# Ganymede | *Cryptographic Mathematics*

## Modular Arithmetic:

### A brief explaination of modular arithmetic:

Modular arithmetic may sound daunting, but - take a deep breath - it is actually quite simple; it is even one of the first things you learn as a child!

To illustrate just how simple modular arithmetic is, let's take a look at an analog clock:

<img src="http://pluspng.com/img-png/clock-png-clock-png-image-1478.png" width="200">

If we count the hours starting at midnight (12:00am); we get 12:00am, 1:00am, 2:00am, ... , 10:00am, 11:00am, and when we reach 12:00 again the time "switches" from am to pm; then, the counting starts again; 12:00pm, 1:00pm, 2:00pm, and so forth. This illustrates the example of how we keep time $mod12$ - as opposed to US military time, which is kept in increments of $mod24$.

**Example**: If our plane leaves at 8:00pm and will take 10 hours to reach its destination, what time will we arrive (note: do not need to take into account the possibility of timezone changes)?
Answer: 6:00am - 

Modular arithmetic plays a central role at the heart of many cryptographic ciphers. When preforming addition and multiplication on the set of integers, $\mathbb{Z}_{m}$, from 0 to m-1 and reducing each sum or product mod m is called ***modular arithmetic***.

\[$\mathbb{Z}_{5}$ means mod5 \]:<br>
For example, in $\mathbb{Z}_{5}$, $4+3=2$, $(4+3)mod5=2 \rightarrow (7)mod5=2$; 5 goes into 7 one time with a remainder of 2.

Generalizing the explaination, we can prove:

Given d, d$\neq$0, and a$\geq$0, we compute numbers $q_{n}$ and $r_{n}$ such that satisfy $a=q_{n}d+r_{n}$; where $r_{n}\geq 0$. $q_{n}$ is the ***provisional quotient*** and $r_{n}$ is the corresponding ***provisional remainder***.

We define $q_{0}$=0 and $r_{0}$=a. Then, $a=q_{0}d+r = 0(d)+a$. Now, assuming $q_{n}$ and $r_{n}$ satisfies $a=q_{n}d+r_{n}$, we define $q_{n+1}$ and $r_{n+1}$:

case 1: $0\leq r_{n} < d$. In that case, $r_{n}$ is the remainder and $q_{n}$ is the quotient. There is no $q_{n+1}$ or $r_{n+1}$ in this case.<br>
case 2: $r_{n}\leq d$. In that case, $r_{n}$ is too large. So, we can move a $d$: $a=q_{n}d+r_{n}=(q_{n}+1)d+(r_{n}-d)$.

Therefore, we define $q_{n+1}=q_{n}+1$ and $r_{n+1}=r_{n}-d$. Then, $a=q_{n+1}d+r_{n+1}$. Since $r_{n}\geq d$, $r_{n+1}\geq 0$. If a<0, then we need to *add* d to $r_{n}$ in each step and decrease $q_{n}$ by 1. Since the initial provisional remainder is negative, this operation is done while $r_{n}<0$. 

In [1]:
# ==== Modulo Calculator
""" Calculates the remainder """

def mod(starting_value, quotient, divisor):
    a, q, d = starting_value, quotient, divisor
    r = a # Initially the remainder 'r' is equivalent to 'a'
    if r >= 0:  # If our 'a' value is positive -
        while r >= d:
            q += 1 # provisional quotient
            r -= d # provisional remainder
    else: # If our 'a' value is negative
        while r < 0:
            q -= 1 # provisional quotient
            r += d # provisional remainder
    print('\n'+str(a)+' (mod)',str(d)+" = "+str(r))
    return 

a, q, d = int(input('Choose an integer: ')), 0, int(input('Modulo: ')) # This is our 'a', 'q_n', 'd' and 'r' values

mod(a, q, d)

Choose an integer: 5
Modulo: 3

5 (mod) 3 = 2


## Extended Euclidean algorithm:

Essentially, the Euclidean algorithm is the continuous application of the division algorithm for integers and is particularly useful when a and b are coprime. For example, if a and b are arbitrary non-negative integers, then there exist unique non-negative integers q and r such that:

<center>$A = qb + r$; where $0 ≤ r < b$ and $a ̸= b$<\center>
    
So, if we repeatedly divide the divisor by the remainder until the remainder reaches 0, the last non-zero remainder is the Greatest Common Divisor.

As such, finding the $gcd(52, 28)$ using the Euclidean Algorithm:

<center>$52 = 281+24 28 = 241 + 424 = 4 · 6 + 0$<\center>

Thus, the $gcd(52, 28) = 4$, and the linear representation, known as the Bézout’s identity, is

<center>$52x + 28y = 0$; where $x = 7$ and $y = -13$.<\center>

In [None]:
'''
Extended Euclid's algorithm for determining the greatest common divisor for large numbers
'''
def egcd(a, b):
    x, y, u, v = 0, 1, 1, 0
    while a != 0:
        q, r = b // a, b % a
        m, n = x - u * q, y - v * q
        b, a, x, y, u, v = a, r, u, v, m, n
    gcd = b
    return gcd, x, y

## Modular Multiplicative Inverse:

To find the modular multiplicative inverse, we
simply need to reverse the steps of the Extended Euclidean Algorithm and
recursively work backwards (Rosen, 2019).

