Next Article in Journal
Online Multiscale Finite Element Simulation of Thermo-Mechanical Model with Phase Change
Previous Article in Journal
The Multi-Maximum and Quasi-Maximum Common Subgraph Problem
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Some Properties of the Computation of the Modular Inverse with Applications in Cryptography

1
Department of Methods and Models for Economics, Territory and Finance, Università degli Studi di Roma “La Sapienza”, Via del Castro Laurenziano 9, 00185 Rome, Italy
2
Department of Informatics, Università degli Studi di Bari Aldo Moro, Via Orabona 4, 70125 Bari, Italy
3
Department of Mathematics, Università degli Studi di Bari Aldo Moro, Via Orabona 4, 70125 Bari, Italy
4
Department of Economics, HSE University, Soyuza Pechatnikov Street 16, 190121 St. Petersburg, Russia
*
Author to whom correspondence should be addressed.
Computation 2023, 11(4), 70; https://doi.org/10.3390/computation11040070
Submission received: 10 February 2023 / Revised: 21 March 2023 / Accepted: 21 March 2023 / Published: 27 March 2023
(This article belongs to the Section Computational Engineering)

Abstract

:
In the field of cryptography, many algorithms rely on the computation of modular multiplicative inverses to ensure the security of their systems. In this study, we build upon our previous research by introducing a novel sequence, ( z j ) j 0 , that can calculate the modular inverse of a given pair of integers ( a , n ) , i.e., a 1 ; m o d , n . The computational complexity of this approach is O ( a ) , which is more efficient than the traditional Euler’s phi function method, O ( n , ln , n ) . Furthermore, we investigate the properties of the sequence ( z j ) j 0 and demonstrate that all solutions of the problem belong to a specific set, I , that only contains the minimum values of ( z j ) j 0 . This results in a reduction of the computational complexity of our method, especially when a n and it also opens new opportunities for discovering closed-form solutions for the modular inverse.

1. Introduction

The modulo operation is a mathematical function that calculates the remainder of the division between two numbers, the dividend and the modulus. It is expressed as a mod n , where a and n are two positive numbers. This operation uses the Euclidean division method to find the remainder of dividing the dividend a by the divisor n.
The modular multiplicative inverse of an integer a is a number x such that a x is congruent to 1 modulo n, or in mathematical terms, a x 1 ( mod n ) . This means that the product of a and x gives a result that is equivalent to 1 when taken modulo n.
Modulo n forms an equivalence relation. The set of all integers equivalent to a modulo n, denoted by a ¯ n , is the set { , a 2 n , a n , a , a + n , a + 2 n , } . This set is known as the congruence class or residue class of the integer a modulo n.
If an integer a has a modular multiplicative inverse modulo n, there are an infinite number of solutions that are equivalent to a with respect to the modulus n. Additionally, for any integer that is congruent to a modulo n, any element from the congruence class of x can serve as a modular multiplicative inverse. This can be represented as the multiplication of congruence classes modulo n, denoted by the symbol · n , where the modular multiplicative inverse of the congruence class a ¯ is the congruence class x ¯ such that a ¯ · n x ¯ = 1 ¯ .
