Next Article in Journal
About Cogredient and Contragredient Linear Differential Equations
Previous Article in Journal
Analytic Representation of Maxwell—Boltzmann and Tsallis Thermonuclear Functions with Depleted Tail

Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

# A Note on the Computation of the Modular Inverse for Cryptography

by
Michele Bufalo
1,
Daniele Bufalo
2 and
Giuseppe Orlando
3,*
1
Department of Methods and Models for Economics, Università degli Studi di Roma “La Sapienza”, Territory and Finance, Via del Castro Laurenziano 9, 00185 Roma, Italy
2
Department of Informatics, Università degli Studi di Bari Aldo Moro, Via Orabona 4, 70125 Bari, Italy
3
Department of Economics and Finance, Università degli Studi di Bari Aldo Moro, Via C. Rosalba 53, 70124 Bari, Italy
*
Author to whom correspondence should be addressed.
Axioms 2021, 10(2), 116; https://doi.org/10.3390/axioms10020116
Submission received: 26 April 2021 / Revised: 29 May 2021 / Accepted: 5 June 2021 / Published: 9 June 2021

## Abstract

:
In literature, there are a number of cryptographic algorithms (RSA, ElGamal, NTRU, etc.) that require multiple computations of modulo multiplicative inverses. In this paper, we describe the modulo operation and we recollect the main approaches to computing the modulus. Then, given a and n positive integers, we present the sequence $( z j ) j ≥ 0$, where $z j = z j − 1 + a β j − n$, $a < n$ and $GCD ( a , n ) = 1$. Regarding the above sequence, we show that it is bounded and admits a simple explicit, periodic solution. The main result is that the inverse of a modulo n is given by $a − 1 = ⌊ i m ⌋ + 1$ with $m = n / a$. The computational cost of such an index i is $O ( a )$, which is less than $O ( n ln n )$ of the Euler’s phi function. Furthermore, we suggest an algorithm for the computation of $a − 1$ using plain multiplications instead of modular multiplications. The latter, still, has complexity $O ( a )$ versus complexity $O ( n )$ (naive algorithm) or complexity $O ( ln n )$ (extended Euclidean algorithm). Therefore, the above procedure is more convenient when $a < < n$ (e.g., $a < ln n$).
MSC:
11T71; 11Y16; 11Y05

