Modular Arithmetic - Rohan - San Diego State University

advertisement
Modular Arithmetic
Jean Mark Gawron
Linguistics
San Diego State University
gawron@mail.sdsu.edu
http://www.rohan.sdsu.edu/∼gawron
2005 August 24
1
Introduction
These notes are optional supplements to lecture material. They will often contain more mathematical material that is useful background.
2
Modular Arithmetic
This section briefly introduces addition, multiplication, and congruency in modular arithmetic.
2.1
Addition and Multiplication
The cases of modular addition we have seen so far in lecture can be handled by
the following rule:
(a)
(b)
x + y mod z = x + y
if x + y < z
x + y mod z = z − (x + y) otherwise
The (a) rule says modular addition gives the same result as ordinary addition
if the ordinary sum is less than the modulus. The (b) rule says if the ordinary
1
sum isn’t less than the modulus, the modular sum is the ordinary sum MINUS
the modulus. Thus
25 + 1
mod 26 = 26 − (25 + 1) = 0
But this is a little clunky for mathematicians, even for cryptographers, who
aren’t particularly fussy about notation.
Our definition only works for x and y less than the modulus. It doesnt give
a sensible answer for things like:
28 + 42
mod 26
Modular addition is usually defined so it makes sense for any integers. This is
done using the concept of a remainder. We’ll write:
4
mod 7
for the remainder you get when divide 4 by 7. That remainder is 4. Other
numbers that leave a remainder of 4 when divided by 7 are 11, 18, 25, and 32.
So:
4 mod 7 = 11 mod 7 = 25 mod 7 = 32 mod 7 or just
4 ≡ 11 ≡ 25 ≡ 32 mod 7
Definition 2.1. Definition of Addition in Modular Arithmetic
For any integer n we define addition mod n to be the operation +n such
that:
def
a +n b = (a + b) mod n
Definition 2.2. Definition of Multiplication in Modular Arithmetic
For any integer n we define multiplication mod n to be the operation ×n
such that:
def
a ×n b = (a × b) mod n
Now it turns that these are exactly the RIGHT definitions for addition and
multiplication in various ways. One of the most important is that they have the
following property.
Proposition 2.1. Relation of modular addition and multiplication to ordinary
addition and multiplication
a +n b = (a mod n) +n (b mod n)
a ×n b = (a mod n) ×n (b mod n)
2
So every addition and multiplication mod n can be reduced to an operation
on remainders. For example,
31 ×7 12 = 372 mod 7
And according to Proposition 2.1:
31 ×7 12 = (31 mod 7) ×7 (12 mod 7) = 3 ×7 5 = 1 mod 7
And checking this out we discover that 372 really does have a remainder of 1
when divided by 7:
372 = (7 × 53) + 1
This is a significant result that takes us beyond the original definition, results
that apply to ordinary arithmetic not just modular arithmetic. For example, it
follows that the ordinary product of any two numbers that are congruent 3 and
5 mod 7 will be congruent to 1 mod 7. Put another way, the product of any
number that gives a remainder of 3 when divided by 7 with any number that
gives a remainder of 5 will be a number that gives a remainder of 1.
2.2
Congruency
Consider the following claim:
−7 ≡ 19
mod 26
Does this make sense?
Any two numbers that have the same remainder when divided by 26 are
congruent. What is the remainder of -7 when divided by 6? Is it 19?
If it is, -7 ought to be 19 more than some even multiple of 26. Is it?
−7 − 19 = −26
Yes. -26 is an even multiple of 26. Moreover it is the biggest multiple of 26 that
is still less than -7, which is the one we want to look at at when computing:
−7
mod 26
We’re implicitly using a very important theorem of modular arithmetic:
Theorem 2.1. Divisability of Differences
a≡b
mod n if and only if n | (a − b)
3
Here a | b means “a evenly divides b”. So 2 numbers have the same modulus
value if and only the difference between them is evenly disible by the modulus.
We won’t try to prove this, just make some observations.
Here is the same list of numbers we looked at before, the numbers congruent
to 4 mod 7:
4 11 18 25 32
Notice the difference between any 2 of them is a multiple of 7. Consistent with
the theorem.
According to the theorem -7 and 19 have to be congruent mod 26 because:
19 − (−7) = 26
And 26 evenly divides 26.
3
3.1
Linear Mappings in Modular arithmetic
Affine ciphers
An affine cipher is one defined by the following equation
c = mp + b
where c is the cipher encoding and p is the plain encoding. The key is (m, b).
We call m the slope and b the shift.
We require a valid encoding scheme to be 1-1. That means every ciphertext
character can be produced by one and only plaintext character.
For this condition to hold, the multiplication table of the slope modulo 26
must contain no repeats. Consider 3, shown in (1a), versus 6, shown in (1b).
(1)
(a)
3
3
(b)
6
6
0
0
13
13
1
3
14
16
2
6
15
19
3
9
16
22
4
12
17
25
5
15
18
2
6
18
19
5
7
21
20
8
8
24
21
11
9
1
22
14
10
4
23
17
11
7
24
20
12
10
25
23
0
0
13
0
1
6
14
6
2
12
15
12
3
18
16
18
4
24
17
24
5
4
18
4
6
10
19
10
7
16
20
16
8
22
21
22
9
2
22
2
10
8
23
8
11
14
24
14
12
20
25
20
4
The table for multiplication by 3 contains no repeats; the table for multiplication
by 6 begins repeating at 13. Thus 3 is a valid slope for an affine cipher and 6 is
not.
