## Modular arithmetic

In cryptanalysis, modular arithmetic is frequently used, e.g., to wrap integers to \[0,25\], corresponding to A-Z, or 26 alphabetic letters. See [wikipedia](https://en.wikipedia.org/wiki/Modular_arithmetic) for more details.  

In the following, we will introduce some complex calculations involved in Codebusters. 

### Compute modular with a scientific calculator

$ a \pmod {m} $ can be computed with the scientific calculator as follows. 

With $a=3^{11}$, $m=26$ as an example, 
```
a = 3**11 = 177,147
divide a by m : 177,147/26 = 6813.34615
take the factional part: 0.34615
multiply by m:  0.34615*26 = 8.9999 
which is a (mod m):  3**11 (mod 26) = 9 
```

### Modular multiplicative inverse of a number

The modular multiplicative inverse of $a$ is defined as $a^{-1} a \pmod {m} = 1$. 

#### Euler's theorem 

According to Euler's theorem, if $a$ is coprime to $m$, that is, $gcd(a, m) = 1$, then

$$  a^{\phi (m)}\equiv 1{\pmod {m}},$$ 

where $\phi(m)$ is Euler's totient function. Therefore 

$$ a^{-1} = a^{\phi (m)-1} \pmod{m}.$$

If $m$ is prime, $\phi(m) = m-1$, and therefore
$$ a^{-1} = a^{m-2} \pmod{m}.$$

For $m=26$, commonly used for English Alphabet, 
$$ \phi(26) = \phi(2*13) = 26(1-1/2)(1-1/13) = 12 $$


Therefore
$$ a^{-1} = a^{11} \pmod {26}, $$ 
which can be computed with a scientific calculator, as shown above.

The example given above, shows

$$ 3^{-1} \pmod{26} = 3^{11} \pmod {26} = 9 $$. 

Usually, the multiplicative inverse table is provided at the competition, 


|$a$      | 1| 3| 5| 7| 9|11|15|17|19|21|23|25|
|:-------:|--|--|--|--|--|--|--|--|--|--|--|--|
|$a^{-1}$ | 1| 9|21|15| 3|19| 7|23|11| 5|17|25|



<a id='2x2matrix'></a>

### Modular multiplicative inverse of a  2x2 matrix

In Hill Cipher, the encryption key is a 2x2 or 3x3 matrix, 

$$ A = \begin{pmatrix}
a & b \\
c & d
\end{pmatrix}
$$

the decryption key is the modular multiplicative inverse of $A$, or $A^{-1}$ with 

$$A^{-1} A \pmod{m} = I,$$

where $I$ is the identity matrix. 

The most straightforward method to solve $A^{-1}$ is by the formula

$$ A^{-1} = d^{-1} adj(A) \pmod{m} $$ 

where $d^{-1}$ is the modular multiplicative inverse of the determinant $d$, and $adj(A)$ is the adjugate matrix of $A$. 

Other methods include Gaussian Eliminations, LU decompositions, ... 

#### Inverse by the determinant and the adjugate matrix

For a matrix

$$ A = \begin{pmatrix}
a & b \\
c & d
\end{pmatrix},
$$
its determinant
$$ d =  \begin{vmatrix}
a & b \\
c & d
\end{vmatrix} = ad -bc$$
and its adjugate matrix
$$ adj(A) = \begin{pmatrix}
d & -b \\
-c & a
\end{pmatrix}.
$$

Without modular arithmetic, it can be easily verified that 

$$ \frac {1}{ad-bc}
\begin{pmatrix}
a & b \\
c & d
\end{pmatrix}
\begin{pmatrix}
d & -b \\
-c & a
\end{pmatrix}
= 
\begin{pmatrix}
1 & 0 \\
0 & 1
\end{pmatrix}
$$

With modular arithmetic, all elements in $A$, $A^{-1}$ are integers, which make the inversion more complex. We use an example in Hill Cipher to demonstrate the calcuation, $m=26$ and  

$$ 
A = \begin{pmatrix}
25 & 0  \\
2 &  7
\end{pmatrix}. 
$$ 

Step 1, the determinant 
$$ 
d = \begin{vmatrix}
25 & 0  \\
2 &  7
\end{vmatrix} \pmod{26} = 25*7  \pmod{26} = 19
$$ 

Step 2, the modular multiplcative inverse of $d$, (see above) 
$$
d^{-1} = d^{11} \pmod {26} = 19^{11} \pmod{26} = 11 
$$ 