## 1. Introduction

The modulo operation returns the remainder of a division, after one number is divided by another number called “modulus”. In other terms, given two positive numbers a and n, $a mod n$ is the remainder of the Euclidean division of the dividend a by the divisor n.
A modular multiplicative inverse of an integer a is an integer x such that the product $a x$ is congruent to 1 with respect to the modulus n, and it is denoted as
$a x ≡ 1 ( mod n ) .$
Modulo n is an equivalence relation. The equivalence class of the integer a, denoted by $a ¯ n$, is the set ${ … , a − 2 n , a − n , a , a + n , a + 2 n , … }$. This set, consisting of all the integers congruent to a modulo n, is called congruence class or residue class of the integer a modulo n.
If a has an inverse modulo n, then there are an infinite number of solutions that belong to the congruence class with respect to the said modulus. In addition, any integer that is congruent to a will have any element of x’s congruence class as a modular multiplicative inverse. In other terms, denoted with the symbol $· n$, the multiplication of equivalence classes modulo n, the modulo multiplicative inverse of the congruence class $a ¯$ is the congruence class $x ¯$ such that:
$a ¯ · n x ¯ = 1 ¯ .$
This multiplication is the analogue of the multiplicative inverse in the set of real numbers where numbers are replaced by congruence classes. Therefore, a fundamental use of this operation is to solve (whenever possible) linear congruences of the form
$a x ≡ b ( mod n ) .$
The solution of Equation (1) has practical applications in the field of public-key cryptography and, in particular, in the Rivest–Shamir–Adleman (RSA) algorithm [1] where encryption and decryption are performed by using a pair of large prime numbers that are multiplicative inverses with respect to a selected modulus.
When invented, RSA was considered one of the most effective algorithms because there was no key exchange in the encryption and decryption processes. In the RSA algorithm, the strength depends on the factorization problem that is NP complete [2] and the key length was the only way to protect systems. However, the RSA key is broken from time to time due to the development of both software and computer speed. To counter that, developers have increased key length from one time to another to maintain a high security and privacy to systems that are protected by the RSA. Other countermeasures vary from using multiple public and private keys [3] to enhance and secure the RSA public key cryptosystem (ESRPKC) algorithm using the Chinese remainder theorem [4], from the use of a pair of random numbers and their modular multiplicative inverse [5] to the Cuckoo Search Optimization (CSA) algorithm for securing data integrity in the cloud [6]. For a survey, see Mumtaz et al. [7].
As mentioned, cryptographic algorithms rely on multiple computations of modulo multiplicative inverses. Examples are the RSA cryptographic algorithm by [8,9], RSA with digital signature [10], ElGamal cryptocol [11]; encryption and decryption schemes based on extraction of square roots [12], NTRU cryptosystem [13], modular multiplicative inverse (MMI) for cryptanalysis of public-key cryptographic protocols [14], etc. Recently, Boolean functions have gained attraction because of some interesting properties from a cryptographic point of view such as “nonlinearity, propagation criterion, resiliency, and balance” [15]. However, following similar research on RSA cryptographic algorithms, we focused on the problem of encrypting/decoding information based on the use of the vector-modular methods. For example, Yakymenko et al. [16] suggest a modular exponential to “replace the complex operation of modular multiplication with the addition operation, which increases the speed of the RSA cryptosystem”. In our case, instead, we investigate the properties of the sequence $( z j ) j ≥ 0$ in Definition 1, which we show to be useful for computing the inverse modulo. In particular, for the above sequence, we show that it is bounded and admits a simple explicit, periodic solution. Next, we illustrate that the inverse of a modulo n is given by $a − 1 = ⌊ i m ⌋ + 1$ with $m = n / a$. The advantage is that the computational cost of such an index i is $O ( a )$ versus $O ( n ln n )$ of the Euler’s phi function. Finally, we suggest an algorithm for calculating $a − 1$ using plain multiplications instead of modular multiplications. The latter, again, has complexity $O ( a )$ versus complexity $O ( ln n )$ of the extended Euclidean algorithm. Therefore, the above procedure is more convenient when $a < < n$ (e.g., $a < ln n$). Those results are new in literature.
This work is divided as follows: Section 2 describes the main approaches to the computation of modulus. Section 3 illustrates the sequence $( z j ) j ≥ 0$ along with some of its properties. Section 4 presents the conclusions.

## 2. Main Approaches to the Computation of Modulus

In the following, we describe the most common methods to compute the inverse modulo n.

#### 2.1. Naive Method (Recursive Multiplications)

This is the simplest way to compute the inverse of a positive integer a, modulo n, with $a < n$ and greatest common divisor $GCD ( a , n ) = 1$. We have to multiply a by all the elements of $N n * = { 1 , 2 , … , n − 1 }$ and the first of them which gives a product equal to 1 (modulo n) will be the inverse of a. The complexity in this case is $O ( n )$.
Example 1.
To find the inverse of $a = 6$ modulo $n = 7$, we have to multiply a by every element of $N 7 * = { 1 , 2 , … , 6 }$, i.e.,
$1 · 6 = 6 ( mod 7 ) , 2 · 6 = 12 ≡ 5 ( mod 7 ) , 3 · 6 = 18 ≡ 4 ( mod 7 ) ,$
$4 · 6 = 24 ≡ 3 ( mod 7 ) , 5 · 6 = 30 ≡ 2 ( mod 7 ) , 6 · 6 = 36 ≡ 1 ( mod 7 ) .$
Therefore, $a − 1 = 6$ modulo 7.

