### UC Berkeley, MICS, W202 Cryptography
### Week 01 Breakout 1
### Modular Arithmetic



Modular Arithmetic is based on integer division, with (div n) yielding the integer dividend, and (mod n) yielding the remainder.

In formal mathematics and in cryptography, we call remainders as "residues"

Residue will always be a positive integer in the range [0, (n-1)], inclusive.

Residues are periodic rotating through the range.

Execute and discuss the following code cells.

In [1]:
from sage.all import *

In [2]:
def my_list_divs_mods(start, end, n):
    "spin through integers from start to end, inclusive, and perform a (div n), (mod n)"
    
    for i in range(start, end+1):
        print (str(i) + " (div " + str(n) + ") = ", i // n, "\t\t" + str(i) + " (mod " + str(n) + ") = ", i % n, "\n")

In [3]:
my_list_divs_mods(-10, 10, 3)

-10 (div 3) =  -4 		-10 (mod 3) =  2 

-9 (div 3) =  -3 		-9 (mod 3) =  0 

-8 (div 3) =  -3 		-8 (mod 3) =  1 

-7 (div 3) =  -3 		-7 (mod 3) =  2 

-6 (div 3) =  -2 		-6 (mod 3) =  0 

-5 (div 3) =  -2 		-5 (mod 3) =  1 

-4 (div 3) =  -2 		-4 (mod 3) =  2 

-3 (div 3) =  -1 		-3 (mod 3) =  0 

-2 (div 3) =  -1 		-2 (mod 3) =  1 

-1 (div 3) =  -1 		-1 (mod 3) =  2 

0 (div 3) =  0 		0 (mod 3) =  0 

1 (div 3) =  0 		1 (mod 3) =  1 

2 (div 3) =  0 		2 (mod 3) =  2 

3 (div 3) =  1 		3 (mod 3) =  0 

4 (div 3) =  1 		4 (mod 3) =  1 

5 (div 3) =  1 		5 (mod 3) =  2 

6 (div 3) =  2 		6 (mod 3) =  0 

7 (div 3) =  2 		7 (mod 3) =  1 

8 (div 3) =  2 		8 (mod 3) =  2 

9 (div 3) =  3 		9 (mod 3) =  0 

10 (div 3) =  3 		10 (mod 3) =  1 



In [4]:
my_list_divs_mods(-10, 10, 5)

-10 (div 5) =  -2 		-10 (mod 5) =  0 

-9 (div 5) =  -2 		-9 (mod 5) =  1 

-8 (div 5) =  -2 		-8 (mod 5) =  2 

-7 (div 5) =  -2 		-7 (mod 5) =  3 

-6 (div 5) =  -2 		-6 (mod 5) =  4 

-5 (div 5) =  -1 		-5 (mod 5) =  0 

-4 (div 5) =  -1 		-4 (mod 5) =  1 

-3 (div 5) =  -1 		-3 (mod 5) =  2 

-2 (div 5) =  -1 		-2 (mod 5) =  3 

-1 (div 5) =  -1 		-1 (mod 5) =  4 

0 (div 5) =  0 		0 (mod 5) =  0 

1 (div 5) =  0 		1 (mod 5) =  1 

2 (div 5) =  0 		2 (mod 5) =  2 

3 (div 5) =  0 		3 (mod 5) =  3 

4 (div 5) =  0 		4 (mod 5) =  4 

5 (div 5) =  1 		5 (mod 5) =  0 

6 (div 5) =  1 		6 (mod 5) =  1 

7 (div 5) =  1 		7 (mod 5) =  2 

8 (div 5) =  1 		8 (mod 5) =  3 

9 (div 5) =  1 		9 (mod 5) =  4 

10 (div 5) =  2 		10 (mod 5) =  0 



In [5]:
my_list_divs_mods(-10, 10, 7)

-10 (div 7) =  -2 		-10 (mod 7) =  4 

-9 (div 7) =  -2 		-9 (mod 7) =  5 

-8 (div 7) =  -2 		-8 (mod 7) =  6 

-7 (div 7) =  -1 		-7 (mod 7) =  0 

-6 (div 7) =  -1 		-6 (mod 7) =  1 

-5 (div 7) =  -1 		-5 (mod 7) =  2 

-4 (div 7) =  -1 		-4 (mod 7) =  3 

-3 (div 7) =  -1 		-3 (mod 7) =  4 

-2 (div 7) =  -1 		-2 (mod 7) =  5 

-1 (div 7) =  -1 		-1 (mod 7) =  6 

0 (div 7) =  0 		0 (mod 7) =  0 

1 (div 7) =  0 		1 (mod 7) =  1 

2 (div 7) =  0 		2 (mod 7) =  2 

3 (div 7) =  0 		3 (mod 7) =  3 

4 (div 7) =  0 		4 (mod 7) =  4 

5 (div 7) =  0 		5 (mod 7) =  5 

6 (div 7) =  0 		6 (mod 7) =  6 

7 (div 7) =  1 		7 (mod 7) =  0 

8 (div 7) =  1 		8 (mod 7) =  1 

9 (div 7) =  1 		9 (mod 7) =  2 

10 (div 7) =  1 		10 (mod 7) =  3 



### kn (mod n) = 0

We will make good use of this in our proofs. If we are working in modulo n, and we can prove a term is equal to kn, we can eliminate that term as a zero.