Step 3, the adjugate matrix
$$ 
adj(A) = \begin{pmatrix}
d & -b \\ 
-c & a 
\end{pmatrix}
=
\begin{pmatrix}
7 & 0 \\
-2 & 25
\end{pmatrix}
$$ 

Step 4, compute 
$$ 
d^{-1} adj(A) \pmod{26} = 11 \begin{pmatrix}
7 & 0 \\
-2 & 25
\end{pmatrix} \pmod{26} 
= \begin{pmatrix}
77 & 0 \\
-22 & 275
\end{pmatrix} \pmod{26} 
= \begin{pmatrix}
25 & 0 \\
4 & 15
\end{pmatrix} \pmod{26} 
$$ 

Therefore,
$$ 
A^{-1} = \begin{pmatrix}
25 & 0 \\
4 & 15
\end{pmatrix} \pmod{26} 
$$ 

#### Inverse by Gaussian eliminations

Now we demonstrate how to use Gaussian eliminations, which seems to be easier. We write down the matrix together with an identity matrix 

$$ 
(A|I) = 
\left(
\begin{array}{cc|cc}
25 & 0 & 1 & 0  \\
2 &  7 & 0 & 1
\end{array}
\right)
. 
$$ 

and try to turn the left matrix into an identity matrix, in the modulo sense, with the Gaussian Eliminations. For example, 

$$ 
(A|I) = 
\left(
\begin{array}{cc|cc}
50 & 0 & 2 & 0  \\
50 &  7*25 & 0 & 25
\end{array}
\right)
\to 
\left(
\begin{array}{cc|cc}
50 & 0 & 2 & 0  \\
0 &  7*25 & -2 & 25
\end{array}
\right)
\to 
\left(
\begin{array}{cc|cc}
25 & 0 & 1 & 0  \\
0 &  19 & -2 & 25
\end{array}
\right)
$$ 

where step1, we multply top line by 2, and bottom line by 25; step2, we subtract top line from bottom line, to make the first element zero; step 3, now we have a diagonal form for the left matrix and we calculate the modular multiplicative inverse for each line. Note that in order to have a modular multiplicative inverse, the number has to be coprime with 26. So we divide the first line by 2, to get 25; the second line 7\*25 is coprime, we can take the modular, $ 7*25 \pmod{26} = 19$. Now we compute the modular multiplicative inverse, $25^{-1} \pmod{26} = 25$, and $19^{-1} \pmod{26} = 11$. 

We now multiply the first line by 25 and the second line by 11, and take modulo, 
$$
\left(
\begin{array}{cc|cc}
25*25 & 0 & 25 & 0  \\
0 &  19*11 & -2*11 & 25*11
\end{array}
\right)
\to  
\left(
\begin{array}{cc|cc}
1 & 0 & 25 & 0  \\
0 &  1 & 4 & 15
\end{array}
\right)
$$ 

and the right matrix is $A^{-1} \pmod{26}$,

$$ 
A^{-1} = \begin{pmatrix}
25 & 0 \\
4 & 15
\end{pmatrix} \pmod{26} 
$$ 

Note that we need to keep all numbers integers in the process, which is different from regular matrix inverse. Also, the diagonal numbers in the final step should be inversible, which is the requirement of the Hill Cipher. 

<a id='3x3matrix'></a>

### Modular multiplicative inverse of a  3x3 matrix

#### Inverse by the adjugate matrix

For a 3x3 matrix, 
$$ A = \begin{pmatrix}
a & b & c \\
d & e & f \\
g & h & i
\end{pmatrix},
$$

its determiant can be computed from the following form, 
$$ d =   \begin{vmatrix}
a & b & c \\
d & e & f \\
g & h & i
\end{vmatrix}
= a \begin{vmatrix}
e & f \\
h & i 
\end{vmatrix} 
- b \begin{vmatrix}
d & f \\
g & i 
\end{vmatrix} 
+ c \begin{vmatrix}
d & e \\
g & h 
\end{vmatrix} $$
i.e., using the first row (or any other row/col), for each element in that row, getting a 2x2 submatrix by removing the elements in the same row or column as the element. 

