CSF352: Number Theory and Cryptology

Session: 2024-25

B. Tech (CSE) 5th Semester

Course Instructor Course Coordinator

Dr. Parul Saini Dr. Parul Saini

Assistant Professor, School Assistant Professor, School
of Computing of Computing
Number Theory: Integer
Arithmetic
• Set of Integers:
• The set of integers, denoted by Z, contains all integral numbers (with
no fraction) from negative infinity to positive infinity.
 Binary Operations
• A binary operation takes two inputs
and creates one output. Three common
binary operations defined for integers
are addition, subtraction, and
multiplication. Each of these operations
takes two inputs (a and b) and creates
one output (c) as shown in Figure. The
two inputs come from the set of
integers; the output goes into the set of
integers.
• Note that division does not fit in this
category because, as we will see
shortly, it produces two outputs instead
of one.
• Integer Division: In integer arithmetic, if we divide a by n, we can get
q and r. The relationship between these four integers can be shown as
a=qxn+r
• In this relation, a is called the dividend; q, the quotient; n, the divisor;
and r, the remainder. Note that this is not an operation, because the
result of dividing a by n is two integers, q and r. We can call it division
relation.
Two Restrictions
we require that the divisor be a positive integer (n > 0).
we require that the remainder be a nonnegative
integer (r ≥ 0).

• When we use a computer or a calculator, r and q are negative when a is

negative. How can we apply the restriction that r needs to be positive?
The solution is simple, we decrement the value of q by 1 and we add
the value of n to r to make it positive.

• We have decremented −23 to become −24 and added 11 to −2 to make

it 9. The above relation is still valid.
Divisibility
• If a is not zero and we let r = 0 in the division relation, we get
a=qxn
• We then say that n divides a (or n is a divisor of a). We can also say
that a is divisible by n. When we are not interested in the value of q,
we can write the above relationship as a| n.
• Example: a. The integer 4 divides the integer 32 because 32 = 8 × 4.
We show this as 4| 32.
• b. The number 8 does not divide the number 42 because 42 = 5 × 8 +
2. There is a remainder, the number 2, in the equation. We show this
as 8 ∤ 42.
Properties
• Property 1: if a | 1, then a = ±1.
• Property 2: if a | b and b | a, then a = ±b.
• Property 3: if a | b and b | c, then a | c.
• Property 4: if a | b and a | c, then a | (m × b + n × c), where m and n
are arbitrary integers.
• Example:
• Since 3| 15 and 15| 45, according to the third property, 3| 45.
• Since 3| 15 and 3| 9, according to the fourth property, 3| (15 × 2 + 9 × 4),
which means 3| 66.
Greatest Common Divisor
• One integer often needed in cryptography is the greatest common
divisor of two positive integers. Two positive integers may have many
common divisors, but only one greatest common divisor. For example,
the common divisors of 12 and 140 are 1, 2, and 4. However, the
greatest common divisor is 4.
Euclidean Algorithm
• Let a and b be two numbers
such that a > b.
• Divide the larger number a
by, the smaller number b
• Replace ‘a’ with ‘b’ and ‘b’
with the remainder from
step-1
• Repeat step-1 and step-2
until the remainder is zero.
• Once you get the remainder
0, the divisor will be the
GCD of a and b at this stage.
• The Euclidean algorithm can be based on the following theorem: For
any nonnegative integer and any positive integer ,
gcd(a, b) = gcd(b, a mod b)
Example:
1. Find the greatest common divisor of 2740 and 1760.

• We apply the procedure using a table. We initialize r1 to 2740 and r2 to 1760. We

have also shown the value of q in each step. We have gcd (2740, 1760) = 20.
2. Find the greatest common divisor of 25 and 60.
• Using the Euclidean algorithm, find the greatest common divisor of
the following pairs of integers.
• 88 and 220
• 300 and 42
The Extended Euclidean
Algorithm
• Given two integers a and b, we often need to find other two integers,
s and t, such that
s × a + t × b = gcd (a, b) = d
• The extended Euclidean algorithm can calculate the gcd (a, b) and at
the same time calculate the value of s and t.
• Bézout's identity — Let a and b be integers with
greatest common divisor d. Then there exist integers s and t such that
s × a + t × b = d.
Given a = 161 and b = 28, find
gcd (a, b) and the values of s
and t.
r = r1 − q × r2 s = s1 − q × s2 t = t1 − q × t2

We get gcd (161, 28) = 7, s = −1 and t = 6. The answers can be tested

because we have (−1) × 161 + 6 × 28 = 7
Given a = 17 and b = 0, find gcd
(a, b) and the values of s and t.

gcd (17, 0) = 17, s = 1, and t = 0. This indicates why we should initialize s1 to 1 and t1 to 0. The answers
can be tested as shown below:
(1 × 17) + (0 × 0) = 17
Given a = 0 and b = 45, find gcd
(a, b) and the values of s and t.