#### 2.2. Euler’s Phi Function

The following approach was introduced in modern terms by Gauss with reference to Euler (even though the method has been reported before [17]). Given a positive integer n, the Euler’s phi function $Φ ( n )$ (or Euler’s totient function) counts the number of primes, up to n, which are relatively prime to n. It can be expressed as
$Φ ( n ) = n ∏ p j | n 1 − 1 p j ,$
with $p j$’s being the primes dividing n. Given a positive integer a, with $a < n$ and $GCD ( a , n ) = 1$, one has
$a Φ ( n ) ≡ 1 ( mod n )$
due to the well-known Fermat’s little theorem. The above relation provides an explicit formula for the inverse of a modulo n that is
$a − 1 = a Φ ( n ) − 1 .$
However, the calculation of $Φ ( n )$ is equivalent to doing the prime factorization of n, hence the complexity of Formula (2) is $O ( n ln n )$. Thus, despite (2) giving a closed formula, it is less convenient than a recursive algorithm (like those of Section 2.1 and Section 2.3).
Example 2.
To compute the inverse of 23 modulo 36 through Formula (2), one has
$Φ ( 36 ) = 36 1 − 1 2 1 − 1 3 = 12 ,$
and $23 12 − 1 ≡ 11 ( mod 36 )$, i.e., $23 − 1 ≡ 11 ( mod 36 )$.

#### 2.3. Extended Euclidean Algorithm

One of the ancient methods to compute the GCD between two integers $a , b$, with $a > b$, is given by the Euclidean algorithm. It is based on the following property: if both a and b divide a same integer c, then also their difference $a − b$ divides c. The algorithm states that $GCD ( a , b ) = b$ if the difference $d = a − b$ is equal to b; otherwise, $a , b$ are replaced by $max { a − b , b }$ and $min { a − b , b }$, respectively, and the previous procedure is repeated by computing the new difference d. Table 1 describes the pseudocode of the algorithm.
An interesting extension of such method works with repeated divisions instead of the repeated differences. By computing the following quotients $q i$ and remainders $r i$,
$a = b · q 0 + r 0 ,$
$b = r 0 · q 1 + r 1 ,$
$r 0 = r 1 · q 2 + r 2 ,$
$⋮$
$r i − 1 = r i · q i + 1 + r i + 1 ,$
$⋮$
it is possible to say that $GCD ( a , b )$ is the last non-zero remainder $r i$. The complexity of this method is $O ( ln n )$. The pseudocode of this procedure is reported in Table 2.
The above method allows us to compute the inverse modulo n through the so-called Bézouts’s identity which states that there exist two integer $s , t$ such that
$GCD ( a , b ) = s · a + t · b .$
The numbers $s , t$ can be computed from the quotients $q i$ ($i ≥ 0$), by reversing the order of the equations in the Euclidean algorithm (with repeated divisions). Beginning with the last non-zero remainder $r i$, we can write
$GCD ( a , b ) = r i = r i − 2 − q i · r i − 1 .$
The quantity $r i − 1 , r i − 2$ may be likewise expressed in terms of their quotients and preceding remainders, i.e.,
$r i − 1 = r i − 3 − q i − 1 · r i − 2 ,$
$r i − 2 = r i − 4 − q i − 2 · r i − 3 .$
Substituting these formulas into the first equation yields $GCD ( a , b )$ as a linear sum of $r i − 3 , r i − 4$. The process of substituting remainders by formulas involving their predecessors can be continued until a and b are reached, as follows:
$⋮$
$r 2 = r 0 − q 2 · r 1 ,$
$r 1 = b − q 1 · r 0 ,$
$r 0 = a − q 0 · b .$
After all the remainders $r i$ ($i ≥ 0$) have been replaced, the final equation expresses $GCD ( a , b )$ as the linear combination $s · a + t · b$.
In the special case that $GCD ( a , b ) = 1$, then t is the multiplicative inverse of b, modulo a, or, equivalently, s is the multiplicative inverse of a, modulo b.
The pseudocode of this method is shown in Table 3.
Example 3.
Consider $a = 27$ and $n = 392$. Obviously, $GCD ( 27 , 392 ) = 1$. The extended Euclidean algorithm gives
$392 = 27 · 14 + 14 ,$
$27 = 14 · 1 + 13 ,$
$14 = 13 · 1 + 1 .$
By rewriting the next steps backward, we obtain
$1 = 14 − 13 · 1 = 14 − ( 27 − 14 · 1 ) = 2 · 14 − 2 = 2 ( 392 − 27 · 14 ) − 27 = 2 · 392 + 27 ( − 29 ) ,$
where $− 29 ≡ 363 ( mod 392 )$. Hence, we can conclude that $27 − 1 ≡ 363 ( mod 392 )$.

