# The Sixth Lesson of the Course

## Commentary on Modular Arithmetic

20feb12
\begin{document} \maketitle \section{Introduction} You will find all but the last section here in D'Angelo-West, Chapter 7. The approach is considerably simplified and directed to one goal, namely our exposition of the RSA Public Key Encryption algorithm. \section{Clock arithmetic} For practical reasons, modular arithmetic is introduced in the schools under the name of \textit{ clock arithmetic} because analog clock faces are still objects of considerable interest to bored students. Addition, subtraction, multiplication and division around a 12 or a 24 hour daily clock, or a calendar with 7 days in the week is a easily mastered. But how realistic are such exercises? \subsection{Digital computers} Well, consider the digital computer. Stored numbers have a physical basis, determined by their \textit{ type}, consisting of a few \textit{ words} each composed of a fixed number of binary digits. Thus, a 32-bit computer stores its \textit{ double integers} in two 32-bit words. Real numbers are approximated by so-called \textit{ floating point numbers} which consist of a 32-bit binary fraction $-1< u < 1$, called the \textit{ mantissa}, and a perhaps 16-bit \textit{ exponent} $e$ representing the number $m2^e$. Floating point arithmetic is quite complicated, and not discussed in this course. But integral arithmetic is an application of modular arithmetic. \section{Definitions and Vocabulary} Here are is the new vocabulary needed to discuss modular arithmetic. \begin{itemize} \item The \textbf{modulus} is a whole number $m>1$ \item Two integers are \textbf{ congruent } if they have the same non-negative remainder when divided by the modulus. We write this relation in one of several ways, depending on the context: \begin{itemize} \item $a \equiv b \mbox{ mod}(m)$ is alway unambiguously understood. \item $a \equiv b \ (m)$ is an abbreviation of the above for the lazy. \item $a \equiv_m b$ is convenient when calculating \item $a =(m)= b$ in emails as long as you say what you mean once. \item In Python, it would be $a\%m == b\%m$. \end{itemize} \item To say $c \equiv_m 0$, is equivalent to $m|c$, and to $(\exists q)(c=mq)$. \item So $b-a \equiv_m 0$ is yet another way of writing $a\equiv_m b$. \item And $(\exists t)\ b = a + tm$ another. \end{itemize} \section{Four-function arithmetic modulo $m$} To say that we can add, subtract and multiply in fixed modulus can be formalized by this propositions \textbf{Proposition: } \begin{eqnarray*} \mbox{ If } a &\equiv_m& b \\ \mbox{ and } s &\equiv_m& t \\ \mbox{ then } a+s &\equiv_m& b+t \\ \mbox{ and } a-s &\equiv_m& b-t \\ \mbox{ and } as &\equiv_m& bt \\ \end{eqnarray*} but $a/s \equiv_m b/t$ might fail to be true even if $\neg(s \equiv_m 0)$. As in the arithmetic of the rational numbers, one need \textit{ reciprocals}, also called \textit{ multiplicative inverses} for division. \textbf{ Proof: } Using the very last paraphrase of congruence above, some integer arithmetic, especially the distributive law makes the rest of the proof a good exercise. \subsection{Modular division} The reason that division is not a sure thing in modular arithmetic is the following situation when the modulus is composite, $m = ab$. Since both $1< a,b < m$, neither is divisible by $m$. So neither is congruent to $0$ modulo($m$), but their product is, $ab=m\equiv_m 0$. Such numbers are called \textit{ zero-divisors modulo}$m$. For example. Modulo $6$ neither $2$ nor $3$ is a multiple of $6$, but their product is. Thus the equation $2x\equiv_6 1$ cannot have a solution. For, if it did, multiply both