We get gcd (0, 45) = 45, s = 0, and t = 1. This indicates why we should initialize s2 to 0 and t2 to 1.
The answer can be tested as shown below:
(0 × 0) + (1 × 45) = 45
Using the extended Euclidean algorithm, find the gcd of the following pairs
and the value of s and t.

a. 291 and 42 b. 84 and 320

Modulo Operator
• The division relationship (a = q × n + r) has two inputs (a and n) and
two outputs (q and r). In modular arithmetic, we are interested in
only one of the outputs, the remainder r. We don’t care about the
quotient q.
• In other words, we want to know what is the value of r when we
divide a by n. This implies that we can change the above relation into
a binary operator with two inputs a and n and one output r.
• The above-mentioned binary operator is called the modulo operator
and is shown as mod. The second input (n) is called the modulus. The
output r is called the residue.
Division relation and modulo
operator

a mod n = r
• 27 mod 5 : r = 2.
• −18 mod 14: r = −4. However, we need to add the modulus (14) to
make it nonnegative. We have r = −4 + 14 = 10. This means that −18
mod 14 = 10.
Set of Residues: Zn
• The result of the modulo operation with modulus n is always an
integer between 0 and n − 1. We can say that the modulo operation
creates a set, which in modular arithmetic is referred to as the set of
least residues modulo n, or Zn.
Congruence
• In cryptography, we often used the concept of congruence instead of
equality. Mapping from Z to Zn is not one-to-one. Infinite members of
Z can map to one member of Zn. For example, the result of 2 mod 10
= 2, 12 mod 10 = 2, 22 mod 2 = 2, and so on. In modular arithmetic,
integers like 2, 12, and 22 are called congruent mod 10. To show that
two integers are congruent, we use the congruence operator (≡). We
add the phrase (mod n) to the right side of the congruence to define
the value of modulus that makes the relationship valid. For example,
we write:
Residue Classes
• A residue class [a] or [a]n is the set of integers congruent modulo n. In
other words, it is the set of all integers such that x = a (mod n). For
example, if n = 5, we have five sets [0], [1], [2], [3], and [4] as shown
below:
• [0] = {…, −15, −10, −5, 0, 5, 10, 15, …}
• [1] = {…, −14, −9, −4, 1, 6, 11, 16, …}
• [2] = {…, −13, −8, −3, 2, 7, 12, 17, …}
• [3] = {…, −12, −7, −5, 3, 8, 13, 18, …}
• [4] = {…, −11, −6, −1, 4, 9, 14, 19, …}
Operations in Zn
• Perform the following operations (the inputs come from Zn):
a. Add 7 to 14 in Z15.
b. Subtract 11 from 7 in Z13.
c. Multiply 11 by 7 in Z20.
Sol.:
(14 + 7) mod 15 → (21) mod 15 = 6
(7 − 11) mod 13 → (−4) mod 13 = 9
(7 × 11) mod 20 → (77) mod 20 = 17
Properties
• First Property: (a + b) mod n = [(a mod n) + (b mod n)] mod n
• Second Property: (a − b) mod n = [(a mod n) − (b mod n)] mod n
• Third Property: (a × b) mod n = [(a mod n) × (b mod n)] mod n
The following shows the application of the above properties:
1. (1,723,345 + 2,124,945) mod 11 = (8 + 9) mod 11 = 6
2. (1,723,345 − 2,124,945) mod 16 = (8 − 9) mod 11 = 10
3. (1,723,345 × 2,124,945) mod 16 = (8 × 9) mod 11 = 6
• To find 10 mod 3, 102 mod 3, 103 mod 3, and so on or to find 10 mod
7, 102 mod 7, 103 mod 7, and so. The third property of the mod
operator is used as:
10n mod x = (10 mod x)n mod x Applying the third property n times.