## 3. The Sequence $z j$: Definition and Properties

In this section, given a and n positive integers, we define the sequence $( z j ) j ≥ 0$, where $z j = z j − 1 + a β j − n$, $a < n$ and $GCD ( a , n ) = 1$. For the said sequence, we illustrate some properties and results useful to the computation of the inverse modulo.

#### 3.1. Definitions and Main Results

Definition 1.
Given two positive integers $a , n$ with $a < n$ and $GCD ( a , n ) = 1$, define the sequence $( z j ) j ≥ 0$ as follows:
$z j = z j − 1 + a β j − n ( j ≥ 1 ) ,$
starting from $z 0 = 0$, with
$β 1 = M β j = n − z j − 1 a + 1 j ≥ 2 ,$
with M being the ceiling part of $m : = n / a$.
Observe that $β j$’s represent the (ceiling) difference between n and $z j$ relative to a.
Next, the Proposition gives an explicit expression for the sequence $( z j ) j ≥ 0$.
Proposition 1.
The explicit form of the sequence $( z j ) j ≥ 0$ defined in (3) is given by
$z j = a ∑ h = 1 j β h − j n .$
Proof.
The proof is immediate, indeed starting from definition (3), one has
$z 1 = a β 1 − n ,$
$z 2 = z 1 + a β 2 − n = a ( β 1 + β 2 ) − 2 n ,$
$⋮$
$z j = z j − 1 + a β j − n = a ∑ h = 1 j β h − j n .$
The following Proposition gives an explicit, and more convenient, expression for the sequence $( β j ) j ≥ 1$.
Proposition 2.
Let $( β j ) j ≥ 1$ be the sequence defined in (4). For any $j ≥ 1$, it holds that
$β j = ⌊ j m ⌋ − ⌊ ( j − 1 ) m ⌋ ,$
with $m = n / a$. Moreover,
$∑ h = 1 j β h = ⌊ j m ⌋ + 1 .$
Proof.
First of all, observe that (6) implies that the partial sum is (7), since
$∑ h = 1 j β h = ∑ h = 1 j ⌊ h m ⌋ − ⌊ ( h − 1 ) m ⌋ =$
$⌊ j m ⌋ − ⌊ ( j − 1 ) m ⌋ + ⌊ ( j − 1 ) m ⌋ − ⌊ ( j − 2 ) m ⌋ + … + ⌊ 3 m ⌋ − ⌊ 2 m ⌋ + ⌊ 2 m ⌋ − ⌊ m ⌋ + M =$
$⌊ j m ⌋ − ⌊ m ⌋ + M = ⌊ j m ⌋ + 1 ,$
being $⌊ m ⌋ = M − 1$.
Formula (6) can be proved by induction on j. Indeed, if $j = 2$, by relation (3), one has
$β 2 = n − z 1 a + 1 = n − a M + n a + 1 = ⌊ 2 m ⌋ − M + 1 = ⌊ 2 m ⌋ − ⌊ m ⌋ .$
Now, if (6) holds true up to the index $( j − 1 )$, then, by relations (5) and (7), it is easy to see that
$β j = n − z j − 1 a + 1 = n − a ∑ h = 1 j − 1 β h + ( j − 1 ) n a + 1 = ⌊ j m ⌋ − ⌊ ( j − 1 ) m ⌋ − 1 + 1 =$
$⌊ j m ⌋ − ⌊ ( j − 1 ) m ⌋ .$
Corollary 1.
The sequence $( z j ) j ≥ 0$ defined in (3) can be rewritten as
$z j = a ⌊ j m ⌋ + 1 − j n ( j ≥ 1 ) ,$
with $z 0 = 0$.
Proof.
The assertion results by combining relations (5) and (7). □
Now, we are able to state the main results of this section.
Theorem 1.
Consider two positive integers $a , n$ with $a < n$ and $GCD ( a , n ) = 1$. Let $( z j ) j ≥ 0$ be the sequence defined in (3) and $i ≥ 1$ the index such that $z i = 1$. Then, due to (8), the inverse of a modulo n is given by
$a − 1 = ⌊ i m ⌋ + 1 ,$
with $m = n / a$.
Proof.
Since $GCD ( a , n ) = 1$, from the Bézouts’s identity, there exists an index $i ≥ 1$ such that $z i = 1$. Indeed, without loss of generality, there exist a pair of positive integers $g , i$ such that
$1 = g a − i n .$
Fixing i, from the above equation, we obtain
$g = i m + 1 a = ⌊ i m ⌋ + φ i + 1 a = ⌊ i m ⌋ + 1 ,$
where we denote by
$φ j = j m − ⌊ j m ⌋ ( j ≥ 0 ) ,$
the fractional part function of $j m$. In particular, the last equality of (10) holds true because both g and $⌊ i m ⌋$ are positive integers. Thus, as $φ i$ and $1 a$ belong to $( 0 , 1 )$ we can say that $φ i + 1 a$ must be equal to 1. Hence,
$1 = a ⌊ i m ⌋ + 1 − i n ,$
and, more specifically,
$a ⌊ i m ⌋ + 1 ≡ 1 ( mod n ) ,$
which implies
$a − 1 ≡ ⌊ i m ⌋ + 1 ( mod n ) ,$
where the last equality comes from Proposition 2. Finally, notice that $⌊ i m ⌋ + 1 < n$ (see Corollary 2) and this concludes the proof. □