The multiplication of congruence classes modulo n, represented by the symbol · n , is analogous to the concept of a multiplicative inverse in the set of real numbers. However, in this case, the numbers are replaced by congruence classes. This operation is used to solve linear congruences, such as Equation (1), where the goal is to find a solution for x that satisfies the equation and is equivalent to b modulo n:
a x b ( mod n ) , .
In the field of public-key cryptography, solving Equation (1) is crucial in the RSA algorithm [1], which employs two large prime numbers that are modular multiplicative inverses with respect to a specific modulus to perform secure encryption and decryption operations. Many cryptographic algorithms, such as RSA, ElGamal, and NTRU, heavily rely on the use of modular multiplicative inverses in their calculations. Examples of this can be found in references such as Crandall [2], Rivest [3], Verkhovsky [4,5], ElGamal [6], Rabin [7], and Hoffstein [8]. Additionally, in recent times, Boolean functions have gained attention due to their useful properties in cryptography, specifically regarding “nonlinearity, propagation criterion, resiliency, and balance” [9].
In our previous study [10,11], we examined a particular sequence ( z j ) j 0 and its ability to determine the modular inverse for a given pair of integers ( a , n ) , or a 1 ; m o d , n . We found that the complexity of this search was O ( a ) , which is less than the classic Euler’s phi function method at O ( n , ln , n ) . Additionally, we delved deeper into the properties of this sequence and discovered that all possible solutions of the problem belong to a set called I , which only contains the minima of ( z j ) j 0 . This realization reduces the complexity of the algorithm, particularly when a n , and opens the possibility of finding a closed formula for the modular inverse.
In this paper, we present a particular sequence ( z j ) j 0 able to determine the modular inverse for a given pair of integers ( a , n ) , i.e., a 1 m o d n . The complexity required for this search is O ( a ) , which is less than O ( n ln n ) of the classic Euler’s phi function method. Moreover, we investigate more properties of such a sequence ( z j ) j 0 , concluding that all the possible solutions of the problem belong to a proper set, named I , which contains only the minima of ( z j ) j 0 . This result reduces the complexity of our algorithm, especially when a n , and opens the way to the calculation of a possible closed formula for the modular inverse. Last but not least, we compare the complexity of our method with that of the post-quantum encryption (PQC) algorithm.
This research is structured as follows. Section 2 briefly reports the literature with a particular mention of post-quantum cryptography. In Section 3, the different methods for computing the modulus are discussed. Section 4 explores different expressions of β j that can help in comprehending the behavior of the sequence ( z j ) j 0 and in identifying the optimal approach for determining the critical index i. Section 5 discusses the results with particular attention to the sequence ( z j ) j 0 and its properties. It then provides a comparison between the complexity of our algorithm and that of the PQC method. Finally, Section 6 summarizes the research and hints at future developments.

