# Modular Arithmetics

Unlike the integers which just get bigger and bigger, modular arithmetic instead "wraps around" and returns back to zero. Think about clocks, and that how after 23:59 we reach 00:00 instead of 24:00. This introduces subtle changes from the mathematics of our childhood and it's worth taking the time to get used to these differences.

Code sollutions can also be found as seperate files in `./modular_arithmetics` folder


---

### 01: Greatest Common Divisor (GCD)

The Greatest Common Divisor (GCD), sometimes known as the highest common factor, is the largest number which divides two positive integers (a,b).

For `a = 12, b = 8` we can calculate the divisors of a: `{1,2,3,4,6,12}` and the divisors of b: `{1,2,4,8}`. Comparing these two, we see that `gcd(a,b) = 4`.

Now imagine we take `a = 11, b = 17`. Both `a` and `b` are prime numbers. As a prime number has only itself and `1` as divisors, `gcd(a,b) = 1`.

We say that for any two integers `a,b`, if `gcd(a,b) = 1` then `a` and `b` are coprime integers.

If `a` and `b` are prime, they are also coprime. If `a` is prime and `b < a` then `a` and `b` are coprime.

There are many tools to calculate the GCD of two integers, but for this task we recommend looking up [Euclid's Algorithm](https://en.wikipedia.org/wiki/Euclidean_algorithm).

Try coding it up; it's only a couple of lines. Use `a = 12`, `b = 8` to test it.

Now calculate `gcd(a,b)` for `a = 66528`, `b = 52920` and enter it below.


In [260]:
# Greates Common Divisor using Euclid's Algorithm

# Get input values
# input = [12, 8]
input = [66528, 52920]

# Sort them in descending order of magnitude
input.sort(reverse=True)

# Get the values into variables that are more litteral
a = input[0]
b = input[1]

# The GCD will be the value of a and b when the remainder is zero. We will call gcd() recursivly until that happens
def gcd(a,b):
    if(b == 0): return a
    return gcd(b, a % b)

print("GCD:", gcd(a,b))


GCD: 1512


In [261]:
# Alternate solution using conditional (ternary) expressions.
def gcd(a, b): return gcd(b % a, a) if a else b
print("GCD: ", gcd(66528, 52920))

GCD:  1512


---

### 02: Extended GCD

Let `a` and `b` be positive integers.

The extended Euclidean algorithm is an efficient way to find integers `u`,`v` such that:
`a * u + b * v = gcd(a,b)`

> Later, when we learn to decrypt RSA, we will need this algorithm to calculate the modular inverse of the public exponent.

For more details on the extended Euclidean algorithm, check out [this page](http://www-math.ucdenver.edu/~wcherowi/courses/m5410/exeucalg.html) as well as [wikipedia](https://en.wikipedia.org/wiki/Extended_Euclidean_algorithm). See also [modular multiplactive inverse](https://en.wikipedia.org/wiki/Modular_multiplicative_inverse)

But the best resouce is [this page over at brilliant.org](https://brilliant.org/wiki/extended-euclidean-algorithm/)



Using the two primes `p = 26513`, `q = 32321` - find the integers `u`,`v` such that:
`p * u + q * v = gcd(p,q)`

Enter whichever of u and v is the lower number as the flag.

In [262]:
p = 26513
q = 32321

def extended_gcd(a, b):
    if a == 0: 
        return b, 0, 1

    gcd, u, v = extended_gcd(b%a, a)
    return gcd, v - (b//a) * u, u

g, u, v = extended_gcd(p, q)
print("au+bv = gdc(a,b) => u,v:", u, v)
print("GCD:", g)

au+bv = gdc(a,b) => u,v: 10245 -8404
GCD: 1


---
### 03: Modular Arithmetic 1

Imagine you lean over and look at a cryptographer's notebook. You see some notes in the margin:
```
4 + 9 = 1
5 - 7 = 10
2 + 3 = 5
```

At first you might think they've gone mad. Maybe this is why there are so many data leaks nowadays you'd think, but this is nothing more than modular arithmetic modulo 12 (albeit with some sloppy notation).

You may not have been calling it modular arithmetic, but you've been doing these kinds of calculations since you learnt to tell the time (look again at those equations and think about adding hours).

Formally, "calculating time" is described by the theory of congruences. We say that two integers are congruent modulo m if `a ≡ b mod m`.

Another way of saying this, is that when we divide the integer `a` by `m`, the remainder is `b`. This tells you that if m divides a (this can be written as `m | a`) then `a ≡ 0 mod m`.

> For a positive integer `n`, the integers `a` and `b` are congruent mod `n` if their remainders when divided by `n` are the same.