10 mod 3 = 1 → 10n mod 3 = (10 mod 3)n = 1

10 mod 9 = 1 → 10n mod 9 = (10 mod 9)n = 1
10 mod 7 = 3 → 10n mod 7 = (10 mod 7)n = 3n mod 7
Inverses
• An additive inverse (relative to an addition operation) or a
multiplicative inverse (relative to a multiplication operation)
Additive Inverse:
In Zn, two numbers a and b are additive inverses of each other if
a + b ≡ 0 (mod n)
• In Zn, the additive inverse of a can be calculated as b = n − a. For
example, the additive inverse of 4 in Z10 is 10 − 4 = 6.
In modular arithmetic, each integer has an additive inverse. The sum of
an integer and its additive inverse is congruent to 0 modulo n.
• Find all additive inverse pairs in Z10.
• The six pairs of additive inverses are (0, 0), (1, 9), (2, 8), (3, 7), (4, 6), and (5,
5).
• In this list, 0 is the additive inverse of itself; so is 5.
• Note that the additive inverses are reciprocal; if 4 is the additive inverse of 6,
then 6 is also the additive inverse of 4.
Multiplicative Inverse
• In Zn, two numbers a and b are the multiplicative inverse of each
other if
a × b ≡ 1 (mod n)
• For example, if the modulus is 10, then the multiplicative inverse of 3
is 7. In other words, we have (3 × 7) mod 10 = 1.

In modular arithmetic, an integer may or may not have a multiplicative

inverse. When it does, the product of the integer and its multiplicative
inverse is congruent to 1 modulo n.
• A multiplicative inverse in Zn exists if and only if gcd (n, a) = 1. In this
case, a and n are said to be relatively prime.
• Find the multiplicative inverse of 8 in Z10
• There is no multiplicative inverse because gcd (10, 8) = 2 ≠ 1.
• Find all multiplicative inverses in Z10
• There are only three pairs: (1, 1), (3, 7) and (9, 9). The numbers 0, 2, 4, 5, 6,
and 8 do not have a multiplicative inverse. We can see that
(1 × 1) mod 10 = 1 (3 × 7) mod 10 = 1 (9 × 9) mod 10 = 1
• Find all multiplicative inverse pairs in Z11
• We have six pairs: (1, 1), (2, 6), (3, 4), (5, 9), (7, 8) and (10, 10).
The extended Euclidean algorithm is used to
find the multiplicative inverse of b in Zn
when n and b are given and the inverse
exists.
• Replace the first integer a with n (the modulus)
s × a + t × b = gcd (a, b) = d
Now : s × n + t × b = gcd (n, b) = 1
we apply the modulo operator to both sides
(s × n + b × t) mod n = 1 mod n
[(s × n) mod n] + [(b × t) mod n] = 1 mod n
0 + [(b × t) mod n] = 1 ([(s × n) mod n] in the third line is 0 because if we
divide (s × n) by n, the quotient is s but the remainder is 0.)
(b × t) mod n = 1 → This means t is the multiplicative inverse of b in Zn
Example 1: Find the multiplicative inverse of 11 in Z26

The gcd (26, 11) is 1, which means that the multiplicative inverse of 11 exists. The
extended Euclidean algorithm gives t1 = −7. The multiplicative inverse is (−7) mod 26 = 19.
In other words, 11 and 19 are multiplicative inverse in Z26. We can see that (11 × 19) mod
26 = 209 mod 26 = 1.

Example 2: Find the multiplicative inverse of 23 in Z100.

The gcd (100, 23) is 1, which means the inverse of 23 exists. The extended
Euclidean algorithm gives t1 = −13. The inverse is (−13) mod 100 = 87. In other
words, 13 and 87 are multiplicative inverses in Z100. We can see that (23 × 87) mod
100 = 2001 mod 100 = 1.

Example 2: Find the multiplicative inverse the inverse of 12 in Z26.

• The gcd (26, 12) = 2 ≠ 1, which means there is no multiplicative
inverse for 12 in Z26.
Different Sets for Addition and
Multiplication
• If the operation (encryption/decryption algorithm) is addition, Zn can
be used as the set of possible keys because each integer in this set has
an additive inverse. On the other hand, if the operation
(encryption/decryption algorithm) is multiplication, Zn cannot be the
set of possible keys because only some members of this set have a
multiplicative inverse. The new set, which is a subset of Zn includes
only integers in Zn that have a unique multiplicative inverse. This set is
called Zn* .
We need to use Zn when additive inverses are needed; we need to
use Zn* when multiplicative inverses are needed.
MATRICES
Addition and Subtraction
Multiplication
• if the number of columns of the first matrix is the same as the
number of rows of the second matrix.
• If A is an l × m matrix and B is an m × p matrix, the product of the two
is a matrix C of size l × p.
• The product of a 2 × 3 matrix by a 3 × 4 matrix is a 2 × 4 matrix.
Determinant (Square matrix
only)

