Modular Arithmetic Jean Mark Gawron Linguistics San Diego State University gawron@mail.sdsu.edu http://www.rohan.sdsu.edu/∼gawron 2005 August 24 1 Introduction These notes are optional supplements to lecture material. They will often contain more mathematical material that is useful background. 2 Modular Arithmetic This section briefly introduces addition, multiplication, and congruency in modular arithmetic. 2.1 Addition and Multiplication The cases of modular addition we have seen so far in lecture can be handled by the following rule: (a) (b) x + y mod z = x + y if x + y < z x + y mod z = z − (x + y) otherwise The (a) rule says modular addition gives the same result as ordinary addition if the ordinary sum is less than the modulus. The (b) rule says if the ordinary 1 sum isn’t less than the modulus, the modular sum is the ordinary sum MINUS the modulus. Thus 25 + 1 mod 26 = 26 − (25 + 1) = 0 But this is a little clunky for mathematicians, even for cryptographers, who aren’t particularly fussy about notation. Our definition only works for x and y less than the modulus. It doesnt give a sensible answer for things like: 28 + 42 mod 26 Modular addition is usually defined so it makes sense for any integers. This is done using the concept of a remainder. We’ll write: 4 mod 7 for the remainder you get when divide 4 by 7. That remainder is 4. Other numbers that leave a remainder of 4 when divided by 7 are 11, 18, 25, and 32. So: 4 mod 7 = 11 mod 7 = 25 mod 7 = 32 mod 7 or just 4 ≡ 11 ≡ 25 ≡ 32 mod 7 Definition 2.1. Definition of Addition in Modular Arithmetic For any integer n we define addition mod n to be the operation +n such that: def a +n b = (a + b) mod n Definition 2.2. Definition of Multiplication in Modular Arithmetic For any integer n we define multiplication mod n to be the operation ×n such that: def a ×n b = (a × b) mod n Now it turns that these are exactly the RIGHT definitions for addition and multiplication in various ways. One of the most important is that they have the following property. Proposition 2.1. Relation of modular addition and multiplication to ordinary addition and multiplication a +n b = (a mod n) +n (b mod n) a ×n b = (a mod n) ×n (b mod n) 2 So every addition and multiplication mod n can be reduced to an operation on remainders. For example, 31 ×7 12 = 372 mod 7 And according to Proposition 2.1: 31 ×7 12 = (31 mod 7) ×7 (12 mod 7) = 3 ×7 5 = 1 mod 7 And checking this out we discover that 372 really does have a remainder of 1 when divided by 7: 372 = (7 × 53) + 1 This is a significant result that takes us beyond the original definition, results that apply to ordinary arithmetic not just modular arithmetic. For example, it follows that the ordinary product of any two numbers that are congruent 3 and 5 mod 7 will be congruent to 1 mod 7. Put another way, the product of any number that gives a remainder of 3 when divided by 7 with any number that gives a remainder of 5 will be a number that gives a remainder of 1. 2.2 Congruency Consider the following claim: −7 ≡ 19 mod 26 Does this make sense? Any two numbers that have the same remainder when divided by 26 are congruent. What is the remainder of -7 when divided by 6? Is it 19? If it is, -7 ought to be 19 more than some even multiple of 26. Is it? −7 − 19 = −26 Yes. -26 is an even multiple of 26. Moreover it is the biggest multiple of 26 that is still less than -7, which is the one we want to look at at when computing: −7 mod 26 We’re implicitly using a very important theorem of modular arithmetic: Theorem 2.1. Divisability of Differences a≡b mod n if and only if n | (a − b) 3 Here a | b means “a evenly divides b”. So 2 numbers have the same modulus value if and only the difference between them is evenly disible by the modulus. We won’t try to prove this, just make some observations. Here is the same list of numbers we looked at before, the numbers congruent to 4 mod 7: 4 11 18 25 32 Notice the difference between any 2 of them is a multiple of 7. Consistent with the theorem. According to the theorem -7 and 19 have to be congruent mod 26 because: 19 − (−7) = 26 And 26 evenly divides 26. 3 3.1 Linear Mappings in Modular arithmetic Affine ciphers An affine cipher is one defined by the following equation c = mp + b where c is the cipher encoding and p is the plain encoding. The key is (m, b). We call m the slope and b the shift. We require a valid encoding scheme to be 1-1. That means every ciphertext character can be produced by one and only plaintext character. For this condition to hold, the multiplication table of the slope modulo 26 must contain no repeats. Consider 3, shown in (1a), versus 6, shown in (1b). (1) (a) 3 3 (b) 6 6 0 0 13 13 1 3 14 16 2 6 15 19 3 9 16 22 4 12 17 25 5 15 18 2 6 18 19 5 7 21 20 8 8 24 21 11 9 1 22 14 10 4 23 17 11 7 24 20 12 10 25 23 0 0 13 0 1 6 14 6 2 12 15 12 3 18 16 18 4 24 17 24 5 4 18 4 6 10 19 10 7 16 20 16 8 22 21 22 9 2 22 2 10 8 23 8 11 14 24 14 12 20 25 20 4 The table for multiplication by 3 contains no repeats; the table for multiplication by 6 begins repeating at 13. Thus 3 is a valid slope for an affine cipher and 6 is not. The key to what is going on here is that the numbers that have no repeats in their multiplication table are relatively prime to 26. Definition 3.1. Relative primes Two numbers are relatively prime if their largest common factor is 1. Given this definition, we can state the generalization: Theorem 3.1. Relative Primality in affine cipher keys An integer k, 0 < k ≤ n will have no repeats in its multiplication table mod n if and only if k is relatively prime to n The examples of 6 and 3 are consistent with the theorem. 