Rocco DE NICOLA

IMT Lucca

Number Theory &

Modular Arithmetic
1 https://cybersecnatlab.it
 License & Disclaimer
2

License Information Disclaimer

This presentation is licensed under the ➢ We disclaim any warranties or representations
Creative Commons BY-NC License as to the accuracy or completeness of this
material.
➢ Materials are provided “as is” without
warranty of any kind, either express or
implied, including without limitation,
warranties of merchantability, fitness for a
particular purpose, and non-infringement.
➢ Under no circumstances shall we be liable for
To view a copy of the license, visit: any loss, damage, liability or expense incurred
http://creativecommons.org/licenses/by- or suffered which is claimed to have resulted
nc/3.0/legalcode from use of this material.

© CINI – 2021 Rel. 07.02.2021

 Outline
3

➢ Introduction
➢ Prime Numbers
➢ Modular Arithmetic
➢ Logarithms

© CINI – 2021 Rel. 07.02.2021

 Outline
4

➢ Introduction
➢ Prime Numbers
➢ Modular Arithmetic
➢ Logarithms

© CINI – 2021 Rel. 07.02.2021

 Why Number Theory
5

➢ Double Key Cryptography heavily relies on some

properties of prime numbers that enable one to
➢ Exchange secret keys on line without running the risk of it
being intercepted by an adversary
➢ Encrypt with one key and decrypt with the twin one
➢ Limit the possibility of brute force attacks while
guaranteeing efficient encryption and decryption

© CINI – 2021 Rel. 07.02.2021

 Requirements for asymmetric encryption
6

➢ Computationally inexpensive to create pairs of keys

➢ Computationally inexpensive to encrypt messages for a sender
who knows the public key and to decrypt messages for a
recipient who knows the private key (or viceversa)
➢ Computationally difficult for an opponent to discover the
private key knowing the public key and to decipher a message
without knowing the private key
➢ It must be possible to use one of the two related keys for
encryption, and the other for decryption, interchangeably.

© CINI – 2021 Rel. 07.02.2021

 Requirements for asymmetric encryption
7

Public key schemes depend on appropriate so/called trap-door

one-way functions
➢ one-way function
➢ Y = f(X) Easy
➢ X = f–1(Y) hard - not feasible
➢ a trap-door one-way function
➢ Y = fk(X) is easy if k and X are known
➢ X = fk–1(Y) is easy if k and y are known
➢ X = fk–1(Y) is not feasible, if Y is known but k is not.
An easy problem can be solved in polynomial time relatively to the length of
the input
© CINI – 2021 Rel. 07.02.2021
 An example of a one-way function
8

➢ Given the number 6895601 determine whether it is the

product of two prime numbers, and what these numbers
are.
➢ A natural solution would be to try dividing 6895601 by
several prime numbers smaller than the number under
consideration until you find the answer. Difficult!
➢ If one knows that 1931 is one of the numbers, the
answer can be found by computing 6895601 ÷ 1931

© CINI – 2021 Rel. 07.02.2021

 Issues of asymmetric encryption
9

➢ Brute force attacks are theoretically possible.

➢ Very large keys are needed: a 64-bit private key scheme has a
security more or less similar to that of a 512-bit RSA (the
most used Public Key Cryptography).
➢ The problem is well known, but is made difficult enough to
make it unworkable by resorting to very large numbers.
➢ Encryption and decryption are much slower than for single
key schemes.

© CINI – 2021 Rel. 07.02.2021

 Number Theory
10

➢ Number theory is fundamental for facing the

challenges of asymmetric encryption.
➢ The key ingredients for the development of a theory
of double keys encryption are:
➢ Prime numbers
➢ Modular Arithmetic
➢ Exponentiation and Logarithms

© CINI – 2021 Rel. 07.02.2021

 Outline
11

➢ Introduction
➢ Prime Numbers
➢ Modular Arithmetic
➢ Logarithms

© CINI – 2021 Rel. 07.02.2021

 Prime Numbers
12

➢ Natural numbers N: All positive integers starting

from 1.
➢ Integers Z: All integers positive and negative,
including 0
➢ a in Z is a divisor of b if b = k * a (for some k)
➢ a has always two trivial divisors 1 and a
➢ a >= 2 is prime if it has only trivial divisors

© CINI – 2021 Rel. 07.02.2021

 Two theorems
13

➢ Division Theorem: For each a in Z and n in N, there exist unique q

and r such that a = q * n + r, where 0 <= r < n
➢ q is the quotient
➢ r (= a mod n) is the remainder
➢ Decomposition Theorem: Each natural numbers either is a prime
number or can be obtained as the product of powers of primes:
➢ 91 = 7 * 13
➢ 3600 = 24 * 33 * 52
➢ 11011 = 7 * 112 * 13

© CINI – 2021 Rel. 07.02.2021

 Numbers and prime numbers
14

➢ Theorem: If P is the set of prime numbers, any generic positive

integer a can be written as the product of exponential prime
numbers

➢ N.B.: For any specific number, for most prime numbers p in

the formula, the corresponding exponent will be 0.