Calculating the determinant of a 2 × 2 matrix

Calculation of the determinant
of a 3 × 3 matrix
Inverses
• Matrices have both additive and multiplicative inverses.
Additive Inverse
• The additive inverse of matrix A is another matrix B such that A + B = 0.
In other words, we have bij = − aij for all values of i and j. Normally the
additive inverse of A is defined by −A.
Multiplicative Inverse
• The multiplicative inverse of a square matrix A is a square matrix B such
that A × B = B × A = I.
• Cryptography uses residue matrices: matrices with all elements are in
Zn.
• A residue matrix has a multiplicative inverse if the determinant of the
matrix has a multiplicative inverse in Zn. In other words, a residue
matrix has a multiplicative inverse if gcd (det(A), n) = 1.
• A residue matrix and its multiplicative inverse in Z26
Example:
Step 1: Find the Determinant of Matrix A

Step 2: Find the Matrix of Minors

Step 3: Form the Cofactor Matrix

Step 4: Transpose the Cofactor Matrix
The transpose of the cofactor matrix C gives CT:

Step 5: Divide by the Determinant

LINEAR CONGRUENCE
• ax ≡ b (mod n) means ( ax mod n = b mod n).
• no solution or a limited number of solutions.
• Assume that the gcd (a, n) = d. If d ∤ b, there is no solution. If d | b,
there are d solutions. If d| b, we use the following strategy to find the
solutions:
• 1. Reduce the equation by dividing both sides of the equation (including
the modulus) by d.
• 2. Multiply both sides of the reduced equation by the multiplicative
inverse of a to find the particular solution x0.
• 3. The general solutions are x = x0 + k (n/ d) for k = 0, 1, . . . , (d − 1).
Solve the equation 10x ≡ 2 (mod 15)
• First we find the gcd (10 and 15) = 5. Since 5 does not divide 2, we
have no solution.
Solve the equation 14x ≡ 12 (mod 18)
• gcd (14 and 18) = 2. Since 2 divides 12, we have exactly two solutions,
but first we reduce the equation.

• x = x0 + k (n/ d) for k = 0, 1, . . . , (d − 1).

• Both solutions, 6 and 15 satisfy the congruence relation, because (14
× 6) mod 18 = 12 and also (14 × 15) mod 18 = 12.
Solve the equation 3x + 4 ≡ 6 (mod 13)
• Change the equation to the form ax ≡ b (mod n).
• We add −4 to both sides, which give 3x ≡ 2 (mod 13).
• gcd (3, 13) = 1
• the equation has only one solution= “x0 = (2 × 3−1) mod 13”
• Multiplicative inverse of 3 in mod 26 is 9.
• Hence we get x0 = (18) mod 13 = 5.
Set of Linear Equations

Solve
3x + 5y + 7z ≡ 3 (mod 16)
x + 4y + 13z ≡ 5 (mod 16)
2x + 7y + 3z ≡ 4 (mod 16)
Practice Questions
The following shows the remainders of powers of 10 when divided by 7. We can
prove that the pattern will be repeated for higher powers.
100 mod 7 = 1 101 mod 7 = 3 102 mod 7 = 2
103 mod 7 = −1 104 mod 7 = −3 105 mod 7 = −2
Using the above information, find the remainder of an integer when divided by 7.
Test your method with 631453672.
Solution: The pattern will repeat every 6 powers because 106mod 7=1, starting the
cycle again.
• For 631453672:
631453672=6⋅108+3⋅107+1⋅106+4⋅105+5⋅104+3⋅103+6⋅102+7⋅101+2. 100
106mod7=1 107mod 7=3 108mod 7=2 (since 108=102⋅106 )
calculate the remainders: 12 mod 7 + 9 mod 7 + 1 mod 7 + (-8) mod7 + (-15)
mod 7+ (-3)mod 7+ 12 mod 7 +21 mod 7 + 2 mod 7 =10 mod 7 = 3
The remainder of 631453672 when divided by 7 is 3
Find all solutions to each of the following linear equations:
a. 3x ≡ 4 (mod 5)
b. 4x ≡ 4 (mod 6)
c. 9x ≡ 12 (mod 7)
d. 256x ≡ 442 (mod 60)
Find all solutions to the following sets of linear equations:
a. 3x + 5y ≡ 4 (mod 5)
b. 2x + y ≡ 3 (mod 5)
c. 3x + 2y ≡ 5 (mod 7)
d. 4x + 6y ≡ 4 (mod 7