# Modular Arithmetic

In encryption, modular arithmetic plays a big role. What is modular arithmetic?

You can think of it as "wrapping around". For example, think about a clock. If you have a clock, it goes from 1, 2, ... to 12, then back to 1. This is when everything is "modulo 12". So 12 is the increment by which you wrap around.

You can also think of it as remainders. This means that 12 is also equivalent to 0, because the remainder of 12 divided by 12 is 0. Let's say you start at midnight or 0 o' clock. In 13 hours, it is 1 pm because the remainder of 13 divided by 12 is 1. 

Of course, this only applies to integers. From this moment onwards, assume all variables are integers.

To be more formal, $x \text{ mod } m$ "$x$ modulo $m$" to be the remainder $r$ when we divide $x$ by $m$. This means that $x$ is of the form $qm + r$ where $q$ is the quotient and $r$ is the remainder. We also normally restrict $r$ to be in the range $0 \leq r \leq m - 1$ if we are modding by $m$. For example, $13 \text{ mod } 12 \equiv 1 \text{ mod } 12 \equiv 25 \text{ mod } 12$. 

The $\equiv$ symbol is called "equivalent" and exists because it doesn't mean "equal". Instead, it means that they are equivalent in the world of mod 12. We say that $x$ and $y$ are $\textit{congruent modulo m}$ if they differ by a multiple of $m$. 

Also, in math, instead of writing $\text{ mod } 12$ multiple times, it is usually written just once on the very right side. So, this is valid as well: $13 \equiv 1 \equiv 25 \text{ mod } 12$. 

In python, mods appear as %. Run the following block by typing shift enter to see what it prints out.

In [2]:
x = 10 % 3
print(x)

y = 11 % 3
print(y)

z = 100 % 3
print(z)

1
2
1


# Properties

If $a \equiv c (\text{mod } m)$ and $b \equiv d (\text{mod } m)$, then $a+b \equiv c+d (\text{mod } m)$

$\textit{Proof: }$ We know that numbers that are equivalent mod $m$ must differ in multiples of $m$. Therefore, $c = a+km$ and $d = b+lm$, meaning $c+d = a+km+b+lm = a+b+(k+l)m$ which means that $a+b \equiv c+d (\text{mod } m)$

If $a \equiv c (\text{mod } m)$ and $b \equiv d (\text{mod } m)$, then $ab \equiv cd (\text{mod } m)$

$\textit{Proof: }$ Once again, we know that $c = a+km$ and $d = b+lm$. This means $cd = (a + km)(b + lm) = ab + alm + bkm + lkm^2$, meaning $ab \equiv cd (\text{mod } m)$.

This means that addition, subtraction (which is adding negative numbers) and multiplication of two numbers $x$ and $y$ then modded can be done more easily by computing the mods first, ($x \text{ mod } m $ and $y \text{ mod } m$) and then applying the operation. For example, $(13+11)\cdot 18 \equiv (6 + 4) \cdot 4 \text{ mod } 7$. If you are still confused or don't believe it, you can run the block below and experiment by writing your own python code. But what about division? 

In [4]:
print(13 % 7)
print(11 % 7)
print(18 % 7)
print(((13 + 11) * 18) % 7)
print(((6 + 4) * 4) % 7)

6
4
4
5
5


# Inverses

Recall that this world of mods only applies to integers. If you arbitrarily tried to divide, like $2/3$ for instance, we would break out of the world of integers, and we don't want to do that. 

Think of how you try to find inverses before. If you want to find the additive inverse of a number $x$, then your goal is to "reverse" adding $x$ back to the previous state. Let us say $y$ is the additive inverse. Then, $x + y = 0$ in order to reverse adding $x$. From this, you can solve that $y = -x$. 

Now, let us say the multiplicative inverse of $x$ is $y$. If you want to find the multiplicative inverse of $x$, then $xy = 1 \implies y = 1/x$. The reason why $xy = 1$ is because that is how you can "undo" multiplying $x$.

But what if we want the multiplicative inverse of $x$ modulo $m$? Then, we want $xy \equiv 1 \text{ mod } m $. 

Division is then multiplying by the multiplicative inverse. 

For example, let us say we are trying to solve 8$x \equiv$ 9 (mod 15). We can then multiply both sides by $8^{-1}$ mod 15. The inverse is 2 because 8(2) $\equiv$ 16 $\equiv$ 1 mod 15. This yields 18 mod 15 $\equiv$ 3 mod 15, meaning $x = 3$. To do a quick check, we know that 8 $\cdot$ 3 = 24 $\equiv$ 9 mod 15.

Does the multiplicative inverse always exist? Let's try finding a few.