#### 3.2. Properties of the Sequence $z j$

To better understand the nature of the sequence $( z j ) j ≥ 0$, we illustrate the following properties.
Proposition 3.
The sequence $( z j ) j ≥ 1$ defined in (3) is periodic with a period equal to a.
Proof.
For any $j ≥ 1$, we have to prove that $z j + a = z j$. Let us proceed by induction on j. If $j = 1$,
$z 1 + a = a ( ⌊ ( 1 + a ) m ⌋ + 1 ) − ( 1 + a ) n = a M + a n − n − a n = z 1 .$
Now, if the assertion holds true for $( j − 1 )$, from relation (3), we may write
$z j + a = z ( j − 1 ) + a + a β j + a − n = z j − 1 + a ⌊ ( j + a ) m ⌋ − ⌊ ( j + a − 1 ) m ⌋ − n ,$
where
$⌊ ( j + a ) m ⌋ − ⌊ ( j + a − 1 ) m ⌋ = ⌊ j m + n ⌋ − ⌊ ( j − 1 ) m + n ⌋ = ⌊ j m ⌋ − ⌊ ( j − 1 ) m ⌋ .$
Therefore, we get
$z j + a = z j − 1 + a ⌊ j m ⌋ − ⌊ ( j − 1 ) m ⌋ − n = z j − 1 + a β j − n = z j .$
Corollary 2.
The sequence $( z j ) j ≥ 0$ defined in (3) is less than n. In particular, the modular inverse defined in (9) is also less than n.
Proof.
From Proposition 3, we have to prove that $z j < n$ for any $0 ≤ j ≤ a$. For this purpose, distinguish the following three cases:
(i)
The $j = 0$ is trivial.
(ii)
If $0 < j < a$, we have
$z j = a ( j m − φ j + 1 ) − j n = a ( 1 − φ j ) < a < n .$
(iii)
The case $j = a$ may be proved analogously to ii).
Finally, it is clear that the modular inverse defined in (9), i.e., $⌊ i m ⌋ + 1$, is less than n since $i ≤ a − 1$. □
To see what was observed up to now, we shall consider a numerical example.
Example 4.
Choose $a = 131$ and $n = 621$. Obviously, $GCD ( a , n ) = 1$ that guarantees the existence of $a − 1$. It is obtained by $i = 27$ and
$131 − 1 = 27 · 621 131 + 1 = 128 ,$
modulo 621. Figure 1 shows the behavior of the sequence $( z j ) j ≥ 0$. In particular, the blue line denotes the series when $1 ≤ j ≤ 203$, while those colored in red represent the entire sequence from two consecutive unitary $z i$’s (circled in red), i.e., $i = 27$ and $i = 158$. As proved, the series $( z j ) j ≥ 1$ is periodic with a period equal to 131 and any value less than 621.

