 and p k are
(1) p, 2 p, 3 p, , ( p k 1  1) p, p k 1  p  p k ,
which is p k 1 multiples of p. Hence, #{a : 1  a  p k and p | a}  p k 1 and thus
 ( p k )  p k  p k 1 .
█
Example 10: Compute  (64) .
Solution:
█
We next state without proof a fundamental result.
Theorem 13.7: For two positive integers m and n, if the gcd( m, n)  1 , then
 (mn)   (m)   (n) .
Example 11: Compute  (24) .
Solution:
█
16
Theorem 13.8: If m has the prime factorization m  p1k1  p 2k2  prkr , then
 (m)   ( p1k1  p2k2  prkr )   ( p1k1 )   ( p2k2 ) ( prkr )
 (p
k1

p1k1 1 )( p k2

p2k2 1 ) ( p kr

prkr 1 )
.
Proof: We can prove this result using mathematical induction. For the trivial case, that is,
if r  1 , then using Theorem 13.6 we have
 (m)   ( p1k1 )  ( p1k1  p1k11 ) .
Now, assume the result is true if m is a product of r primes. We want to show the result is
true if m is a product of r + 1 primes. Suppose m  p1k1  p2k2  prkr  prkr 11 . Noting that
gcd( p1k1  p2k2  prkr , prkr 11 )  1, we have
 (m)   (( p1k1  p 2k2  p rkr )  p rkr 11 )
  ( p1k1  p 2k2  p rkr )   ( p rkr 11 )
(Use Theorem 13.7)
 ( p k1  p1k1 1 )( p k2  p 2k2 1 ) ( p kr  p rkr 1 )   ( p rkr 11 )
(By the induction hypothesis )
 ( p k1  p1k1 1 )( p k2  p 2k2 1 ) ( p kr  p rkr 1 )( p rkr 11  p rkr 11 1 )
(Use Theorem 13.6)
Hence, by the principle of mathematical induction, the result holds.
█
Corollary 13.9: If p and q are primes where p  q , then  ( pq)   ( p) (q)  ( p  1)( q  1) .
Proof:
█
17
Example 12: Compute  (35) .
Solution:
█
Example 13: Compute  (360) .
Solution:
█
Example 14: Compute  (1575) .
Solution:
█
18
Exercises
1. Starting with the prime p1  5 , use the proof of Theorem 13.1 to generate a list of
several primes.
2. Compute the following multiplicative inverses.
a. 17 1 (mod 60)
b. 29 1 (mod 83)
c. 251 (mod 89)
d. 31 (mod 131)
e. 25411 (mod 52598)
f. 106 1 (mod 7233631)
3. Solve the following modular equations for x.
a. 9 x  5  1 (mod 10) .
b. 29 x  10  51 (mod 83) .
c. 7 x  10  41 (mod 101) .
d. 10 x  3 (mod 127) .
4. Use successive squares to compute the following.
a. 1311 (mod 23)
b. 559 (mod 47)
c. 365 (mod 71)
d. 47 213 (mod 507)
e. 28749 (mod 1147)
5. Use Fermat’s Little Theorem to help compute the following (note that each modulus
is prime).
a. 9466 (mod 67)
b. 99100 (mod 101)
c. 99101 (mod 101)
d. 27323 (mod 107)
e. 510110 (mod 1009)
19
6. Compute the Euler-Phi function of the following:
a.  (101)
b.  (143)
c.  (81)
d.  (14000)
e.  (35243936)
7. Show that if m has the prime factorization m  p1k1  p 2k2  prkr , then
 (m)  m(1 
1
1
1
)(1 
) (1 
).
p1
p2
pr
Use the formula to find  (10000000) .
8. Prove that if m  2 k , then  (n) 
m
. Hint: Use Exercise 7 makes this problem
2
straight forward.
9. Prove that  (m 2 )  m (m) . Hint: Decompose m and m 2 into a product of arbitrary
primes and then use Exercise 7.
p
 (m) (n) .
p 1
Hint: Start by decomposing m and n into a product of prime factors. What does the
gcd( m, n) tell you about this decomposition? Then use Exercise 7 – is probably easier
to start with the right hand side first.
10. Prove that if gcd( m, n)  p , then  (mn) 
11. Extend Theorem 13.3 and prove that if p is a prime and p | (a1a2 a3  ar ) , then
p must divide one the ai ' s for i  1, 2, 3,  , r . Hint: Treat a1 and a2 a3  ar each as
one number and use Theorem 13.3. If it fails, divide a2 a3  ar up in a similar fashion
and apply Theorem 13.3 again. Keep doing this until the result has to follow.
12. For the list a, 2a, 3a,  , ( p  1)a , show that if p is prime and p | a , then p | ia for
1  i  p  1.
13. Show that p is prime, then gcd(( p  1)!, p)  1 .