For the adjugate matrix, we write its cofactor matrix at first,   

$$
C = \begin{pmatrix}
    +\begin{vmatrix}
             e & f \\
             h & i \\
    \end{vmatrix}   & 
    -\begin{vmatrix}
             d & f \\
             g & i \\
    \end{vmatrix} &  
    +\begin{vmatrix}
             d & e \\
             g & h \\
    \end{vmatrix}   \\
    -\begin{vmatrix}
             b & c \\
             h & i \\
    \end{vmatrix}   & 
    +\begin{vmatrix}
             a & c \\
             g & i \\
    \end{vmatrix} &  
    -\begin{vmatrix}
             a & b \\
             g & h \\
    \end{vmatrix}   \\
    +\begin{vmatrix}
             b & c \\
             e & f \\
    \end{vmatrix}   & 
    -\begin{vmatrix}
             a & c \\
             d & f \\
    \end{vmatrix} &  
    +\begin{vmatrix}
             a & b \\
             d & e \\
    \end{vmatrix}   \\
\end{pmatrix}
$$

The adjugate matrix is the transpose of the cofactor matrix $C$, i.e., exchanging elements wrt the digonal line, 

$$ 
adj(A) = C^T =
\begin{pmatrix}
    +\begin{vmatrix}
             e & f \\
             h & i \\
    \end{vmatrix}   & 
    -\begin{vmatrix}
             b & c \\
             h & i \\
    \end{vmatrix}   & 
    +\begin{vmatrix}
             b & c \\
             e & f \\
    \end{vmatrix}   \\
    -\begin{vmatrix}
             d & f \\
             g & i \\
    \end{vmatrix} & 
    +\begin{vmatrix}
             a & c \\
             g & i \\
    \end{vmatrix} &  
    -\begin{vmatrix}
             a & c \\
             d & f \\
    \end{vmatrix} \\
    +\begin{vmatrix}
             d & e \\
             g & h \\
    \end{vmatrix}   & 
    -\begin{vmatrix}
             a & b \\
             g & h \\
    \end{vmatrix}   &  
    +\begin{vmatrix}
             a & b \\
             d & e \\
    \end{vmatrix}   \\
\end{pmatrix}
$$

In practice, we recommend to start with the cofactor matrix, since its form is easier to remember. 

To obtain the modular mulplicative inverse matrix, 

$$ A^{-1} = d^{-1} adj(A) \pmod{m} $$ 

A detailed example can be found at [crypto.interactive-maths.com](https://crypto.interactive-maths.com/hill-cipher.html#3x3decypt_). 

#### Inverse by Gaussian Elimination 

See the procedure definitions of Gaussian Eliminations in 2x2 matrix section. 

We use an example to demonstrate 
$$ 
(A|I) = 
\left(
\begin{array}{ccc|ccc}
0 & 11 & 15 &  1 &  0 & 0  \\
7 &  0 & 1  &  0 &  1 & 0  \\
4 & 19 & 0  &  0 &  0 & 1 
\end{array}
\right)
$$ 

The first step is to, in the first column, make all numbers zero except the first line,  

$$
\overset{L1=L1+L2}{\to}
\left(
\begin{array}{ccc|ccc}
7 & 11 & 16 &  1 &  1 & 0  \\
7 &  0 & 1  &  0 &  1 & 0  \\
4 & 19 & 0  &  0 &  0 & 1 
\end{array}
\right)
\overset{L2=L2-L1}{\to}
\left(
\begin{array}{ccc|ccc}
7 & 11 & 16 &  1 &  1 & 0  \\
0 & -11 & -15  &  -1 &  0 & 0  \\
4 & 19 & 0  &  0 &  0 & 1 
\end{array}
\right)
$$

$$
\overset{L3=7*L3-4*L1}{\to}
\left(
\begin{array}{ccc|ccc}
7 & 11 & 16    &  1  &  1 & 0  \\
0 & -11 & -15  &  -1 &  0 & 0  \\
0 & 89 & -64   &  -4  &  -4 & 7 
\end{array}
\right)
\overset{\mod if needed}{\to}
\left(
\begin{array}{ccc|ccc}
7 & 11 & 16    &  1  &  1 & 0  \\
0 & 15 & 11  &  -1 &  0 & 0  \\
0 & 11 & 14   &  -4  &  -4 & 7 
\end{array}
\right)
$$