sides of the congruence by $3$ and see what happens. Question: Show that, if $m=ab$, the assumption that $b$ has a reciprocal mod($m$) leads to a contradiction. On the other hand, suppose gcd$(a,m)=1$ then $1 = as +mt \equiv_m as$, and $a$ has the multiplicative inverse, namely $s$, in the arithmetic modulo $m$. Since a prime is relatively prime to every integer except $0$, every integer not divisible by a prime modulus, has a reciprocal modulo that prime. Algebraists summarize the above by defining structures such as the \textit{ring of integers modulo} $m$, written $\mathbb{Z}_m$. When the modulus is a prime $p$, the ring $\mathbb{Z}_p$ becomes a field. Essentially, a ring is an algebraic structure with two operations, addition and multiplication, satisfying all the usual properties these operations have among the integers. If, in addition, every non-zero element of ring has a reciprocal (a.k.a. multiplicative inverse), then it is called a field. Familiar fields are $\mathbb{Q}$ and $\mathbb{R}$. An element of $\mathbb{Z_m}$ is an \textit{ equivalence class } modulo $m$. This concept is no more difficult to understand than the equivalence of the two rationals $\frac{2}{3}=\frac{400}{600}$, except that you learned the latter back in grade school. \section{Applications of Modular Arithmetic} \subsection{Powers hold no terror modulo $m$} Note how easy it is to compute $6^{82}$ modulo $7$: $6^{82} \equiv_7 (-1)^{82} = 1 \Rightarrow 6^{82} \equiv_7 1$ What about modulo $13$ ? \\ Step 1: Build a table of squares: \begin{eqnarray*} 6^2=36 &\equiv_{13}& -3 \\ 6^4=(6^2)^2 &\equiv_{13}& (-3)^2 = 9 \equiv -4 \\ 6^8 &\equiv& 16 \equiv 3 \\ 6^{16} &\equiv& 3^2 \equiv -4 \\ 6^{32} &\equiv& 3 \\ 6^{64} &\equiv& -4 \\ \end{eqnarray*} Step 2: Resolve exponent in binary: \\ \begin{eqnarray*} 82 & = & 64 + 16 + 2 = 2^6 + 2^4 + 2^1 =_2 1010010 \\ 6^{82} & = & 6^{64} 6^{16} 6^2 \equiv_{13} (-4)(-4)(-3)\equiv 3(-3) \equiv -9 \equiv 4 \\ \end{eqnarray*} Comment: In the practical world the numbers $a,e,m$ for solving $a^e \equiv_m ?$ are gigantic, and require a computer. In the classroom, they are tiny, and take a little of figuring. For your homework, I recommend Python on your computer. Question: Just what are all the powers of $2$ modulo $13$? \subsection{Divisibility rules for whole numbers} We all recognize whether a decimal number is divisible by 2,5,10 immediately. Most of us know the \textit{ Rule of 3s}, which says to add up the digits. But only if you've studies modular arithmetic would you know why, and also how to devise any other, such as the \textit{ Rule of 13.} For divisibility of $a$ by $2,3,4,9,10,11$ we can use this strategy. Write the number as a decimal $a=d_n ... d_2 d_1 d_0$ and recall that this means $a = \Sigma_{i=0}^n d_i 10^i$. Since $10 \equiv_2 0$, when this polynomial in powers of 10 is reduced modulo$2$ we are left with just the unit digit $\Sigma_{i=0}^n d_i 10^i \equiv_2 d_0$. Question. Use this argument to determine that $\Sigma_{i=0}^n d_i 10^i \equiv_k d_0$ for $k=2,5,10$. Since $10 \equiv_3 = 1$ and $10 \equiv_9 = 1$ we see that we can simplify the problem by adding the digits of $a$, iterativly if necessary, for $3$ and $9$. For example $1234321 \equiv_3 16 \equiv_3 7 \equiv_3 1$ $1234321 \equiv_9 16 \equiv_9 7 \equiv_9 7$. is not divisible by $3$, while $123432$ is divisible by $3$. For divisibility by $11$ you take the alternating sum of the digits: $d_0 - d_1 + d_2 -+d_n$. Question. Is $1234321$ divisible by $9$? What about by $11$? Justify your solution, don't just state it. Already for $7$ things are more difficult. And $13$ requires some real ingenuity. See