security in computing chapter 12, cryptography explained part 2

1

Security in ComputingChapter 12, Cryptography Explained

Part 2

Summary created byKirk Scott

2

• This set of overheads corresponds to the second portion of section 12.1 in the book

• The overheads for Chapter 12 roughly track the topics in the chapter

• Keep this in mind though:• On some topics I simply go over the book’s material• On other topics I expand on the book’s material in a

significant way• You are responsible not just for what’s in the book, but

also what’s in the overheads that’s not in the book

3

Book Section 12.1, Mathematics for CryptographySubsection Heading: Properties of Arithmetic

• These are the sub-subheadings covered in this portion of the overheads:

• Inverses• Primes• Greatest Common Divisor• Euclidean Algorithm• Modular Arithmetic• Example• These topics may be covered in a different order and in

more or less detail than in the book

4

Math for Encryption

• 1. Thinking Concretely about Division and Remainders. The Euclidean Algorithm for Finding the Greatest Common Divisor.

• 2. Algebraic Background• 3. Modular Arithmetic and Modular Fields

5

1. Thinking Concretely about Division and Remainders. The Euclidean Algorithm for Finding the Greatest Common Divisor.

6

Prime Number, Definition

• Any integer greater than 1 that has only 1 and itself as factors is prime.

• Historically, the number 1 has occasionally been treated as a prime number.

• It is certainly true that it only has 1 and itself as factors.

• It is generally not included in the definition of primes, not because it fails in some way, but because it has so many other unique characteristics, that classifying simply as prime does not do it justice.

7

Composite Number, Definition

• A number which is not 1 and not prime is composite.

• In other words, an integer greater than 1 which has factors other than 1 and itself is composite.

8

Greatest Common Divisor, Definition

• The greatest common divisor is the largest integer which is a factor of two other integers.

• The notation is usually given as follows: • Given a and b, positive integers, gcd(a, b) = x is

the largest integral factor of a and b. • Note that x <= a and x <= b.

9

Relatively Prime, Definition

• Given 2 positive integers, a and b, if the gcd(a, b) = 1, then a and b are relatively prime.

• Both a and b may be composite. • If you did a prime factorization of a and b you

would find that they have no prime factors in common.

10

Finding the gcd(a, b)

• One approach to finding the greatest common divisor of 2 positive integers:

• Find the prime factorization of each. • The product of the prime factors they have in

common forms the greatest common factor or greatest common divisor.

11

Example of Finding the gcd(a, b)

• For example:• 72 = 2 * 2 * 3 * 3• 30 = 2 * 3 * 5• The common prime factors of the two

numbers are 2 and 3. • 2 * 3 = 6 is their greatest common divisor.

12

The Euclidean Algorithm

• This is an algorithm for finding the gcd• It is iterative in nature• It is suitable for implementation in a computer

program• It does not involve finding the prime

factorizations of a and b

13

An Explanation of the Euclidean Algorithm without Proof

• Let x = gcd(a, b)• Suppose a > b• Suppose you did modular arithmetic:• a % b remainder r• x also goes into r evenly

14

• Informally, this is why: • a is a multiple of x• b is a multiple of x• subtract one multiple of x from another and

what’s left should be a multiple of x• Then gcd(a, b) = gcd(b, r)

15

• This is iterative; repeat the process• r < b• b % r new, smaller r1

• If x went into b and r, it will go into r1 evenly

• The gcd(a, b) = gcd(b, r) = gcd(r, r1)

• This will eventually converge to rn = 0

• At that point, you can conclude that rn-1 = x

16

A More Formal Explanation of the Euclidean Algorithm

• Let integers a and b be given.• Let x = gcd(a, b)• Without loss of generality, assume that a > b.