If it exists, then we know that there exists an inverse $y$ in the range $0 \leq y \leq m - 1$ because of the multiplicative property mentioned before. 

If $x=8$ and $m=15$, we know $2x = 16 \equiv 1 (\text{ mod } 15)$, so 2 is a multiplicative inverse of 8 mod 15.

If $x = 12$ and $m = 15$, hmm... There's a problem. The sequence $ax$ mod $m$ for a = 1,2,3,... is periodic, and takes on the values (12,9,6,3,0,12,9,6...). We never hit the number $1$ because it keeps cycling by the number 3. Interestingly enough, 3 is also the GCD of 12 and 15. Is that a coincidence?

It turns out, the multiplicative inverse of $x$ mod $m$ only exists if the GCD of $x$ and $m$ is 1. Recall that the greatest common divisor of two natural numbers $x$ and $y$, denoted gcd($x,y$), is the largest natural number that divides them both.

But how do we compute the inverse? Or how do we even know inverse exists? Then you can use the Euclidean Algorithm.

# Euclidean Algorithm

The Euclidean Algorithm actually computes the greatest common denominator. It relies on one major fact: 
 
 $$gcd(x, y) = gcd(y, x \text{ mod } y)$$
 
The theorem follows immediately from the fact that a number $d$ is a common divisor of $x$ and $y$ if and only if $d$ is a common divisor of $y$ and $x$ mod $y$. 

To see this, we know that $x = qy + r$ and $r = x$ mod $y$. Then, if $d$ divides $x$ and $y$ then it also divides $x$ and $qy$, and thus it also divides their difference $r = x − qy$. 

In the block below is the code for the Euclidean Algorithm. But this still doesn't solve for the inverse. To do that, we need the Extended Euclidean Algorithm.

In [5]:
def gcd(a, b):
    if a > b:
        a, b = b, a
    if a == 0: 
        return b  
    return gcd(b%a, a)

# Extended Euclidean Algorithm

What the Extended Euclidean Algorithm does is that it solves for the coefficients $x$ and $y$ such that $ax + by = gcd(a, b)$.

It's easiest to understand the Extended Euclidean Algorithm by taking a look at it in action. 
$$\begin{align*}
gcd(16, 10) &= gcd(10, 6), 16 = 10 * 1 + 6\\
&= gcd(6, 4), 10 = 6 * 1 + 4\\
&= gcd(4, 2), 6 = 4 * 1 + 2\\
&=gcd(2,0), 4 = 2 * 2 + 0 \\
&=2
\end{align*}$$
which means $d = 2$.

Reverse engineering this, we get that:
$$\begin{align*}
d &= 1 * 2 + 0 \\
&= 0 * 4 + 1 * 2 \\
&= 1 * 6 + (-1) * 4 \\
&= (-1) * 10 + 2 * 6 \\
&= 2 * 16 - 3 * 10
\end{align*}$$

The code is as follows:

In [11]:
def extended_gcd(x,y):
    if y == 0:
        return(x, 1, 0)
    else:
        (d, a, b) = extended_gcd(y, x % y)
    return((d, b, a - (x//y) * b))

Don't worry if you don't understand this. You can simply use this for the next two exercises.

# Affine Cipher

Let us say you have an alphabet with $m$ letters. The alphabet is first mapped to the integers in the range 0 to m − 1. 

The encryption function is $\displaystyle {\mbox{E}}(x)=(ax+b){\bmod {m}}$ if $x$ if your original letter. The only catch is that $a$ and $m$ have to be coprime (have GCD of 1).

The decryption function is $\displaystyle {\mbox{D}}(y)=a^{-1}(y-b){\bmod {m}}$ where $y$ is the encrypted letter.

Write the encryption and decryption functions in python below:

In [None]:
def encrypt_affine(x):
    
def decrypt_affine(y):
    

# RSA Encryption

The problem with the Affine Cipher is that it requires both the sender and receiver to know what $a$ and $b$ are in order to encrypt and decrypt. Is there a way for someone to send a message completely encrypted without even knowing the same amount of knowledge as the decrypter?

It turns out, there is! 

Let $p$ and $q$ be two large primes and $N = pq$. Let $e$ be any number that is relatively prime to $(p−1)(q−1)$.

$(N, e)$ is public. Everyone knows it. However, $(p, q)$ are private. 

$E(x) = x^e \bmod N$

$D(y) = y^d \bmod N$

It turns out, $D(y) = x$. (The proof is long and complicated.) 

Write the encryption and decryption functions in python below:

In [None]:
def encrypt_affine(x):
    
def decrypt_affine(y):
    