2. Literature

When it was first introduced, RSA was considered to be a highly effective algorithm due to the lack of key exchange in the encryption and decryption process. However, the security of RSA relies heavily on the difficulty of factoring large numbers, a problem that is known to be NP-complete [12]. As technology progressed and computer speed increased, RSA keys began to be broken more frequently. To counteract this, developers have increased the length of the encryption key to ensure the continued security and privacy of systems protected by RSA. There have been other alternative solutions suggested to improve security in RSA cryptography. Some of these include the use of multiple public and private keys (Mezher et al. [13]), an enhanced version of RSA (ESRPKC) that incorporates the Chinese remainder theorem (Kumar et al. [14]), the use of random numbers and their modular multiplicative inverse (Islam et al. [15]), and an optimization algorithm (Cuckoo Search Optimization or CSA) to maintain data integrity in the cloud (Raja et al. [16]). A comprehensive overview of these methods can be found in the study by Mumtaz et al. [17]. In addition, the literature has proposed many solutions for specific needs such as lightweight algorithms suitable for use on resource-constrained nodes in sensitive applications (Bayat-Sarmadi et al. [18]).
Fault attacks are a type of attack on cryptographic algorithms that take advantage of malicious or unintentional errors introduced during their computation. The concept of Differential Cryptanalysis [19], combined with the pioneering work of Boneh, DeMillo, and Lipton [20,21], has given rise to the field of Differential Fault Attacks (DFA). DFA has revealed that many ciphers can be compromised if the errors can be manipulated in a specific manner. The DFA attack has shown that several ciphers can be compromised if the faults can be suitably controlled, and it is not limited to old ciphers but can be a powerful attack vector even for modern ciphers such as the Advanced Encryption Standard (AES). For a review, see Ali et al. [22]. Finally, on fault-detection methods capable of detecting random faults in the cipher implementation and, at the same time, against intelligent fault attacks, see Dofe et al. [23].
With the advent of post-quantum cryptography, post-quantum cryptography (PQC) will replace ECC/RSA so that every security application from smartphones to blockchains will be affected. However, there are still some issues to solve. For example, the SIKE protocol is a post-quantum candidate for cryptography that is considered to be the best alternative to curve-based cryptography. Nevertheless, its long latency is a drawback, since the serial large-degree isogeny computation, which is dominated by modular multiplications, can make it less competitive compared to other popular post-quantum candidates. A possible solution has been recently suggested by Tian et al. [24] who described an optimized SIKE algorithm, with a focus on achieving high speed and low latency. Furthermore, the rise of quantum computing has driven researchers to develop new security systems that can withstand future attacks. These post-quantum cryptographic approaches include hash-based, code-based, lattice-based, multivariate-quadratic-equations, and secret-key cryptography. They are all potential candidates because they are thought to be resistant to both classical and quantum computers, and applying Shor’s algorithm [25], the quantum-computer discrete-logarithm algorithm that can break classical schemes, is believed to be infeasible. Mozaffari-Kermani [26] proposed a method for constructing reliable and error-detection hash trees for stateless hash-based signatures. Such signatures are considered one of the leading post-quantum cryptographic schemes, as they offer security proofs that are based on plausible properties of the underlying hash function.
CRYSTALS-Kyber is a significant public-key encryption and key encapsulation mechanism, as it has been chosen by NIST for standardization and recommended for national security systems by the NSA. Therefore its implementations need to be evaluated for their resistance to side-channel attacks. Dubrova et al. [27] introduced a neural network recursive learning for training to attack ω -order masked implementations of CRYSTALS-Kyber in ARM Cortex-M4 CPU for message recovery. Last but not least, CRYSTALS-Dilithium has been selected by NIST as the new primary standard for quantum-safe digital signatures, and it has a constant-time implementation with consideration for side-channel resilience. For a profiling side-channel attack on the signature scheme CRYSTALS-Dilithium see Berzati et al. [28].