3 is relatively prime to 26; 6 is not. 26 and 6 are both even and thus share the factor 2. All even numbers share a factor of 2 with 26. All have multiplication tables that begin repeating at 13 (check this out). 13 evenly divides 26. Thus it shares the common factor 13 with 26; its division table contains even more repeats: 0 13 0 13 6 13 1 13 14 0 2 0 15 13 3 4 13 0 16 17 0 13 5 13 18 0 6 0 19 13 7 13 20 0 8 0 21 13 9 13 22 0 10 0 23 13 11 13 24 0 12 0 25 13 The explanation of why lack of relative primality entails repeats is relatively straight forward. Let k be an integer such that 0 ≤ k < n and k and n are not relatively prime. Then there is some greatest common factor p such that n = ps k = pr Where s and r are positive integers less than n and k respectively. Then ks is in the multiplication table mod n for k and ks = prs = psr = nr So ks is a multiple of n; therefore ks ≡ 0 mod n 5 So the multiplication table for k will begin repeating at s. This is illustrated in our example, the multiplication table for 6 in (1b). The greatest common factor of 6 and 26 is 2: 26 = 2 · 13 6=2·3 So 13 plays the role of s. And indeed 6 · 13 is 0 and the multiplication table begins repeating there. What about the other direction? The claim is that being relatively prime entails lack of repeats in the multiplication table. Suppose contrary to this claim that k and n are relatively prime and there is a repeat. Then we have two distinct positive integers p and q less than n such that: kp ≡ kq mod n Then by theorem 2.1: n | kp − kq n | k(p − q) But if this is true then n | (p − q) because k and n are relatively prime by assumption. Then by theorem 2.1: p≡q mod n But this contradicts our assumption that p and q are positive integers less than n and distinct. So we can’t maintain all our assumptions simultaneosuly, and the only one we made that was at all in question was our starting assumption that kp ≡ kq mod n where p and q are distinct positive integers less than n. So relative primality does entail no repetitions in the multiplication table. A closely related concept to relative primality is having an inverse. Definition 3.2. Inverse mod n The inverse an element k mod n is an element j such that k·j ≡1 mod n We generally write the inverse of k as k −1 . 6 It turns out that having an inverse mod n is equivalent to being relatively prime to n: Proposition 3.1. Relative primality mod n and inverses A number has a multiplicative inverse prime to n. mod n mod n if and only if it is relatively Why is this true? It follows immediately from Theorem 3.1 that numbers relatively prime to n have inverses mod n. Since the multiplication table must include n results (including 0) with no repeats, all less than n, one of these results must be 1. We leave for elsewhere the proof that having an inverse entails relative primality. 3.2 Inverses and operations We will look more more carefully at inverses later in the course since they play a key role in public key cryptography. The point to emphasize here is that inverses are relative to operations and the identity elements for operations Up to now we have talking about about multiplicative inverses. The identity element for multiplication is 1 and so the definition of the multiplicative inverse mod n of an element k is an element k −1 such that k · k −1 ≡ 1 mod n The definition of an identity element e — for any operation — is an element such that for ANY element k e is combined with the result is k. If we use ◦ for our operation, then for any k (including e): e◦k =k For multiplication the guy who fits this bill is obviously 1. For other arithmetic operations the answer may be different. For addition the identity element is 0: 0+k =k For any k. 7 Therefore an additive inverse of k is an element which added to k is 0. In ordinary arithmetic the inverse of a positive integer is always a negative integer. In modular arithmetic, however, there is always another positive number that is an inverse. The additive inverse of 3 mod 26 is 23, since 3 + 23 ≡ 0 mod 26 And in general the additive inverse of any k mod n is n − k. So additive inverses in modular arithmetic differ from multiplicative inverses. Every number is guaranteed to have an additive inverse mod n. But only numbers relatively prime to have multiplicative inverses. Summarizing the discussion of this section, the notion inverse is only welldefined relative to an operation. In order for an operation to have inverses, there must first be an identity element e for that operation. Then an inverse of an element k for an operation ◦ is another (not necessarily distinct) element such that k ◦ k −1 = e. One final note: Inverses don’t have to be distinct. In modular arithmetic, for example, there are many examples of numbers that are their own inverses. Consider 5 mod 6: 5 · 5 = 25 ≡ 1 mod 6 So 5 is its own inverse. It also makes sense to say 5 is a square root of 1 mod 6. 8