Then it is possible to write the following:• a = m • b + r

17

• a = m • b + r• Since x = gcd(a, b), then there must be some

values a1 and b1 such that:

• a = a1x, and b = b1x• Now substitute these expressions for a and b

into the expression relating a and b:• a1x = mb1x + r

18

• a1x = mb1x + r• Now solve the expression for r:• r = mb1x – a1x

• r = x(mb1 – a1)• Conclusion: • x, the gcd(a, b), is also a factor of r• x goes evenly into r

19

• So you know that gcd(a, b) = x goes into r• There are now two intertwined questions:• Is x the gcd(b, r)?• Is the gcd(b, r) = gcd(a, b)?• In other words, is the following true:• gcd(a, b) = x = gcd(b, r)

20

• The way to show this is to consider and eliminate two cases:

• 1. gcd(b, r) = y is less than gcd(a, b) = x• 2. gcd(b, r) = y is greater than gcd(a, b) = x• If you can eliminate theses cases, the

conclusion is that x = gcd(b, r) = gcd(a, b)

21

• Case 1:• Could this be true? gcd(b, r) = y < x = gcd(a, b).• By definition, gcd(a, b) is a factor of b. • The preceding sequence of steps showed that

gcd(a, b) is also a factor of r.• Thus, gcd(a, b) goes into both b and r • This means that gcd(b, r) has to be at least as big as

gcd(a, b)• In other words, y cannot be less than x

22

• Case 2:• Could this be true? gcd(b, r) = y > x = gcd(a, b).• Since y = gcd(b, r), there must be some values

b2 and r2 such that:• b = b2y and r = r2y• Now go back to the original expression relating

a, b, and r:• a = mb + r

23

• a = mb + r• Now substitute the expressions in y for b and r

in the expression relating a, b and r:• a = mb2y + r2y• Factoring the previous expression gives:• a = y(mb2 + r2)

24

• In other words, y is a factor of a.• y is also a factor of b.• As a common factor of a and b, y cannot be

greater than gcd(a, b)

25

• Case 1 showed that y = gcd(b, r) is at least as big as x = gcd(a, b)

• Case 2 showed that y = gcd(b, r) can’t be greater than x = gcd(a, b)

• Therefore y = gcd(b, r) = x = gcd(a, b)• Having shown this for the first step, with r, the

same reasoning applies at every step, for ri

26

An Outline of the Iteration

• Given a and b, it is possible using integer division and modulus to find b and r.

• The process can then be repeated on b and r. • • a = mb + r0 gcd(a, b) = gcd(b, r0)• b = m1r0 + r1 gcd(b, r0) = gcd(r0, r1)• r0 = m2r1 + r2 gcd(r0, r1) = gcd(r1, r2)• …• You stop when you reach a remainder of 0.

27

An Illustrative Example• Let a = 72 and b = 30.• • 72 = 2 * 30 + 12 a = 72, m =2, b = 30, r0 = 12

• 30 = 2 * 12 + 6 b = 30, m1 = 2, r0 = 12, r1 = 6• 12 = 2 * 6 + 0 r0 = 12, m2 = 2, r1 = 6, r2 = 0• • The final remainder is 0 and the remainder before that was 6.• According to the algorithm, gcd(72, 30) = gcd(30, 12) = gcd(12, 6)

= gcd(6, 0)• gcd(a, b) = gcd(6, 0) = 6 because anything divides 0 and 6 is the

largest divisor of 6

28

Another Example

• Consider the case where a and b are relatively prime.

• You know their gcd should come out as 1.• Let a = 17 and b = 6• 17 = 2 * 6 + 5• 6 = 1 * 5 + 1• 5 = 5 * 1 + 0• The gcd(17, 6) = gcd(1, 0) = 1

29

How Do You Know This Really Converges to 0?

• Consider the following points:• At every step, rj < ri.• All ri >= 0.• All ri are integers.• Logic tells you that r is eventually going to reach 0.• That may not be very satisfying.• There may be a more intuitive argument, but I

won’t pursue that.

30

2. Algebraic Background

31

• Algebras in general are defined in terms of one or more operators and a set of values which the operators can be applied to.

• For the purposes of the initial exposition below, let a single operator be represented by • and the set of interest be S.

• Within an algebraic system, certain properties can be defined.

32

Properties of Algebra

• Here are the definitions of some of the properties of an algebraic system:

• Closure: Given a, b ε S, a • b ε S.– The result of the operation is also in the set

• Identity: Given some arbitrary a ε S, there is an i ε S such that a • i = i • a = a.– The identity gives the element a back. – For the familiar operations + and * the identities

are 0 and 1, respectively.

33

• Inverse: For some a ε S, its inverse is a-1 ε S such that a • a-1 = i.– a and its inverse give the identity back.– In a regular system of arithmetic over the reals,

note that the additive identity, 0, does not have a multiplicative inverse

– There’s nothing you can multiply 0 by to get 1 back as a result; you only get 0 back as a result.