if you can figure out a strategy by yourself instead of being told or you looking it up. \subsection{Solving equations} The first equation you every saw in elementary algebra might have looked like this: $3x = 7$, and you were either taught that it had no solution because 7 is not a multiple of 3, or that its solution is $x =\frac{7}{3}$. (Actually, if you were taught by an obedient but uninspired teacher, you would have written $x = 2\frac{1}{7}$. This is OK if you speak it out loud, but not in an algebra class, where it becomes $x = \frac{2}{7}$ after "simplifying a product of fractions".) In modular arithmetic we solve equations like $ax \equiv_m b$ for $x$. \textbf{ Proposition: } Given $a,b,m$, $ax \equiv_m b$ for $x$ has a solution if and only if $(a,m)|b$. \textbf{ Proof: } Suppose first that $d=\mbox{gcd}(a,m)$ divides $b$. Then $b=de$ and a solution to $ax + my = d$ furnishes a solution $a(xe) + m(ye) =de = b$. So we have solution $a(xe)\equiv_m b$. Conversely, suppose we have the solution $ax + my = b$. Since $d|a$ and $d|m$, we have $d|$LHS. So $d|$RHS. q.e.d. \section{Fermat's Little Theorem (FLT)} \textbf{Theorem} If $p$ is prime and $(a,p)=1$ then $a^{p-1}\equiv_p 1$. Equivalently: \begin{enumerate} \item If $p$ is prime and $\neg(p|a)$ then $p| a^{p-1} - 1$ \item If $p$ is prime and $gcd(a,p)=1$ then $a^p \equiv_p a$. \item If $p$ is prime and $a\%p \ne 0$ then $p | a^p - a$. \end{enumerate} \subsection{Project idea:} Why did Fermat state this proposition in a letter to a friend? \subsection{Motivation} Suppose we calculate the residue module a prime of successive powers of an integer $\{a\%p, a^2\%p, a^3\%p, ....\}$. There are only $p$ possible numbers that appear in this infinite sequence, namely $\{0,1,2,...,p-1\}$. Now invoke the second hypothesis. If $p$ does not divide $a$ then the number $0$ will never appear in this sequence. And, once we've proved the theorem, the number $1$ will appear in this squence. Exercise: Write a Python program to investigate this sequence for a list of 10 pairs of numbers $a,p$. \textbf{ Proof: } Consider the numbers $\{ a, 2a, 3a, .... ,(p-1)a \}$ as well as their residues modulo $p$, namely $\{r_1, r_2, ...,r_{p-1}\ | \ r_j = ja\%p \}$. Note that while in the first set there can be huge as well as negative numbers, in the second set $0 < r_j < p$. Moreover, they must all be different by the following argument. \textbf{Lemma:} $(\forall j > i)(r_j \ne r_i)$ \textbf{Proof of lemma: } By contradiction (i.e. the negation is false), Suppose $r_j=r_i=r \mbox{ but } j > i$. \begin{eqnarray*} ja &=& pq + r \\ ia &=& pq' + r \\ (j-i)a &=& p(q-q') \\ p|(j-i)& & \mbox{ since } (a,p)=1 \\ \end{eqnarray*} The contraction is in the last line, since $j-i$ is too small to be a multiple of $p$, right? \textbf{ Continuation of the main proof: } So there are exactly $p-1$ different numbers in the set $\{r_j\}$, hence this is just a permuation of the the numbers $\{1,2,...,p-1\}$. So their products are identical $r_1 r_2 ... r_{p-1} = (p-1)!$. We have \begin{eqnarray*} (a)(2a)...(p-1)a &=& a^{p-1}(p-1)! \\ (a)(2a)...(p-1)a &\equiv& r_1 r_2 ... r_{p-1} = (p-1)! \\ \therefore a^{p-1}(p-1)! &\equiv & (p-1)! \\ \therefore p&| & (a^{p-1}-1)(p-1)! \\ \therefore p&| & (a^{p-1}-1) \mbox{\ think why }\\ \therefore a^{p-1} &\equiv_p& 1\\ \end{eqnarray*} The "think why" step answers these natural questions: \begin{itemize} \item What's so special about $p-1$? \item Why shouldn't $p|a$? \item What's great about $p$ being a prime? \item How do I memorize this proof for the midterm? \end{itemize} \section{Aplication to the RSA encryption } Next Lesson \end{document}