3. Preliminary Results

As is well known, there exists a unique (closed) formula in the literature for the computation of the modular inverse, which is related to Euler’s phi function
Φ ( n ) = n p j | n 1 1 p j ,
i.e.,
a 1 = a Φ ( n ) 1 .
Equation (2) derives directly from Fermat’s little theorem, and its computation has complexity O ( n ln n ) . This is because Euler’s phi function is related to the prime factorization with complexity O ( n ln n ) . For a further comparison with other classic methods (and their complexities) about the modular inverse see ([10], Section 2) and Table 1.
Algorithm1. Pseudocode of the algorithm for solving (10).
        1. Initialize j = 0 , z 0 = 0 ;
        2. while  z j 1
        3. set z j = a j m a 1 a + 1 j n and j = j + 1 ;
        4. end
        5. set i = j 1 and a 1 = a i m a 1 a + 1 .
We will begin by reviewing the important findings from a previous study by Bufalo et al. [10,11], as well as other relevant information that will be useful for our analysis. For the sake of notation, given x Q , we denote by x the floor integer part of x, and by { x } the fractional one, i.e., { x } = x x . We will also be using a sequence called ( z j ) j 0 in our calculations for finding the modular inverse.
Definition 1.
Let a , n be two integers with 0 < a < n and GCD ( a , n ) = 1 . Define the sequence ( z j ) j 0 recursively by the equation
z j = z j 1 + a β j n ( j 1 ) , z 0 = 0
with
β 1 = M β j = n z j 1 a + 1 j 2 ,
where M is the ceiling part of m : = n / a .
The explicit representation of ( z j ) j 0 can be found in the next proposition.
Proposition 1.
The solution of the difference Equation (3) is given by
z j = a h = 1 j β h j n .
Proof. 
For the proof, see ([10], Proposition 1).   □
Special care is deserved to the meaning and the mathematical form assumed by β j ’s, which allow giving other equivalent expressions of ( z j ) j 0 .
Proposition 2.
The sequence ( β j ) j 1 introduced in (4) may be written as
β j = j m ( j 1 ) m .
As a consequence, for any j 1 , we obtain
(i) 
h = 1 j β h = j m + 1 ;
(ii) 
z j = a j m + 1 j n .
Proof. 
For the proof, see ([10], Proposition 2 and Corollary 1).    □
The above results imply the next fundamental theorem.
Theorem 1.
Let a , n be two integers with 0 < a < n and GCD ( a , n ) = 1 . If ( z j ) j 0 is the sequence of Equation (3), define the "critical" index i 1 such that z i = 1 . Then the inverse of a modulo n is given by
a 1 = i m + 1 .
Proof. 
See ([10], Theorem 1).    □
To illustrate the significance of Theorem 1, we will mention a related result.
Proposition 3.
The sequence ( z j ) j 1 is periodic of period a.
Proof. 
See ([10], Proposition 3).    □
It is immediately clear that the unique limitation of Theorem 1 is the determination of such critical index i, which can be found by solving the following equation
a i m + 1 i n = 1 .
Although Equation (10) is nonlinear, one observes that i m = i m { i m } , where { i m } = a 1 a (see [10], Proposition 4). The knowledge of { i m } jointly with the periodicity information provided by Proposition 3 suggests solving the modular problem (10) by the code detailed in Algorithm 1.
Observe that the complexity of the above algorithm is O ( a ) . Hence, this procedure is more convenient when a < < n (e.g., a < ln n ). Notice that, even in the worst case a n (i.e., complexity O ( n ) ), the algorithm of Table 1 and the resolving formula (9) is still better compared to the Euler’s phi formula (2), which has complexity O ( n ln n ) . Additionally, Section 5 delves further into the advantages of the algorithm when a n .
At this point, we present some new properties of ( z j ) j 0 which will be helpful in the next sections. In particular, we denote be A the set [ 0 , a ] N .
Proposition 4.
Let ( z j ) j 0 be the sequence defined in Equation (3), then
(i) 
for any j A , it holds z j [ 0 , n ] N .
(ii) 
for any two different integers j 1 , j 2 in A , one has
z j 1 z j 2 .
Proof. 
First of all, observe that Equation (8) may be rewritten as
z j = a ( 1 { j m } ) .
(i)
By Definition 1 it is clear that ( z j ) j 0 N and its (absolute) minimum is given by 0. Moreover, Equation (11) implies that ( z j ) j 0 is positive since ( 1 { j m } ) > 0 .
(ii)
Without loss of generality, set j 2 = j 1 + k ( k < a ). Observe that z j 1 = z j 2 if and only if { j 1 m } = { j 2 m } , which is equivalent to say that j 2 m = j 1 m + 1 (if j 1 < j 2 ), or, equivalently ( j 2 j 1 ) n = a , and this is true only if ( j 2 j 1 ) = 1 m Q , which is absurd.
   □