The second step is to make the second number in Line 3 vanish by combinating Line 2 and Line 3, or to make the third line diagonal, 

$$
\overset{L3=15*L3-11*L2}{\to}
\left(
\begin{array}{ccc|ccc}
7 & 11 & 16    &  1  &  1 & 0  \\
0 & 15 & 11  &  -1 &  0 & 0  \\
0 & 0 & 89   &  -49  &  -60 & 105 
\end{array}
\right)
\overset{\mod if needed}{\to}
\left(
\begin{array}{ccc|ccc}
7 & 11 & 16    &  1  &  1 & 0  \\
0 & 15 & 11  &  -1 &  0 & 0  \\
0 & 0 & 11   &  3  &  18 & 1
\end{array}
\right)
$$

The third step is to make the second line diagonal, 
$$
\overset{L2=L2-L3}{\to}
\left(
\begin{array}{ccc|ccc}
7 & 11 & 16    &  1  &  1 & 0  \\
0 & 15 & 0  &  -4 &  -18 & -1  \\
0 & 0 & 11   &  3  &  18 & 1
\end{array}
\right)
$$

We now can invert the Line 2 and Line 3 at first; it's not necessary, but helps to make the numbers smaller. You may also notice sometimes we keep negative numbers, whenever it's small and easy to calculate. 

$15^{-1} \pmod{26} = 7$, $11^{-1} \pmod{26} = 19$, and take mod, 

$$
\overset{L2=L2*7, L3=L3*19}{\to}
\left(
\begin{array}{ccc|ccc}
7 & 11 & 16    &  1  &  1 & 0  \\
0 & 15*7 & 0  &  -28 & -18*7 & -7  \\
0 & 0 & 11*19   &  3*19  &  18*19 & 19
\end{array}
\right)
\overset{\pmod{26}}{\to}
\left(
\begin{array}{ccc|ccc}
7 & 11 & 16    &  1  &  1 & 0  \\
0 & 1 & 0  &  24 &  4 & 19  \\
0 & 0 & 1   &  5  &  4 & 19
\end{array}
\right)
$$

Now we try to make the first line diagonal, 
$$
\overset{L1=L1-L2*11-L3*16}{\to}
\left(
\begin{array}{ccc|ccc}
7 & 0 & 0  &  -343  &  -107 & -513  \\
0 & 1 & 0  &  24 &  4 & 19  \\
0 & 0 & 1   &  5  &  4 & 19
\end{array}
\right)
\overset{\mod if}{\to}
\left(
\begin{array}{ccc|ccc}
7 & 0 & 0  &  -5 &  -3 & 7  \\
0 & 1 & 0  &  24 &  4 & 19  \\
0 & 0 & 1  &  5  &  4 & 19
\end{array}
\right)
$$

invert the first line, $7^{-1} \pmod{26} = 15$, 
$$
\overset{L1=L1*15}{\to}
\left(
\begin{array}{ccc|ccc}
105 & 0 & 0  &  -75 &  -45 & 105  \\
0 & 1 & 0  &  24 &  4 & 19  \\
0 & 0 & 1   &  5  &  4 & 19
\end{array}
\right)
\overset{\pmod{26}}{\to}
\left(
\begin{array}{ccc|ccc}
1 & 0 & 0  &  3 &  7 & 1  \\
0 & 1 & 0  &  24 &  4 & 19  \\
0 & 0 & 1   &  5  &  4 & 19
\end{array}
\right)
$$

Now we obtain the modular multiplicative inverse matrix as 
$$ A^{-1} = \begin{pmatrix}
3 &  7 & 1  \\
24 &  4 & 19  \\
5  &  4 & 19
\end{pmatrix},
$$

It's always a good idea to multiply $A^{-1} A \pmod{26}$ and check whether it's equal to $I$. 


In [1]:
for a in [1,3,5,7,9,11,15,17,19,21,23,25]:
    ainv = a**11 % 26 
    print("a: ", a, "modular multiplicative inverse: ", ainv)
    

a:  1 modular multiplicative inverse:  1
a:  3 modular multiplicative inverse:  9
a:  5 modular multiplicative inverse:  21
a:  7 modular multiplicative inverse:  15
a:  9 modular multiplicative inverse:  3
a:  11 modular multiplicative inverse:  19
a:  15 modular multiplicative inverse:  7
a:  17 modular multiplicative inverse:  23
a:  19 modular multiplicative inverse:  11
a:  21 modular multiplicative inverse:  5
a:  23 modular multiplicative inverse:  17
a:  25 modular multiplicative inverse:  25