Execute and discuss the following code cells

In [6]:
def my_list_kn_mods(start, end, n):
    "spin through integers from start to end, inclusive, and perform a kn (mod n)"
    
    for i in range(start, end+1):
        print (str(i) + "*" + str(n) + " (mod " + str(n) + ") = ", (i * n) % n, "\n")

In [7]:
my_list_kn_mods(-10, 10, 3)

-10*3 (mod 3) =  0 

-9*3 (mod 3) =  0 

-8*3 (mod 3) =  0 

-7*3 (mod 3) =  0 

-6*3 (mod 3) =  0 

-5*3 (mod 3) =  0 

-4*3 (mod 3) =  0 

-3*3 (mod 3) =  0 

-2*3 (mod 3) =  0 

-1*3 (mod 3) =  0 

0*3 (mod 3) =  0 

1*3 (mod 3) =  0 

2*3 (mod 3) =  0 

3*3 (mod 3) =  0 

4*3 (mod 3) =  0 

5*3 (mod 3) =  0 

6*3 (mod 3) =  0 

7*3 (mod 3) =  0 

8*3 (mod 3) =  0 

9*3 (mod 3) =  0 

10*3 (mod 3) =  0 



In [8]:
my_list_kn_mods(-10, 10, 5)

-10*5 (mod 5) =  0 

-9*5 (mod 5) =  0 

-8*5 (mod 5) =  0 

-7*5 (mod 5) =  0 

-6*5 (mod 5) =  0 

-5*5 (mod 5) =  0 

-4*5 (mod 5) =  0 

-3*5 (mod 5) =  0 

-2*5 (mod 5) =  0 

-1*5 (mod 5) =  0 

0*5 (mod 5) =  0 

1*5 (mod 5) =  0 

2*5 (mod 5) =  0 

3*5 (mod 5) =  0 

4*5 (mod 5) =  0 

5*5 (mod 5) =  0 

6*5 (mod 5) =  0 

7*5 (mod 5) =  0 

8*5 (mod 5) =  0 

9*5 (mod 5) =  0 

10*5 (mod 5) =  0 



In [9]:
my_list_kn_mods(-10, 10, 7)

-10*7 (mod 7) =  0 

-9*7 (mod 7) =  0 

-8*7 (mod 7) =  0 

-7*7 (mod 7) =  0 

-6*7 (mod 7) =  0 

-5*7 (mod 7) =  0 

-4*7 (mod 7) =  0 

-3*7 (mod 7) =  0 

-2*7 (mod 7) =  0 

-1*7 (mod 7) =  0 

0*7 (mod 7) =  0 

1*7 (mod 7) =  0 

2*7 (mod 7) =  0 

3*7 (mod 7) =  0 

4*7 (mod 7) =  0 

5*7 (mod 7) =  0 

6*7 (mod 7) =  0 

7*7 (mod 7) =  0 

8*7 (mod 7) =  0 

9*7 (mod 7) =  0 

10*7 (mod 7) =  0 



### if b < n then kn + b (mod n) = b 

We will make good use of the in our proofs.  If we are working in modulo n, and we can prove a term is equal to kn + b, we know b will be the residue.

Execute and discuss the following code cells.

In [10]:
def my_list_kn_plus_b_mods(start, end, n, b):
    "spin through integers from start to end, inclusive, and perform a kn + b (mod n)"
    
    if b >= n:
        print ("b >= n will exit")
        return
    
    for i in range(start, end+1):
        print (str(i) + "*" + str(n) + " + " + str(b) + " (mod " + str(n) + ") = ", ((i * n) + b) % n, "\n")

In [11]:
my_list_kn_plus_b_mods(-10, 10, 3, 3)

b >= n will exit


In [12]:
my_list_kn_plus_b_mods(-10, 10, 3, 1)

-10*3 + 1 (mod 3) =  1 

-9*3 + 1 (mod 3) =  1 

-8*3 + 1 (mod 3) =  1 

-7*3 + 1 (mod 3) =  1 

-6*3 + 1 (mod 3) =  1 

-5*3 + 1 (mod 3) =  1 

-4*3 + 1 (mod 3) =  1 

-3*3 + 1 (mod 3) =  1 

-2*3 + 1 (mod 3) =  1 

-1*3 + 1 (mod 3) =  1 

0*3 + 1 (mod 3) =  1 

1*3 + 1 (mod 3) =  1 

2*3 + 1 (mod 3) =  1 

3*3 + 1 (mod 3) =  1 

4*3 + 1 (mod 3) =  1 

5*3 + 1 (mod 3) =  1 

6*3 + 1 (mod 3) =  1 

7*3 + 1 (mod 3) =  1 

8*3 + 1 (mod 3) =  1 

9*3 + 1 (mod 3) =  1 

10*3 + 1 (mod 3) =  1 



In [13]:
my_list_kn_plus_b_mods(-10, 10, 5, 3)