4. New Results about β j

In this section, we will study various equivalent formulations of β j to gain insight into the properties of the sequence ( z j ) j 0 and to determine the best way to calculate the critical index i.
Proposition 5.
The coefficient β 2 defined in Equation (4) is given by
β 2 = M 1 if { m } < 0.5 M if { m } > 0.5 .
Proof. 
It is clear that
2 { m } < 1 if { m } < 0.5 > 1 if { m } > 0.5 ;
so, one has
2 m = 2 m + 2 { m } = 2 m if { m } < 0.5 2 m + 1 if { m } > 0.5 ,
which gives the assertion, being M = m + 1 .    □
Now, let us introduce the new quantity ( M j ) j 1 , as follows.
Definition 2.
Let a , n be two positive integers a , n . For any j N * define
D j , k : = { α N * | q | ( j n k ) , k N * } ,
and
M j : = k = 1 n 1 1 D j , k ( a )
which denotes the amount of multipliers of a in [ ( j 1 ) n + 1 , j n ] .
Lemma 1.
Given two positive integers p , q , it holds
p q p 1 q = 1 if q | p 0 otherwise .
Proposition 6.
For any j N * , j 2 , the coefficients β j defined in Equation (4), may be rewritten as
β j = M j ,
where M j is defined by Equation (13).
Proof. 
By virtue of Proposition 2, we have
β j = j m ( j 1 ) m ( j 2 ) .
In particular, it is easy to see that
j m ( j 1 ) m = k = 0 n 1 j n k a j n k 1 a
where
j n k a j n k 1 a = 1 if a | ( j n k ) 0 otherwise ,
due to Lemma 1, for any k. Therefore, with refer to Definition 2, we may write
j m ( j 1 ) m = k = 1 n 1 𝟙 D j , k ( a ) ,
that is β j = M j .    □
Proposition 7.
Consider two positive integers a , n , with G C D ( a , n ) = 1 and let m = n / a . Fixed j [ 2 , a ] N , let M j be the quantity defined by Definition 2.
(i) 
If { m } < 0.5 and h { m } a   ( h N * ) , then
M j = m if j h 1 { m } + 1 , h { m } + 1 N m + 1 if j = h { m } + 1 ( h N * ) .
In particular, if there exists h ¯ N * such that h ¯ { m } = a , then
M j = m if j h ¯ 1 { m } + 1 , a N m + 1 if j = a .
(ii) 
If { m } > 0.5 and h 1 { m } a   ( h N * ) , then
M j = m + 1 if j h 1 1 { m } + 1 , h 1 { m } + 1 N m if j = h 1 { m } + 1 ( h N * ) .
In particular, if there exists h ¯ N * such that h ¯ 1 { m } = a , then
M j = m + 1 if j h ¯ 1 1 { m } + 1 , a N m if j = a .
Proof. 
It is clear that M j { m , m + 1 } , for any j N * . We prove Formulas (14) and (15) by induction on h.
(i)
If { m } < 0.5 , Propositions 5 and 6 yield that M 2 = m . Let us compute the smallest integer j  ( j > 2 ) such that M j = m + 1 . This is equivalent to solving the following equation:
j m = j m + 1 ,
which may be rewritten as
j { m } = 1 ,
being j m = j m + j { m } . The latter equation holds if
1 j { m } < 2 ,
therefore, the smallest integer j solving Equation (16) is given by 1 { m } + 1 . This prove Formula (14) for h = 1 .
Now, assume that Formula (14) holds for h 1 . Since M h 1 { m } + 2 = m , we want to compute the smallest integer j  j > h 1 { m } such that M j = m + 1 , that is equivalent to solve   
j m = j m + h ,
or, equivalently,
j { m } = h .
Hence, the smallest integer j solving Equation (17) is given by h { m } + 1 .
In particular, if there exists h ¯ N * such that h ¯ { m } = a , then the smallest integer j  j > h ¯ 1 { m } solving
j { m } = h ¯ ,
or, equivalently,
h ¯ j { m } < h ¯ + 1 ,
is given by a (being h ¯ / { m } N * ).
(ii)
The assertion comes arguing similarly to the case ( i ). More specifically, here, Equation (17) is replaced by
j m = j m + 1 h ,
which is equivalent to
j ( 1 { m } ) = h ,
and the smallest integer j solving Equation (18) is given by h 1 { m } + 1 .
   □