© CINI – 2021 Rel. 07.02.2021

 Numbers and prime numbers
15

➢ Corollarium: To perform a multiplication between two

numbers it is sufficient to express both of them as
product of primes and then add the corresponding
exponents.
➢ Example
➢ Since: 91 = 7 * 13 and 11011 = 7 * 112 * 13
➢ We have: 91 * 11011 = 72 * 112 * 132
➢ Check! …

© CINI – 2021 Rel. 07.02.2021

 Minumum Common Multiple
16

➢ The Minimum Common Multiple of two integers a and

b, MCM(a, b), is the smallest positive integer that is
divisible for both a and b:
➢ MCM(4,6) = 12 because
➢ Multiple of 4: 4, 8, 12, 16, …
➢ Multiple of 6: 6, 12, 18 , …

© CINI – 2021 Rel. 07.02.2021

 Greatest Common Divisor
17

➢ The Greatest Common Divisor of two integers a and

b, GCD(a, b), is the largest positive integer that
divides both a and b:
➢ GCD(54,24) = 6 because
➢ 54 * 1 = 27 * 2 = 18 * 3 = 9 * 6
the divisors of 54 are: 1, 2, 3, 6, 9, 18, 27, 54
➢ 24 * 1 = 12 * 2 = … 3 * 8 …
the divisors of 24 are: 1, 2, 3, 4, 6, 8, 12, 24

© CINI – 2021 Rel. 07.02.2021

 Computing GCD
18

Euclid’s algorithm
➢ Given two natural numbers a and b,
➢ if b is zero a is the MCD.
➢ If b is different from 0, divide a by b and assign the remainder to r (a mod
b). If r = 0 then b is the MCD, otherwise let a = b and b = r and repeat the
division again.

Extended Euclid’s algorithm

➢ Keeping note of the quotients obtained during the algorithm, you
can determine two integers p and q such that MCD(a, b) = ap + bq

© CINI – 2021 Rel. 07.02.2021

 Outline
19

➢ Introduction
➢ Prime Numbers
➢ Modular Arithmetic
➢ Logarithms

© CINI – 2021 Rel. 07.02.2021

 Modular Arithmetic
20

➢ It is a system of arithmetic for integers, where the numbers "wrap"

when they reach a certain value - the module!
➢ It is based on a congruence relation over integers that is compatible
with addition, subtraction and multiplication operations.
➢ Two numbers a and b are congruent relatively to n (a ≡ b (mod n)),
if their difference a - b is an integer multiple of n.
➢ a ≡ b (mod n) establishes that a and b have the same remainder if
divided by n, i.e., a = p * n + r, b = q * n + r

© CINI – 2021 Rel. 07.02.2021

 Modular Arithmetic
21

➢ Example:
➢ 38 ≡ 14 (mod 12) because
➢ 38 − 14 = 24, which is a multiple of 12
➢ Both 38 and 14 have the same remainder (2) if divided by 12.
➢ Properties:
➢ Reflexivity: a ≡ a (mod n)
➢ Symmetry: a ≡ b (mod n) if and only if b ≡ a (mod n)
➢ Transitivity: If a ≡ b (mod n) and b ≡ c (mod n), then a ≡ c (mod n)

© CINI – 2021 Rel. 07.02.2021

 Congruence for Modular Arithmetic
22

Any two terms that are congruent modulo n can be used

interchangeably in any arithmetic operation modulo n
➢ If a1 ≡ b1 (mod n) and a2 ≡ b2 (mod n) then:
➢ a1 + a2 ≡ b1 + b2 (mod n)
➢ a1 – a2 ≡ b1 – b2 (mod n)
➢ a1 * a2 ≡ b1 * b2 (mod n)
➢ If a ≡ b (mod n), then:
➢ ak ≡ bk (mod n) for any non-negative integer k