Calculate the following integers:
```
11 ≡ x mod 6
8146798528947 ≡ y mod 17
```

The solution is the smaller of the two integers.

In [263]:
"""
The Congruence modulo relatuon can be transformed to a modulo operation:
a ≡ b mod m <=> a % m = b

Since a ≡ b mod m, then if we divide the integer a by m we get the remainder is b . b is then the remainder of the euclidean division between a and m.
"""
x = 11 % 6                  # 11 ≡ x mod 6
y = 8146798528947 % 17      # 18146798528947 ≡ y mod 17

print(min(x, y))


4


---

### 04: Modular Arithmetic 2

We'll pick up from the last challenge and imagine we've picked a modulus `p`, and we will restrict ourselves to the case when `p` is prime.

The integers modulo `p` define a field, denoted `Fp`.

> If the modulus is not prime, the set of integers modulo `n` define a ring.

A finite field `Fp` is the set of integers `{0,1,...,p-1}`, and under both addition and multiplication there is an inverser element `b`for every element `a` in the set, such that `a + b = 0` and `a * b = 1`.

> Note that the identity element for addition and multiplication us different! This is because the identity when acted with the operator should do nothing: `a + 0 = a` and `a * 1 = a`.

Lets say we pick `p = 17`. Calculate `3^17 mod 17`. Now do the same but with `5^17 mod 17`. What would you expect to get for `7^16 mod 17`? Try calculating that.

This interesting fact is known as _Fermat's little theorem_. We'll be needing this (and its generalisations) when we look at RSA cryptography.

Now take the prime `p = 65537`. Calculate `273246787654^65536 mod 65537`.
Did you need a calculator?


In [264]:
"""
Looking at Fermat's little theorem (https://en.wikipedia.org/wiki/Fermat%27s_little_theorem):

if p is prime, for every integer a:
        pow(a, p) = a mod p

And, if p is prime and a is an integer coprime with p:
        pow(a, p-1) = 1 mod p

So lets check
        pow(273246787654, 65536) mod 65537

Notice that 65536 is exactly 65537-1, and if 273246787654 and 65537 
are coprime then the result is one:
"""
from math import gcd

# If a and p are indeed coprime, we expect the result to be 1
if gcd(a,p) == 1:
    print("1 - a and p are coprime!")


### We can verify this:

# Calculates x^y under modulo m
def power(x,y,m):
    if(y == 0): 
        return 1
    p = power(x, y // 2, m) % m
    p = (p * p) % m
    return p if (y % 2 == 0) else (x * p) % m


print("Result: " + str(power(273246787654,65536,65537)))

1 - a and p are coprime!
Result: 1


---

### 05: Modular Inverting

As we've seen, we can work within a finite field `Fp`, adding and multiplying elements, and always obtain another element of the field.

For all elements `g` in the field, there exists a unique integer `d` such that `g * d ≡ 1 mod p`.
This is the multiplicative inverse of `g`.

Example: `7 * 8 = 56 ≡ 1 mod 11`

What is the inverse element: `3 * d ≡ 1 mod 13`?

> Think about the little theorem we just worked with. How does this help you find the inverse of an element?


In [265]:
"""
Looking again at Fermat's little theorem:

if p is prime, for every integer a:
        pow(a, p) = a mod p
and, if p is prime and a is an integer coprime with p:
        pow(a, p-1) = 1 mod p

We can do some magic like this (a^b means pow(a,b)):
        a^(p-1) = 1 (mod p)
        a^(p-1) * a^-1 = a^-1 (mod p)
        a^(p-2) * a * a^-1 = a^-1 (mod p)
        a^(p-2) * 1 = a^-1 (mod p)

So finally we have:
        a^(p-2) = a^-1 (mod p)

So, doing a^(p-2) and then (mod p) we can achieve our result
"""
from math import gcd, pow

# Finds modular inverse of a under modulo m, assuming m is prime
def mod_inverse(a, m):
    if(gcd(a,m) != 1):
        print("Inverse does not exist!")
    else:
        # if a and m are relatively prime, then mod inverse is a^(m-2) mod m
        print("Modular multiplicative inverse is ", pow(a, m - 2) % m)

mod_inverse(3, 13)

"""
Another way to look at it is like this:

The problem given is 3 * d ≡ 1 mod 13

To calculate d we can divide both sides by 3 which gives us:
  d = (1/3) * 1 mod 13 

And we can rewrite that to:
  d = 3^-1 mod 13

This is what the hint about the theorem eludes to as this is basically the inverse of 3 mod 13.
"""
a = 3
p = 13

print(pow(a, p - 2) % p)

"""
Or - just cheat and use some library ;)
"""
from Crypto.Util.number import inverse
print(inverse(3, 13))

Modular multiplicative inverse is  9.0
9.0
9