#### 3.3. Limitations and Future Challenges

A limitation of the proposed approach is that we have left the problem of determining the index i unsolved. In fact, by virtue of Theorem 1, we need to compute $z i = 1$, such that
$a ⌊ i m ⌋ + 1 − i n = 1 .$
Observe that $⌊ i m ⌋ = i m − φ i$, where $φ i$ is defined by (11), and can be easily computed, as follows.
Proposition 4.
Let i be the solution of Equation (12); then, one has
$φ i = a − 1 a .$
Proof.
Equation (12) gives
$1 = a ⌊ i m ⌋ + 1 − i n = a i m − φ i + 1 − i n = a ( 1 − φ i ) ,$
which implies Formula (13). □
Example 5.
With reference to Example 4, we have $m = 4.7405$ and $i = 27$. By computing $φ i$ directly from i, we obtain the value $0.9924$, which coincides with that given by the a priori Formula (13).
The knowledge of $φ i$ jointly with the periodicity information given by Proposition 4 suggests to solve the problem (12) by the simple algorithm described in Table 4.
Notice that the complexity of the algorithm just shown in Table 4 is $O ( a )$. Therefore, the above procedure is more convenient when $a < < n$ (e.g., $a < ln n$). In addition, when a is close to n, the algorithm in Table 4 is still better compared to the naive algorithm in Table 1 (since it involves simple multiplications instead of modular multiplications). Furthermore, Equation (9) represents a closed formula for the modular inverse, as does Equation (2), where the computational cost of the index i is $O ( a )$. This is less than $O ( n ln n )$ of the Euler’s phi function. These features are a clear advantage when n is large.

## 4. Conclusions

In this article, we have introduced the modulo operation and described the most common methods for computing the inverse modulo n. Hence, we have shown that, to solve the problem in Equation (12) through a closed formula, we need to investigate the properties of the sequence $( z j ) j ≥ 0$. The fact that the sequence $( z j ) j ≥ 0$ admits a simple explicit form which is periodic (for $j ≥ 1$) helps us in understanding the features of $( z j ) j ≥ 0$. In particular, we have shown that the computational cost is $O ( a )$ versus $O ( n ln n )$ of Euler’s phi function. In terms of implementation, we suggest an algorithm for calculating $a − 1$ using plain multiplications instead of modular multiplications. From a practical point of view, this approach is quite convenient because it has complexity $O ( a )$ compared to $O ( ln n )$ of the extended Euclidean algorithm. This result is related to the characteristics of i, and, consequently, of $a − 1$. Next, research will focus on the determination of the index i such that $z i = 1$.

## Author Contributions

Conceptualization, M.B.; methodology, M.B. and D.B.; software, D.B.; validation, G.O., M.B. and D.B., formal analysis, M.B. and D.B.; investigation, G.O., M.B. and D.B.; resources, M.B. and D.B.; data curation, M.B. and D.B.; writing—original draft preparation, M.B.; writing—review and editing, G.O. and M.B.; visualization, G.O. and M.B.; supervision, G.O. and M.B.; project administration, G.O. and M.B. All authors have read and agreed to the published version of the manuscript.

## Funding

This research received no external funding.

No applicable.

No applicable.

No applicable.