5. Empirical Findings and Discussion

Fixed h A , an interesting development inspired by Proposition 7 concerns the rule of the indices h { m } when { m } < 0.5 , or h 1 { m } when { m } > 0.5 . In particular, as highlighted from Theorem 2, one has that
The sequence ( z j ) j 0 admits local minimum at h { m } if { m } < 0.5 , or h 1 { m } if { m } > 0.5 .
The critical index i coincides with one of such indices.
This result is confirmed by computational experiments, as one can see from Figure 1. For a better understanding of the figure, as explained in ([10], Example 4), the blue line represents the series z j for a = 91 , n = 131 , starting from j = 1 and with a fixed (large) integer j = 200 . The red line represents the periodic part of z j , which arises from the critical index i = 25 and ( i + a ) = 116 (highlighted by the red circles). In this example, m = 0.4396 < 0.5 , so all the minima are of type h m , which are 2, 4, 6, 9, 11, 13, 15, 18, 20, 22, 25, and obviously, 25 is one of them. We will refer to the previous set as I . It is worth noting that the 11th index of I corresponds to the critical index i = 25 , such that z 25 = 1 . Figure 2 shows the set I for h 30 .
Theorem 2.
The critical index i belongs to the set
I = { h { m } h A if { m } < 0.5 , { h 1 { m } h A if { m } > 0.5 ,
Proof. 
It is clear that the critical index i has to be a local minimum of the sequence ( z j ) j 0 that assumes only integer values and has 0 as an absolute minimum (see Proposition 4). Hence, it remains to prove that I is the set of the local minimum of ( z j ) j 0 . Let us consider just the case { m } < 0.5 for simplicity (the other one is analogous). It is easy to see, from Proposition 7, that
z h { m } + 1 z h { m } = a β h { m } + 1 n = a ( m + 1 ) n > 0 ,
and
z h { m } z h { m } 1 = a β h { m } n = a ( m ) n < 0 ,
for any h A , and this concludes the proof.    □
In light of the above results, Algorithm 2 can be rewritten as follows.
Algorithm2. Pseudocode of the optimized algorithm solving (10).
        1. Initialize h , j = 0 ; z 0 = 0 ; m = n / a ;
        2. while  z j 1
        3. if  { m } < 0.5
        4. set j = h { m } ;
        5. else
        6. set j = h 1 { m } ;
        7. end
        8. set z j = a j m a 1 a + 1 j n and h = h + 1 ;
        9. end
        10. set i = j 1 and a 1 = a i m a 1 a + 1 .
Moreover, what is observed from an empirical point of view is that:
The sequences of the minimum of ( z j ) j 0 oscillates till j = i (see Figure 2);
The relative minimum defined in (19) belongs to the bundle of parallel straight lines (see Figure 3)
F = { y = z h + 1 { m } z h { m } h + 1 { m } h { m } x + h { m } + k k [ 0 , n ] N ( h A )
In particular, each line contains 1 1 { m } 1 { m } or 1 1 { m } 1 { m } + 1 minima.
Remark 1.
We end with a note about the complexity of our algorithm. In the spirit of Theorem 2, if we restrict the searching of the critical index i to the set I , also the complexity of the algorithm is reduced by a factor 1 { m } , i.e., from O ( a ) to O a 1 { m } . As explained in Section 3, the complexity O ( a ) is very good with respect to the literature, especially when a < < n . However, even when a n , the complexity O a 1 { m } sounds well. Indeed, in the extreme case a = n 1 , one has m = 1 + 1 n and 1 { m } a approaches to 1 for large n. In other words, when a tends to n, one has that the complexity reduction tends to 100%, so that the resulting complexity is a constant, i.e., O ( 1 ) .
In the non-trivial case where a = n 2 , a complexity reduction of approximately 50% is observed. For example, if a = 327 and n = 329 , then 1 { m } = 163 and 163 127 = 0.4985 . In particular, in such case, the critical index i is just 1 { m } .
Therefore, we can conclude that our algorithm runs very well when a < < n or a n , while the worst case is the middle one, i.e., a n 2 .

Post-Quantum Cryptography (PQC)

As is well known, the National Institute of Standards and Technology (NIST) has launched a program and competition to standardize one or more post-quantum cryptography (PQC) algorithms to fight against quantum attacks. In recent work, Huang [29] has conducted an early mathematical analysis of lattice-based and polynomial-based PQC. Such analysis can help businesses and organizations leverage NIST-selected PQC algorithms to safeguard their digital services from quantum attacks. In particular, the brute force failure probability for polynomial or multivariate PQC is calculated using Yitang Zhang’s Landau-Siegel zero bound according to [30].
In Figure 4 we compare the complexity of our optimized algorithm (see Algorithm 2) with those of coming from the post-quantum cryptography (PQC) architecture which was estimated by Huang [29] in Matlab. More specifically, Figure 4 represents the logarithm of complexity needed to encrypt/decrypt a message with a public/private key (modulus n). As shown, our proposed algorithm, in the best case, is better than the PCQ up to n = 3000 .