French mathematician Étienne Bézout's identity, known as Bézout's lemma,
can be used to prove the existence of the modular multiplicative inverse
used in the completion of the RSA cryptosystem (Rosen, 2019). The theorem states, for
any arbitrary non-zero integers a and b, the greatest common divisor can
be represented by $d = gcd(a, b)$. Then, there exists integers x and y,
such that:

<center>ax + by = d<\center>

<br />Thus, we can prove relatively prime integers, $gcd(a, b) = 1$ in the form
$ax + by = 1$ for integers a, b, x, and y. In order to find the values for
x and y, we can apply the Euclidean algorithm to calculate $gcd(a, b)$.
For example, if we wish to find $gcd(2056, 511) = 1$, then:


<center>\(2056 = 511\cdot4+12\)<\center>

<center>\(511 = 12\cdot42+7\)<\center>

<center>\(12 = 7\cdot1+5\)<\center>

<center>\(7 = 5\cdot1+2\)<\center>

<center>\(5 = 2\cdot2+1\)<\center>


Using back substitution gives us:

<center>$5{-}2\cdot 2$<\center>

<center>$5 - (7 {-}5\cdot 1)\cdot 2$<\center>

<center>$5\cdot 3 - 7\cdot 2$<\center>

<center>$(12 - 7\cdot 1)\cdot 3 - 7\cdot 2$<\center>

<center>$12\cdot 3 - 7\cdot 5$<\center>

<center>$12\cdot 3 - (511 - 12\cdot 42)\cdot 5$<\center>

<center>$12\cdot 213 - 511\cdot 5$<\center>

<center>$(2056 - 511\cdot 4)\cdot 213 - 511\cdot 5$<\center>

<center>$2056\cdot 213 - 511\cdot 857$<\center>

Therefore, a = 2056, b = 511, x = 213, y = -857.

Accordingly, based on the previous example, we can prove that if a and b
are integers such that $gcd(a, b) = 1$, then there exists a modular
multiplicative inverse x such that $ax\equiv 1$(mod b). So, since
$gcd(2056, 511) = 1$, then:

<center>
	$1 \equiv 2056x + 511y\equiv 2056x$(mod 511); where the modular
multiplicative inverse is equal to 213.
<\center>

<br />By definition, a multiplicative inverse exists if and only if a and b
are relatively prime. In number theory, two integers a and b are said to
be relatively prime or coprime if the only positive integer that divides
both of them is 1 (Rosen, 2019). Consequently, any prime number that divides one does
not divide the other; this principal is derived from the fundamental
theorem of arithmetic -- otherwise known as the unique factorization
theorem. From which, the theorem states that every integer greater than
1 either is prime or is the product of a unique combination of prime
numbers. This is then equivalent to their greatest common divisor being
1.

In [None]:
'''
Finds the modular inverse -
This is specifically used to find the decryption key: d = (phi*i + 1)/e
'''
def modinv(e, n):
    gcd, x, y = egcd(e, n)
    if gcd != 1:
        return None  # The modular inverse does not exist in this case
    else:
        return x % n

## Euler's Totient Function $\phi (n)$:

One of the last operations used in developing the RSA encryption is
Euler's totient function. The function counts the total number of
non-negative integers up to a given integer n that are relatively prime,
or coprime, to $n$. Generally, the function is denoted using $\phi (n)$ --
colloquially called Euler's phi function. This function is specifically
used to compute the decryption key value (Rosen, 2019).

Calculating $\phi (n) = (p-1)(q-1)$, such that $n-\phi (n) + 1 = p + q$. For
example, to calculate $\phi (52)$ using a pencil-and-paper technique, we
first use the fundamental theorem of arithmetic to factor 52 into 13
$\cdot 2\cdot 2 = 13^{1}\cdot 2^{2}$. We can then list
out all the integers between 1 and 52, removing the integers whose
unique prime factorization includes either a 2 or 13. This will leave a
set containing the values $\{ 1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, 25,
27, 29, 31, 33, 35, 37, 41, 43, 45, 47, 49, 51 \}$. Thus, $\phi (52) = 24$.

Overall, the strength of the encryption depends on both keeping the
$\phi (n)$ value secret and sufficiently large enough to make
factorization and solving the discrete logarithm problem impractical.
Currently, that means that the key value should be typically between
1024 to 2048-bits long. This translates into prime integers of length
309 to 617-digits. However, ideally, the key value will be between 2048
and 4096-bits long -- or 617 to 1234-digits.

In [None]:
'''
Finds the modulus value
'''
def find_modulus(p, q):
    mod_n = (p-1)*(q-1)
    return mod_n

## Primality Test:

Tests whether or not a number is prime. However, these code blocks only work for integers less than 200. Otherwise, you may experience processing hang.

In [None]:
'''
Primality test: Tests values to determine if they are prime or not
Sieve of Eratosthenes: When non-prime, this will give all prime values less than the non-prime
'''
# For more information on primes see http://primes.utm.edu/
# The Prime Pages - maintained by Professor Chris Caldwell
def isPrime(n):
    if n <= 1e100:
        if (n <= 1):
            return False
        if (n <= 3):
            return True
        if (n % 2 == 0 or n % 3 == 0):

            return False
        i = 3
        while (i*i <= n):
            if (n % i == 0 or n % (i + 2) == 0):
                return False
            i += 1
        return True
    else:
        print('WARNING: May not be prime.')
        return True
    
def sieveOfEratosthenes(n):
    if n > 200:
        n = 200
    if 0 < n <= 200:
        list = [True for i in range(n + 1)]
        p, templist, primelist = 2, [], []
        while pow(p, p) <= n:

            # If list[p] is not changed, then it is a prime
            if list[p] == True:

                # Update all multiples of p
                for i in range(p * 2, n + 1, p):
                    list[i] = False
                    if list[i] % p == 0:
                        list[i] = False

                p += 1
        list[0] = False
        list[1] = False

        # Print all prime numbers
        for idx in range(n-1):
            if list[idx] == True:
                templist += [idx]
        for idx in templist:
            if isPrime(idx) == True and idx > 30:
                primelist += [str(idx),' ']

    return ''.join(primelist)