The key to what is going on here is that the numbers that have no repeats
in their multiplication table are relatively prime to 26.
Definition 3.1. Relative primes
Two numbers are relatively prime if their largest common factor is 1.
Given this definition, we can state the generalization:
Theorem 3.1. Relative Primality in affine cipher keys
An integer k, 0 < k ≤ n will have no repeats in its multiplication table
mod n if and only if k is relatively prime to n
The examples of 6 and 3 are consistent with the theorem. 3 is relatively
prime to 26; 6 is not. 26 and 6 are both even and thus share the factor 2.
All even numbers share a factor of 2 with 26. All have multiplication tables
that begin repeating at 13 (check this out). 13 evenly divides 26. Thus it shares
the common factor 13 with 26; its division table contains even more repeats:
0
13 0
13
6
13
1
13
14
0
2
0
15
13
3
4
13 0
16 17
0
13
5
13
18
0
6
0
19
13
7
13
20
0
8
0
21
13
9
13
22
0
10
0
23
13
11
13
24
0
12
0
25
13
The explanation of why lack of relative primality entails repeats is relatively
straight forward. Let k be an integer such that 0 ≤ k < n and k and n are not
relatively prime. Then there is some greatest common factor p such that
n = ps
k = pr
Where s and r are positive integers less than n and k respectively. Then ks is
in the multiplication table mod n for k and
ks = prs = psr = nr
So ks is a multiple of n; therefore
ks ≡ 0 mod n
5
So the multiplication table for k will begin repeating at s.
This is illustrated in our example, the multiplication table for 6 in (1b). The
greatest common factor of 6 and 26 is 2:
26 = 2 · 13
6=2·3
So 13 plays the role of s. And indeed 6 · 13 is 0 and the multiplication table
begins repeating there.
What about the other direction? The claim is that being relatively prime
entails lack of repeats in the multiplication table.
Suppose contrary to this claim that k and n are relatively prime and there
is a repeat. Then we have two distinct positive integers p and q less than n such
that:
kp ≡ kq mod n
Then by theorem 2.1:
n | kp − kq
n | k(p − q)
But if this is true then
n | (p − q)
because k and n are relatively prime by assumption. Then by theorem 2.1:
p≡q
mod n
But this contradicts our assumption that p and q are positive integers less than
n and distinct. So we can’t maintain all our assumptions simultaneosuly, and
the only one we made that was at all in question was our starting assumption
that
kp ≡ kq mod n
where p and q are distinct positive integers less than n. So relative primality
does entail no repetitions in the multiplication table.
A closely related concept to relative primality is having an inverse.
Definition 3.2. Inverse
mod n
The inverse an element k mod n is an element j such that
k·j ≡1
mod n
We generally write the inverse of k as k −1 .
6
It turns out that having an inverse mod n is equivalent to being relatively
prime to n:
Proposition 3.1. Relative primality
mod n and inverses
A number has a multiplicative inverse
prime to n.
mod n
mod n if and only if it is relatively
Why is this true? It follows immediately from Theorem 3.1 that numbers
relatively prime to n have inverses mod n. Since the multiplication table must
include n results (including 0) with no repeats, all less than n, one of these
results must be 1.
We leave for elsewhere the proof that having an inverse entails relative primality.
3.2
Inverses and operations
We will look more more carefully at inverses later in the course since they play
a key role in public key cryptography.
The point to emphasize here is that inverses are relative to operations and
the identity elements for operations
Up to now we have talking about about multiplicative inverses. The identity
element for multiplication is 1 and so the definition of the multiplicative inverse
mod n of an element k is an element k −1 such that
k · k −1 ≡ 1
mod n
The definition of an identity element e — for any operation — is an element
such that for ANY element k e is combined with the result is k. If we use ◦ for
our operation, then for any k (including e):
e◦k =k
For multiplication the guy who fits this bill is obviously 1.
For other arithmetic operations the answer may be different. For addition
the identity element is 0:
0+k =k
For any k.
7
Therefore an additive inverse of k is an element which added to k is 0. In
ordinary arithmetic the inverse of a positive integer is always a negative integer.
In modular arithmetic, however, there is always another positive number that
is an inverse. The additive inverse of 3 mod 26 is 23, since
3 + 23 ≡ 0
mod 26
And in general the additive inverse of any k mod n is n − k.
So additive inverses in modular arithmetic differ from multiplicative inverses.
Every number is guaranteed to have an additive inverse mod n. But only numbers relatively prime to have multiplicative inverses.
Summarizing the discussion of this section, the notion inverse is only welldefined relative to an operation. In order for an operation to have inverses,
there must first be an identity element e for that operation. Then an inverse
of an element k for an operation ◦ is another (not necessarily distinct) element
such that k ◦ k −1 = e.
One final note: Inverses don’t have to be distinct. In modular arithmetic,
for example, there are many examples of numbers that are their own inverses.
Consider 5 mod 6:
5 · 5 = 25 ≡ 1 mod 6
So 5 is its own inverse. It also makes sense to say 5 is a square root of 1 mod 6.
8
Download