## Conflicts of Interest

The authors declare no conflict of interest.

## References

1. Rivest, R.L.; Shamir, A.; Adleman, L.M. Cryptographic Communications System and Method. U.S. Patent 4,405,829, 20 September 1983. [Google Scholar]
2. Somani, U.; Lakhani, K.; Mundra, M. Implementing digital signature with RSA encryption algorithm to enhance the Data Security of cloud in Cloud Computing. In Proceedings of the 2010 First International Conference On Parallel, Distributed and Grid Computing (PDGC 2010), Solan, India, 28–30 October 2010; pp. 211–216. [Google Scholar]
3. Mezher, A.E. Enhanced RSA cryptosystem based on multiplicity of public and private keys. Int. J. Electr. Comput. Eng. 2018, 8, 3949. [Google Scholar] [CrossRef] [Green Version]
4. Kumar, V.; Kumar, R.; Pandey, S. An enhanced and secured RSA public key cryptosystem algorithm using Chinese remainder theorem. In Proceedings of the International Conference on Next, Generation Computing Technologies, Dehradun, India, 30–31 October 217; Springer: Berlin/Heidelberg, Germany, 2017; pp. 543–554. [Google Scholar]
5. Islam, M.A.; Islam, M.A.; Islam, N.; Shabnam, B. A modified and secured RSA public key cryptosystem based on “n” prime numbers. J. Comput. Commun. 2018, 6, 78. [Google Scholar] [CrossRef] [Green Version]
6. Raja shree, S.; Chilambu Chelvan, A.; Rajesh, M. An efficient RSA cryptosystem by applying cuckoo search optimization algorithm. Concurr. Comput. Pract. Exp. 2019, 31, e4845. [Google Scholar] [CrossRef]
7. Mumtaz, M.; Ping, L. Forty years of attacks on the RSA cryptosystem: A brief survey. J. Discret. Math. Sci. Cryptogr. 2019, 22, 9–29. [Google Scholar] [CrossRef]
8. Crandall, R.; Pomerance, C.B. Prime Numbers: A Computational Perspective; Springer Science & Business Media: Berlin/Heidelberg, Germany, 2006; Volume 182. [Google Scholar]
9. Rivest, R.L.; Shamir, A.; Adleman, L. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 1978, 21, 120–126. [Google Scholar] [CrossRef]
10. Verkhovsky, B. Overpass-Crossing Scheme for Digital Signature. In Proceedings of the International Conference on System Research, Informatics and Cybernetics, Baden-Baden, Germany, 30 July–4 August 2001; Volume 30. [Google Scholar]
11. ElGamal, T. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 1985, 31, 469–472. [Google Scholar] [CrossRef]
12. Rabin, M.O. Digitalized Signatures and Public-Key Functions as Intractable as Factorization; Technical Report; Massachusetts Inst of Tech Cambridge Lab for Computer Science: Cambridge, MA, USA, 1979. [Google Scholar]
13. Hoffstein, J.; Pipher, J.; Silverman, J.H.; Silverman, J.H. An Introduction to Mathematical Cryptography; Springer: Berlin/Heidelberg, Germany, 2008; Volume 1. [Google Scholar]
14. Verkhovsky, B. Enhanced Euclid Algorithm for Modular Multiplicative Inverse and Its Application in Cryptographic Protocols. IJCNS 2010, 3, 901–906. [Google Scholar] [CrossRef]
15. Sosa-Gómez, G.; Paez-Osuna, O.; Rojas, O.; Madarro-Capó, E.J. A New Family of Boolean Functions with Good Cryptographic Properties. Axioms 2021, 10, 42. [Google Scholar] [CrossRef]