34

• The Associative Property: For a, b, c ε S, (a • b) • c = a • (b • c).– It doesn’t matter how you group the operands.

• The Commutative Property: For a, b ε S, a • b = b • a.– The order of the operands doesn’t matter.

35

• The Distributive Property: Given two operations on the set, + and *, * distributes over + if the following holds:

• For a, b, c ε S, a * (b + c) = (a * b) + (a * c).– In regular arithmetic, multiplication distributes over

addition; addition doesn’t distribute over multiplication.

– In a two operation system, (the inverses of) the operations do not have exactly the same characteristics.

36

Commentary on Alternative Systems, Commutativity, and the Inverse

• We are accustomed to the way things work with the familiar arithmetic operations + and *.

• In the real numbers all elements have inverses except for a multiplicative inverse of 0.

• For example, the additive inverse of 1 is -1 and the multiplicative inverse of 7 is 1/7.

• Depending on the set of values and the operation of a system, some values may not have inverses.

• If you restrict yourself to the set of integers, no values except 1 and -1 have multiplicative inverses.

• If you restrict yourself to the set of positive integers, there are no additive inverses.

37

• Other systems can have even stranger characteristics.

• In the reals, the inverse is commutative• a • a-1 = a-1 • a = i . • In some systems the commutative property may

not hold for inverses.• Elements of the set could have a left inverse

which was not an inverse on the right, and vice-versa.

38

Algebraic Structures

• The algebraic structures will seem obscure at the moment.

• What good are they?• It turns out that significant encryption systems

are based on modular arithmetic• Modular arithmetic is not like regular

arithmetic• It behaves differently

39

• You will eventually see that modular arithmetic embodies one of the algebraic structures that will be presented.

• The behavior of modular arithmetic IS the behavior of that algebraic structure.

• A sequence of structures will be presented.• The definitions of the later structures are stated

in terms of the definitions of the earlier ones.

40

• There are three basic algebraic structures:• Groups• Rings• Fields• To cut to the chase, modular arithmetic embodies

an algebraic field• In order to understand what a field is, you have to

proceed through the definitions of groups and rings• These algebraic structures will be presented below.

41

Algebraic Groups

• An algebraic group consists of a set S• The group has one operation, say •• The set and operation have these 4

properties: – Closure under •. – Identity under •. – An inverse for all elements of the set under •. – Associativity under •.

42

Commentary on Groups

• Notice that commutativity is NOT one of the properties of a group.

• There are groups which are commutative and it is generally easier to think of an example of a commutative group than a plain group.

• For instance, consider the positive and negative integers under addition.

• This satisfies all four of the requirements for a group.• In addition the commutative property holds.

43

A Biographical Interlude

• From Widipedia:• “Niels Henrik Abel (5 August 1802 – 6 April

1829) was a noted Norwegian mathematician[1] who proved the impossibility of solving the quintic equation in radicals… he invented (independently of Galois) an extremely important branch of mathematics known as group theory…”

44

• From Wikipedia, continued:• “Mathematician Felix Klein wrote about Abel:• ‘…I will not sound absurd if I compare his kind

of productivity and his personality with Mozart's…’”

45

• Commutative groups are known as abelian groups in his honor.

46

Matrix Algebra: A System that Differs from the Reals

• What follows is not a full exposition of the questions of commutativity and inverses.

• It is simply an illustration of the fact that you have encountered mathematical constructs where not all of the familiar rules of algebra in the integers or reals apply.

• Matrix algebra has characteristics that differ.

47

• Let A be an m x n matrix. • Let B be an n x p matrix. • Let the • represent standard matrix

multiplication. • Then A • B is a well defined operation because

A has the same number of columns as B has rows.

48

• On the other hand, A • B ≠ B • A because B • A is not even a valid product, assuming that p ≠ m.

• Thus, in general, matrix multiplication is NOT commutative.

• It is commutative only in the special case of square matrices.

49

• The zero matrix of any size has no inverse.• A non-zero matrix might also have no inverse.• A given non-zero matrix might also have an

inverse on one side but not the other.• Examples will be given.• If the matrix is not square, even if it had inverses

on both sides, those inverses couldn’t be the same because they would have different numbers of rows and columns.