-10*5 + 3 (mod 5) =  3 

-9*5 + 3 (mod 5) =  3 

-8*5 + 3 (mod 5) =  3 

-7*5 + 3 (mod 5) =  3 

-6*5 + 3 (mod 5) =  3 

-5*5 + 3 (mod 5) =  3 

-4*5 + 3 (mod 5) =  3 

-3*5 + 3 (mod 5) =  3 

-2*5 + 3 (mod 5) =  3 

-1*5 + 3 (mod 5) =  3 

0*5 + 3 (mod 5) =  3 

1*5 + 3 (mod 5) =  3 

2*5 + 3 (mod 5) =  3 

3*5 + 3 (mod 5) =  3 

4*5 + 3 (mod 5) =  3 

5*5 + 3 (mod 5) =  3 

6*5 + 3 (mod 5) =  3 

7*5 + 3 (mod 5) =  3 

8*5 + 3 (mod 5) =  3 

9*5 + 3 (mod 5) =  3 

10*5 + 3 (mod 5) =  3 



In [14]:
my_list_kn_plus_b_mods(-10, 10, 7, 4)

-10*7 + 4 (mod 7) =  4 

-9*7 + 4 (mod 7) =  4 

-8*7 + 4 (mod 7) =  4 

-7*7 + 4 (mod 7) =  4 

-6*7 + 4 (mod 7) =  4 

-5*7 + 4 (mod 7) =  4 

-4*7 + 4 (mod 7) =  4 

-3*7 + 4 (mod 7) =  4 

-2*7 + 4 (mod 7) =  4 

-1*7 + 4 (mod 7) =  4 

0*7 + 4 (mod 7) =  4 

1*7 + 4 (mod 7) =  4 

2*7 + 4 (mod 7) =  4 

3*7 + 4 (mod 7) =  4 

4*7 + 4 (mod 7) =  4 

5*7 + 4 (mod 7) =  4 

6*7 + 4 (mod 7) =  4 

7*7 + 4 (mod 7) =  4 

8*7 + 4 (mod 7) =  4 

9*7 + 4 (mod 7) =  4 

10*7 + 4 (mod 7) =  4 



### Using Modular Arithmetic for Check Digits

Most numbers such as airline ticket numbers and credit card numbers use modular arithmetic for check digits.  For example, if you take an airline ticket number, you will find that the least significant digit is actually a check digit.  It is a mod 7 of the other digits. Credit card numbers usually had several check digits of various schemes.  In the era before widespread computer networking, this was an easy way to guard against forgery. There were special calculator like devices that a merchant could type in a airline ticket number or a credit card number, and it would verify the check digits and let the merchant know if it was valid or not.  Airline tickets used to take weeks or months before the airlines got the paper original issue document, so it was important to know that it was valid.  Credit cards often were just but in a manual carbon copy device.  The other advantage is that when typed into a computer, it's really easy to valid against data entry errors without having to do a database lookup.

### Fast Powering Algorithm

Raising an integer to an integer power in modulo is computationally intractible when either (or both) of the integer or the power are large.

You might think we do that all the time without problem.  Probably you are converting the integers to floats.  This works for numbers up to about 14 digits, but has rounding errors above 14 digits.  We will be working with numbers of hundreds of digits, and we need 100% precision, so this won't work.

In order to accomplish this, we will use the Fast Powering Algorithm, which is covered in your reading assignments in Hoffstein 1.3.2.  This algorithm is implemented in the power_mod() function in SageMath.

If we try to do this the regular way without using reals, we will get a stack trace.

Execute and discuss the code cells below.

In [15]:
# converting a large integer to a float will get rounding errors
# look at the 5 least significant digits, the different is due to rounding error

my_int_1 = 13773739420921412111
my_float = float(13773739420921412111)
my_int_2 = int(my_float)

print ("{:,}".format(my_int_1))
print ("{:,}".format(my_int_2))

13,773,739,420,921,412,111
13,773,739,420,921,411,584


In [16]:
# try to raise 10878114965438583173 to the 10715813634594853843rd power in modulo 13773739420921412111 the normal way

# WILL GET A STACK TRACE !!!

print((10878114965438583173 ** 10715813634594853843) % 13773739420921412111)

OverflowError: exponent must be at most 9223372036854775807

In [17]:
# raise 10878114965438583173 to the 10715813634594853843rd power in modulo 13773739420921412111
# the power_mod() function uses the fast powering algorithm

power_mod(10878114965438583173, 10715813634594853843, 13773739420921412111)

4451516438760726435

In [18]:
# the fast powering algorithm uses powers of 2
# it helps to look at the number in binary 

print (bin(4451516438760726435))

0b11110111000110111101101001110110101100001001010001111110100011


In [19]:
# later when we get to RSA exponents, under certain conditions we will select 65537 as an exponent
# why add the 1?  it needs to be an odd number

print (2 ** 16 + 1)
print (bin(65537))

65537
0b10000000000000001