© CINI – 2021 Rel. 07.02.2021

 Congruence for Modular Arithmetic
23

➢ A familiar use of modular arithmetic is in a 12-hour clock (the

day is divided into two 12-hour periods); if the time is 7:00 now,
then 8 hours later it will be 3:00.
➢ a (mod n) = d if and only if a = d + (k * n) for some k
➢ a is congruent to b (modulo n) if a (mod n) = b (mod n)
➢ Zn is the set of equivalence classes induced by the congruence
modulo n: [0]n [1]n …. [n-1]n , with [i]n standing for the
representative of the set of all the integers that are congruent
to i modulo n.
© CINI – 2021 Rel. 07.02.2021
 Congruence for Modular Arithmetic
24

➢ Zn is an abelian group over the sum:

➢ [a]n + [b]n = [a+b]n
➢ [0]n is the identiy element
➢ [n-a]n is the inverse of a.
➢ Zn is finite and |Zn| = n
➢ [i]n = [i + k*n]n

© CINI – 2021 Rel. 07.02.2021

 Relatively prime numbers
25

➢ Two integers a and b are said to be relatively prime,

mutually prime, or coprime if the only positive
integer that divides both of them is 1.
➢ Any prime number that divides one out of two
coprime numbers does not divide the other.
➢ The greatest common divisor (GCD) of two coprime
numbers is 1.
© CINI – 2021 Rel. 07.02.2021
 Z*n : the multiplicative group for Zn
26
➢ The set Z*n is the set of elements coprime w.r.t. n
➢ Es Z*15 = {1,2,4,7,8,11,13,14}
➢ Product: [a]n * [b]n = [a * b]n
➢ Z*n is an abelian group:
➢ The group is closed
➢ GCD(a * b, n) = 1 since GCD(a, n) = 1 and GCD(b,n) = 1
➢ The identity element is [1]n ,
➢ Multipication is associative and commutative.
➢ The cardinality of Z*n is f(n) (Euler’s totient)
➢ There exists an inverse (b) of any element (a):
1. GCD(a, n) = a * b + n * c due to extended Euclid algorithm
2. Since GCD(a, n) = 1 by hypotesis we have a * b + n * c = 1.
3. Since n X c ≡ 0 (mod n) it follows a X b ≡ 1 (mod n)
© CINI – 2021 Rel. 07.02.2021
 Euler's Theorem – Totient Function f
27

➢ Given an integer n, the totient function of a number n – f(n) – corresponds

to the number of integers smaller than n that are coprime to n.
➢ f(15) = #{1,2,4,78,11,13,14} = 8
➢ f(17) = 16 because all integers from 1 to 16 are prime relatively to 17.
➢ f(n) can be computed on the basis of the decomposition theorem
➢ f(p) = p-1 if p is prime
➢ f(17) = 16 because all integers from 1 to 16 are prime relatively to 17.
➢ f(n) = (p-1)*(q-1) if n is the product of two primes (n=p*q)
➢ f(15) = #{1,2,4,7,8,11,13,14} = 8 (4*2 because 15 = 5*3)

© CINI – 2021 Rel. 07.02.2021

 Fermat’s little theorem
28
➢ Fermat’s little theorem: Given an integer a and a prime p
with a not divisible by p, we have: ap-1 = 1 (mod p)
➢ An Example: 718 ≡ 1 (mod 19)
Picture from: W. Stalling:
Cryptography and Network
Security, International Edition,
➢
Pearson

© CINI – 2021 Rel. 07.02.2021

 A variant of Fermat’s little theorem
29

A variant of Fermats’s little theorem

Given an integer a and a prime p:
➢ ap = a (mod p)

N.B.: In this case there is no requirement Picture from: W. Stalling:

Cryptography and Network
that a be not divisible by p Security, International
Edition, Pearson

© CINI – 2021 Rel. 07.02.2021

 Euler's Theorem revisited
30

➢ Euler's Theorem:
➢ Given two integers a and n that are coprime:
af(n) = 1 (mod n)

➢ An obvious variant of Euler's Theorem:

➢ Given two integers a and n that are coprime:
af (n)+1 = a (mod n)

© CINI – 2021 Rel. 07.02.2021

 Examples for Euler’s theorem
31

➢ Given two integers a and n that are coprime :

➢ af(n) = 1 (mod n)
Two examples
➢ Given a = 3 and n = 10

➢ f(10) = #{1,3,7,9} = 4
➢ af(10)= 34 = 81 = 1 (mod 10)
➢ Given a = 2 and n = 11,

➢ f(11) = 10
➢ af(10)= 210 = 1024 = 1 (mod 11)

© CINI – 2021 Rel. 07.02.2021

 Outline
32

➢ Introduction
➢ Prime Numbers
➢ Modular Arithmetic
➢ Logarithms

© CINI – 2021 Rel. 07.02.2021

 Why logarithms
33

➢ All the systems at the basis of public key cryptography

relay on properties of the multiplicative group modulo p,
denoted by ℤ∗p, for a prime p.
➢ Their security ultimately depends on the intractability of
solving the Discrete Logarithm Problem: if you are given
g ∈ ℤ∗p and gn mod p then you have to find n.
➢ For Diffie-Hellman key exchange an eavesdropper only
sees p, g, ga and gb. Given these values, to find the
exchanged key, he/she has to find ga*b mod p.