50

• First of all, consider any zero matrix such as the following:

• There is no 2 x 2 matrix that it can be multiplied by to arrive at the identity:

0000

1001

51

• The preceding result is not surprising.• It is the way things work in a two operation

system, as already noted for the reals.• The additive identity does not have a

multiplicative inverse.

52

• At this point we’re talking about groups, which just have the one operation (multiplication in this example)

• That the 0 matrix is the additive identity for matrices is not directly relevant

• However, it’s not an accident that things work out this way

53

• Now consider a matrix where the rows and columns are linear combinations of each other:

• An inverse would be of this form:

4221

dcba

54

• For the inverse to work, these equations, among others, would have to be satisfied:

• a + 2c = 1• 2a + 4c = 0• Multiply the top equation by 2 and you get:• 2a + 4c = 2 • This system of two equations is inconsistent,

so no inverse of the matrix can exist.

55

• If A is m x n, a right hand inverse matrix of A, say A1

-1, has to be n x m, and the product A • A1

-1 would give Im, the square identity matrix with dimensions m x m.

• A left hand inverse matrix of A, A2-1, has to be

n x m, and the product A2-1 • A would give In,

the square identity matrix with dimensions n x n.

56

• Now consider this matrix:

• You can verify that it has this unique left hand inverse:

121

211

32

311

31

321

57

• It is easy to see that the left hand inverse is not the right hand inverse.

• It is not hard to show that the equations for a right hand inverse for this matrix are inconsistent, meaning that one doesn’t exist.

58

• We have not said what kind of algebraic structure matrix algebra is.

• That, specifically, isn’t important to us.• Matrix algebra was brought up for this reason:• It reminds you that you have encountered

algebraic systems different from the reals.

59

• In particular, commutativity, identities, and inverses may are an issue with matrix algebra.

• Keep in mind the defining characteristics of a group, which are repeated on the following overhead.

60

• An algebraic group consists of a set S• The group has one operation, say •• The set and operation have these 4

properties: – Closure under •. – Identity under •. – An inverse for all elements of the set under •. – Associativity under •.

61

• Take the set S consisting of all of the integers, and the arithmetic addition operation for example

• This set and operation would satisfy all of the requirements for being a group.

• Incidentally, it would also satisfy commutativity, which would make it an abelian group.

62

Algebraic Rings

• An algebraic ring consists of a set S• The ring has two operations, say + (which we will

call addition) and * (which we will call multiplication)

• The set and operations have these 4 properties:– Under addition, S is an Abelian group.– S is closed under multiplication.– Multiplication is associative.– Multiplication distributes over addition.

63

• The set S, consisting of all of the integers, and the arithmetic operations + and * would satisfy the requirements for an algebraic ring.

• Notice that the properties of a ring do not include inverses under the multiplication operation.

• Except for the identity element 1, which is its own inverse, the integers don’t contain multiplicative inverses.

• Since this is not required, this is still a ring.

64

• For our purposes the ring is an intermediate structure.

• We are more interested in the structure that follows, the algebraic field.

• Its definition relies on knowing both what a group and a ring are.

65

Algebraic Fields

• An Algebraic Field consists of a set S with two operations, addition (+) and multiplication (*) and the following properties:– S is a ring.– With the exception of the 0 element (the additive

identity), which does not have a multiplicative inverse, S satisfies the requirements for an Abelian group under multiplication.

66

• The definition on the previous overhead is the compact one.

• It depends on your remembering the definitions of a group and a ring.

• A field can also be defined by listing all of its basic properties.

• This is done on the following overheads.

67

• A field consists of a set S with two operations, + and *

• The operation + has these properties in S:• Closure• Associativity• Commutativity• Identity• An inverse for all elements

68

• The operation * has these properties in S:• Closure• Associativity• Commutativity• Identity• With the exception of the additive identity (0)

there is an inverse for all elements

69

• The following relationship holds between the operations * and +:

• * distributes over +• Note: I checked with one of the mathematicians• There is a subtlety here• Technically it may be more correct to say that

the additive identity does not have to have a multiplicative inverse

70

• You may have heard the expression “the field of real numbers”.

• This means that the real numbers form an algebraic field.

• The properties given above correspond to the everyday characteristics of arithmetic with real numbers that we are used to.

71

What About No Inverse for 0?

• You’re so used to the fact that 0 doesn’t have a multiplicative inverse, you probably haven’t thought about it before.