16. Yakymenko, I.; Kasianchuk, M.; Ivasiev, S.; Melnyk, A.; Nykolaichuk, Y.M. Realization of RSA cryptographic algorithm based on vector-module method of modular exponention. In Proceedings of the 2018 14th International Conference on Advanced Trends in Radioelecrtronics, Telecommunications and Computer Engineering (TCSET), Lviv-Slavske, Ukraine, 20–24 February 2018; pp. 550–554. [Google Scholar]
17. Ore, O. Number Theory and Its History; Dover Books on Mathematics Series; Dover: Mineola, New York, USA, 1988; ISBN 9780486656205. [Google Scholar]
Figure 1. Sequence $( z j ) 1 ≤ j ≤ 203$ when $a = 131$ and $n = 621$. The red line highlights the entire sequence $( z j ) j ≥ 1$ between two consecutive unitary $z i$’s (red circles).
Figure 1. Sequence $( z j ) 1 ≤ j ≤ 203$ when $a = 131$ and $n = 621$. The red line highlights the entire sequence $( z j ) j ≥ 1$ between two consecutive unitary $z i$’s (red circles).
Table 1. Pseudocode of the Euclidean algorithm (repeated differences).
Table 1. Pseudocode of the Euclidean algorithm (repeated differences).
 1. Initialize $i = 0$, $a i = a , b i = b$ and $F l a g = 0$; 2.while$F l a g = 0$ 3. set $d i = a i − b i$; 4.. if $a i − b i = b i$ 5. set $F l a g = 1$; 6.else set $i = i + 1$, $a i = max { a i − 1 − b i − 1 , b i − 1 }$, and $b i = min { a i − 1 − b i − 1 , b i − 1 }$; 7.end 8.end 9. set $GCD ( a , b ) = d i$.
Table 2. Pseudocode of the Euclidean algorithm (repeated divisions).
Table 2. Pseudocode of the Euclidean algorithm (repeated divisions).
 1. Initialize $i = 0$, $a i = a , b i = b$, and let $q i$, $r i$ be the quotient and the remainder of $a i / b i$, respectively; 2.if $r 0 = 0$ 3. let $GCD ( a , b ) = b$; 4.else 5.while $r i ≠ 0$ 6. set $i = i + 1$, $a i = b i − 1$,$b i = r i − 1$, and let $q i$, $r i$ be the quotient and the remainder of $a i / b i$, respectively; 7.end 8. set $GCD ( a , b ) = r i − 1$. 9.end
Table 3. Pseudocode of the inverse modulo n (through the extended Euclidean algorithm).
Table 3. Pseudocode of the inverse modulo n (through the extended Euclidean algorithm).
 1. Compute $q j , r j$, $− 2 ≤ j ≤ i$ (where $r − 1 = a , r − 2 = n$ and $r i = 1$ is the last remainder) by the extended Euclidean algorithm (see Table 2) between a and n; 2.for $j = i : − 1 : − 2$ 3. write $r j$ as linear combination of $r j − 1$ and $r j − 2$; 4.end 5. set $a − 1$ equal to the coefficient multiplied by a in the final recursive relation.
Table 4. Pseudocode of a simple algorithm to solve (12).
Table 4. Pseudocode of a simple algorithm to solve (12).
 1. Initialize $j = 0$, $z j = 0$ and set $m = n / a$, $φ = ( a − 1 ) / a$; 2.while$z j ≠ 1$ 3. set $z j = a ( j m − φ + 1 ) − j n$ and $j = j + 1$; 4.end 5. set $i = j − 1$ and $a − 1 = a ( i m − φ + 1 )$.
 Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

## Share and Cite

MDPI and ACS Style

Bufalo, M.; Bufalo, D.; Orlando, G. A Note on the Computation of the Modular Inverse for Cryptography. Axioms 2021, 10, 116. https://doi.org/10.3390/axioms10020116

AMA Style

Bufalo M, Bufalo D, Orlando G. A Note on the Computation of the Modular Inverse for Cryptography. Axioms. 2021; 10(2):116. https://doi.org/10.3390/axioms10020116

Chicago/Turabian Style

Bufalo, Michele, Daniele Bufalo, and Giuseppe Orlando. 2021. "A Note on the Computation of the Modular Inverse for Cryptography" Axioms 10, no. 2: 116. https://doi.org/10.3390/axioms10020116

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.