© CINI – 2021 Rel. 07.02.2021

 Cyclic Group
34

➢ A group can be cyclic, i.e., can be generated by the

iterated composition of the operator on an element,
said “generator”
➢ ZXq, for a prime q, is a cyclic group (Gauss), thus
there exists a such that a mod q, a2 mod q, … , aq-1
mod q, generate (in any order) all the elements of
ZXq (1, 2, 3, … , q-1)
© CINI – 2021 Rel. 07.02.2021
 Primitive Roots
35

➢ A number g is a primitive root modulo n if every number

a coprime to n is congruent to a power of g modulo n.
➢ g is a primitive root modulo n if for every integer a
coprime to n, there exists an integer k such that
gk ≡ a (mod n).
➢ Such a value k is called the index or discrete logarithm of
a to the base g modulo n.

© CINI – 2021 Rel. 07.02.2021

 Discrete Logarithms
36

➢ The logarithm logb a is a number x such that bx = a

➢ The discrete logarithm logb a is an integer k such that bk = a
➢ Given 1 <= b <= q-1, there is a unique i such that ai mod q = b.
➢ i is the discrete logarithm of b with base a and modulo q:
➢ i = dloga,q(b)
➢ Important algorithms in public-key cryptography base their
security on the assumption that the discrete logarithm
problem when modular arithmetic is used has no efficient
solution.
© CINI – 2021 Rel. 07.02.2021
 Computing Primitive Roots
37

➢ The kth power of a number modulo p may be computed by

computing its kth power as an integer and then finding the
remainder after division by p.
➢ To compute 34 (mod 17) compute 34 = 81, and then divide 81
by 17, obtaining a remainder of 13, i.e., 34 = 13 (mod 17).
➢ It is more efficient to reduce modulo p multiple times during
the computation.
➢ To compute 37 (mod 17) compute 33 * 34 (mod 17) = 33 (mod 17) *
34 (mod 17) = 33 (mod 17) * 3 (mod 17) 33 (mod 17) = 10 * 3 * 10 = 300
= 11 (mod 17)

© CINI – 2021 Rel. 07.02.2021

 Primitive Roots: an example
38

The number 3 is a primitive root modulo 7 because the relative prime of 7

are 1, 2, 3, 4, 5, 6 and they can be obtained as follows:

© CINI – 2021 Rel. 07.02.2021

 The discrete logarithm problem
39

➢ The discrete logarithm is just the inverse operation of

computing primitive roots.
➢ Given a secret number b that satisfies
be ≡ c (mod n)
The problem is to find b given only the integers c, e and n.
➢ Without the modulus function one could rely on the
correspondence
logb(c) = e
but the modular arithmetic prevents you using logarithms
calculation effectively.

© CINI – 2021 Rel. 07.02.2021

 The discrete logarithm problem
40

➢ Consider the equation 3k ≡ 13 (mod 17) for k.

➢ As seen above, one solution is k = 4, but it is not the only
solution.
➢ Since 316 ≡ 1 (mod 17) – Fermat’s little theorem – it also
follows that for any integer n, we have
34+16n ≡ 34 × (316)n ≡ 13 * 1n ≡ 13 (mod 17).
➢ Hence the equation has infinitely many solutions of the
form 4 + 16n.
© CINI – 2021 Rel. 07.02.2021
 Chinese remainder theorem
41

➢ Chinese remainder theorem: if the remainders of the division

of an integer n by several integers is known, then it is possible
to uniquely determine the remainder of the division of n by
the product of these integers, under the condition that the
divisors are pairwise coprime.
➢ The theorem is widely used for computing with large integers,
as it allows replacing a computation by several similar
computations on small integers.

© CINI – 2021 Rel. 07.02.2021

© CINI – 2021 Rel. 07.02.2021
 Rocco DE NICOLA
IMT Lucca

Paolo Prinetto
President of CINI
Paolo.Prinetto@polito.it
Mob. +39 335
Number 227529 &
Theory
Modular Arithmetic
43 https://cybersecnatlab.it