• This is not an entirely foreign realm of thought though.

• Consider this, which you have doubtless thought about before:

• 0 is the one number that you are not allowed to divide by.

72

• Subtraction and division don’t appear in the definitions of algebraic structures.

• Subtraction is the inverse of addition and division is the inverse of multiplication.

• In other words, subtraction of x is accomplished by adding the additive inverse of x.

• Division by x is accomplished by multiplying by the multiplicative inverse of x.

73

• Why can’t you divide by 0?• Because, although you can write the expression ‘1/0’, the

thing that this is supposed to express is defined not to exist.• 0 does not have a multiplicative inverse.• Therefore, it’s impossible to multiply quantities by the

multiplicative inverse of 0.• Therefore ‘dividing by 0’ is impossible.• To say you’re going to divide by 0 is meaningless, because

by definition the set S does not contain an element that makes this possible.

74

More Commentary on the Lack of a Multiplicative Inverse for the Additive Identity

• You might ask, could you come up with an algebraic structure with two operations where the additive identity had a multiplicative inverse?

• The answer is yes• It might be useful for the sake of better

understanding what’s going on to consider such a system

75

• In the interests of having descriptive names, let these conventions be used:

• The multiplicative identity will be written multident

• The additive identity will be written addident• The multiplicative inverse will be indicated by a

superscript -1, for example, x-1

• Consider the sequence of steps on the following overheads

76

• x = x + addident• Now suppose that addident does have an

inverse• x * addident-1 = (x + addident) * addident-1

• x * addident-1 = x * addident-1 + addident * addident-1

• x * addident-1 = x * addident-1 + multident

77

• This was the ending equality:• x * addident-1 = x * addident-1 + multident• This would hold true if the multident equalled

addident• So the assumption that addident-1 existed led

to the conclusion that:• multident = addident

78

• It is possible to come up with an example where this is true.

• Suppose S = {0}• 0 + 0 = 0• 0 * 0 = 0

79

• Going back to the definition of a field, you could either say that this is the world’s smallest field—so small that it’s useless

• Or you could decide that this illustrated something that you didn’t want to deal with

• In that case you would just say that something isn’t a field if the additive identity has a multiplicative inverse

80

Why Are Fields Important?

• The concept of an algebraic field is important because a lot of advanced cryptography is based on it.

• In the next section modular arithmetic will be discussed and the claim will be asserted that modular arithmetic leads to an algebraic field.

• RSA encryption is based on the problem of finding multiplicative inverses in modular fields

• You need to grasp the algebra in order to know whether inverses exist and what the algorithms might be for finding them.

81

3. Modular Arithmetic and Modular Fields

82

Definition of Modulus

• Modular arithmetic means finding the remainder when one integer is divided by another.

• The following statements are equivalent in describing the operation of modulus for integers a, b, c, and n:

• a mod n = b• a % n = b• a = c * n + b

83

• You have already encountered modular arithmetic applied to cryptography in a very simple way.

• If the letters from a to z are represented by the integers from 0 to 25, Caesar’s cipher can be expressed using modular arithmetic:

• c = (p + 3) mod 26

84

• It is also possible to devise ciphers of this form:

• c = (p * 3) mod 26• I assert without proof that the cipher above

works OK.

85

• However, consider the following cipher:• c = (p * 2) mod 26• The integer 0 stands for the letter a and the integer 13

stands for the letter n. • Under this scheme they both encode to 0, or a. • This is a collision. • These kinds of collisions happen all the way through the

scheme. • 1 stands for b and 14 stands for o. • Both would encode to 2, or c, another collision.

86

• These collisions provide an entry point for asking algebraic questions about modular arithmetic.

• I observe that 3 and 26 are relatively prime and that 2 and 26 are not.

• Could this be the basis for the success of one of the schemes and the failure of the other?

• This question won’t be answered right now.

87

Continuing the Exploration of Modulus

• a mod n = b• By definition b is the remainder upon integer

division by n. • This means that 0 <= b < n. • b is an element of the integral range [0, n) • Given some finite n, the number of different

values that b can take on is finite.

88

• a mod n = b• If a can be taken from among all the integers

without restriction, then there is an infinite set of values a for which the modulus n is b.

• Another way of saying this is that the operation modulus n divides the set of integers into n – 1 equivalence classes, each of which is infinite.

• For a given equivalence class, each of its elements mod n gives the same value b.

89

The Definition of Equivalence Under Modulus

• “x and y are equivalent modulus n” can be expressed using this notation:

• x ≡n y• This means:• (x mod n) = (y mod n)• In other words, x and y are in the same one of

the n – 1 equivalence classes defined by modulus n.

90

• The following is also true:• x ≡n y ↔• (x – y) = kn for some integer k• That is, the difference between any two elements of a modular

equivalence class is an integer multiple of n. • In case this isn’t clear, consider the following:• x = cn + b and y = dn + b for some c and d• Then subtract both sides of the equations from each other:• x – y = (c – d)n• In other words, k = c – d, and the difference between x and y is

indeed a multiple of n.

91

Modulus and Algebraic Fields

• What does any of this have to do with the presentation of the algebraic structures in the previous section?

• Given some prime integer n.• Given the set S = {0, 1, 2, …, n – 1}.• Given an operation denoted “+” defined as normal

integer addition modulus n.• And given an operation denoted “*” defined as normal

integer multiplication modulus n.• This set of components forms an algebraic field known

as a modular field.

92

• A complete demonstration of the fact that this is true will not be given at this point.

• The required conditions are listed on the following overheads

• Most of the conditions are easily met• The crux of the use of modular fields for

encryption is whether and how one of the conditions in particular is met

93

• A field consists of a set S with two operations, + and *• The operation + has these properties in S:• Closure—add any two non-negative integers and you get a

non-negative integer—mod n puts you back in [0, n – 1], namely S

• Associativity—additive associativity works in a modular field because it works for addition of the integers in general

• Commutativity—same as above• Identity—0 is still the additive identity• An inverse for all elements—for any k in the field, add k + (n –

k) = n, mod n gives 0

94

• The operation * has these properties in S:• Closure—multiply any two non-negative integers

and you get a non-negative integer—mod n puts you back in [0, n – 1], namely S

• Associativity—multiplicative associativity works in a modular field because it works for multiplication of the integers in general

• Commutativity—same as above• Identity—1 is still the multiplicative identity

95

• With the exception of the additive identity (0) there is an inverse for all elements

• 0’s lack of a multiplicative identity is not controversial

• What is of interest is the multiplicative inverse of all of the other elements

96

• The questions are:• Does an arbitrary element x have a

multiplicative inverse?– The answer is yes.

• If so, under what conditions?– The answer is, if n is prime.

• If so, how do you find it?– This remains to be seen.

97

• This is the last condition for a field:• The following relationship holds between the

operations * and +:• * distributes over +• Again, this property holds because it holds for

regular multiplication and addition of integers• You do the arithmetic and take the modulus at

the end

98

An Example of a Modular Field• Suppose you choose n = 5, as your prime number.• The set S = {0, 1, 2, 3, 4}.• If addition is defined as addition mod 5, you can write a simple

addition table for the set:• • + 0 1 2 3 4• 0 0 1 2 3 4• 1 1 2 3 4 0• 2 2 3 4 0 1• 3 3 4 0 1 2• 4 4 0 1 2 3

99

• You can verify all of the entries in the table, but just a few should illustrate the general idea:

• (3 + 4) mod 5 = (7) mod 5 = 2• It is true that in doing the arithmetic in this way, we

make use of the value 7.• 7 is not an element of the set, but this is not a

problem because 7 is not the final answer. • Speaking algebraically, the key property illustrated by

this is closure, a property needed for the structure.

100

• You might also ask, if this is the table for the addition operation, is it clear that every element in S has an additive inverse?

• Take this for example:• (2 + 3) mod 5 = (5) mod 5 = 0• This looks a little strange because the additive

inverses are not negative.

101

• There are no negative elements in the field in the sense that the integers or the reals have negatives.

• However, by definition 2 and 3 are additive inverses of each other.

• You can quickly confirm that every element has an additive inverse by observing that each row and each column in the addition table contains one (and only one) zero element.

102

• A more complete review of the algebraic properties of modular fields will come shortly, but first, it’s useful to take a look at a multiplication table.

• For n = 5 you get:• • * 0 1 2 3 4• 0 0 0 0 0 0• 1 0 1 2 3 4• 2 0 2 4 1 3• 3 0 3 1 4 2• 4 0 4 3 2 1

103

• Again, taking a few example illustrates the idea:

• (3 * 4) mod 5 = (12) mod 5 = 2• (2 * 3) mod 5 = (6) mod 5 = 1• Observe that the value 1 is the multiplicative

identity, and the second example illustrates the fact that 2 and 3 are multiplicative inverses of each other.

104

• It is a coincidence the same values, 2 and 3, are both additive and multiplicative inverses in this example.

• You can also observe in the table that 0 does not have a multiplicative inverse.

• You can also observe that 1 appears once in every other row and column, indicating that each non-zero element of the field has one and only one multiplicative inverse.

105

• In passing it’s possible to notice two things about the multiplication table:

• It’s symmetric• Every row and every column contains exactly

one occurrence of each of the values of S. • You could also state this by observing that

each row and each column is a permutation of S.

106

• This is a momentary detour, but hopefully it will also give some insight into what is going on.

• Consider the multiplication table mod 4. • Keep in mind that the claim was made that if n is prime, you get a

field. • The implication was that if n is composite you don’t.• • * 0 1 2 3• 0 0 0 0 0• 1 0 1 2 3• 2 0 2 0 2• 3 0 3 2 1

107

• Notice that the row and column for element 2 do not contain a 1.

• In other words, 2 does not have a multiplicative inverse in this structure.

• It is not a coincidence that 2 is a factor of 4.• Many other little discoveries might be lurking

here, but the absence of an inverse for one of the elements is enough to confirm that the structure is not an algebraic field.

108

The Properties of a Modular Field in Mathematical Notation

• Associativity:• (a + (b + c)) mod n = ((a + b) + c) mod n• (a * (b * c)) mod n = ((a * b) * c) mod n

• Commutativity:• (a + b) mod n = (b + a) mod n• (a * b) mod n = (b * a) mod n

109

• Distributivity:• (a * (b + c)) mod n = ((a * b) + (a * c)) mod n• • Identities:• (a + 0) mod n = (0 + a) mod n = a• (a * 1) mod n = (1 * a) mod n = a

110

• Inverses:• This is purely notation: • An additive inverse, -a, such that (a + (-a))

mod n = 0 exists for all a. • We know in fact that the arithmetic value of

the inverse “-a” is not negative a in the reals, a value that does not exist in S, but is (n – a).

111

• This is also notation: • A multiplicative inverse, a-1, such that (a * (a-1))

mod n = 1 exists for all a except 0. • We know in fact that the arithmetic value of the

inverse “a-1” is not 1/a in the reals, a value that does not exist in S.

• It is not clear at this point how to find the inverse.

• Its algebraic properties will be of interest.

112

• Modular arithmetic also has an additional property.

• This is not a field property, simply a computational property that might be useful when doing modular arithmetic.

• The property is called reducibility

113

• Reducibility means that taking the modulus of some expression “distributes” over its parts.

• You can apply modulus to subparts of expressions in order to simplify them

• Then you can find the modulus of the combined results rather than having to evaluate the whole expression and then find the modulus.

114

• In order to show that this is true for the addition operation, consider the following:

• a mod n = ra ↔ a = cn + ra

• b mod n = rb ↔ b = dn + rb

• Consider what happens when you evaluate the whole expression (a + b) first:

• (a + b) mod n• = ((cn + ra) + (dn + rb)) mod n• = (cn + dn + ra + rb) mod n• = (n(c + d) + (ra + rb)) mod n• = (ra + rb) mod n

115

• The expression (ra + rb) mod n matches what you would get if you applied modulus to the parts of the expression first:

• = ((a mod n) + (b mod n)) mod n• By the way, if (ra + rb) < n, then the final result would

simply be (ra + rb).• A general statement of reducibility under addition

is the following:• (a + b) mod n = ((a mod n) + (b mod n)) mod n

116

• Reducibility also applies under multiplication. • (ab) mod n• = ((cn + ra)(dn + rb)) mod n

• = (cndn + cnrb + radn + rarb) mod n

• = (n(cdn + crb + rad) + rarb) mod n

• = (rarb) mod n

117

• The expression (rarb) mod n matches what you would get if you applied modulus to the parts of the expression first:

• = ((a mod n)(b mod n)) mod n• A general statement of reducibility under

multiplication is the following:• (ab) mod n = ((a mod n)(b mod n)) mod n

118

The End