6. Conclusions

This research builds upon previous work [10,11] where we introduced the concept of the modulo operation and discussed the standard methods for determining the inverse modulo n.
In the above-mentioned research, we determined that to find a closed-form solution for the equation in Equation (10), it was necessary to study the properties of the sequence ( z j ) j 0 . In this article, we expand on our previous aforementioned research by introducing a new sequence, ( z j ) j 0 , which can efficiently calculate the modular inverse of a given pair of integers ( a , n ) , i.e., a 1 mod n , particularly in the non-trivial case a = n 2 . This new method has a computational complexity of O ( a ) , which is more efficient than the traditional Euler’s phi function method, which has a computational complexity of O ( n ln n ) . Additionally, we examine the properties of the sequence ( z j ) j 0 and demonstrate that all solutions to the problem belong to a specific set, I , that only contains the minimum values of ( z j ) j 0 . This leads to a reduction in the computational complexity of our method, especially when a n , and also opens up new possibilities for finding closed-form solutions for the modular inverse.
Future studies will focus on the characteristics of the minimum sequences to understand the emergence of the critical index i, and to find a closed formula for the modular inverse.

Author Contributions

Conceptualization, M.B.; methodology, M.B. and D.B.; software, D.B.; validation, G.O., M.B. and D.B.; formal analysis, M.B. and D.B.; investigation, G.O., M.B. and D.B.; resources, M.B. and D.B.; data curation, M.B. and D.B.; writing—original draft preparation, M.B.; writing—review and editing, G.O. and M.B.; visualization, G.O. and M.B.; supervision, G.O. and M.B.; project administration, G.O. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

Data are available on request from the corresponding author.

Acknowledgments

G.O. and M.B. are members of GNAMPA and INdAM research groups.

Conflicts of Interest

The authors declare no conflict of interest.

References

  1. Rivest, R.L.; Shamir, A.; Adleman, L.M. Cryptographic Communications System and Method. US Patent 4,405,829, 20 September 1983. [Google Scholar]
  2. Crandall, R.; Pomerance, C.B. Prime Numbers: A Computational Perspective; Springer Science & Business Media: Berlin/Heidelberg, Germany, 2006; Volume 182. [Google Scholar]
  3. Rivest, R.L.; Shamir, A.; Adleman, L. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 1978, 21, 120–126. [Google Scholar] [CrossRef] [Green Version]
  4. Verkhovsky, B. Overpass-Crossing Scheme for Digital Signature. In Proceedings of the International Conference on System Research, Informatics and Cybernetics, Baden-Baden, Germany, 22–25 July 2001; Volume 30. [Google Scholar]
  5. Verkhovsky, B. Enhanced Euclid Algorithm for Modular Multiplicative Inverse and Its Application in Cryptographic Protocols. IJCNS 2010, 3, 901–906. [Google Scholar] [CrossRef]
  6. ElGamal, T. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 1985, 31, 469–472. [Google Scholar] [CrossRef]
  7. Rabin, M.O. Digitalized Signatures and Public-Key Functions as Intractable as Factorization; Technical Report; Massachusetts Institute of Technology Cambridge Lab for Computer Science: Cambridge, MA, USA, 1979. [Google Scholar]
  8. Hoffstein, J.; Pipher, J.; Silverman, J.H.; Silverman, J.H. An Introduction to Mathematical Cryptography; Springer: Berlin/Heidelberg, Germany, 2008; Volume 1. [Google Scholar]
  9. Sosa-Gómez, G.; Paez-Osuna, O.; Rojas, O.; Madarro-Capó, E.J. A New Family of Boolean Functions with Good Cryptographic Properties. Axioms 2021, 10, 42. [Google Scholar] [CrossRef]
  10. Bufalo, M.; Bufalo, D.; Orlando, G. A Note on the Computation of the Modular Inverse for Cryptography. Axioms 2021, 10, 116. [Google Scholar] [CrossRef]
  11. Bufalo, D.; Bufalo, M.; Orlando, G.; Tetta, R. A new algorithm to find prime numbers with less memory requirements. J. Discret. Math. Sci. Cryptogr. 2023; in press. [Google Scholar] [CrossRef]
  12. Somani, U.; Lakhani, K.; Mundra, M. Implementing digital signature with RSA encryption algorithm to enhance the Data Security of cloud in Cloud Computing. In Proceedings of the 2010 First International Conference on Parallel, Distributed and Grid Computing (PDGC 2010), Solan, India, 28–30 October 2010; pp. 211–216. [Google Scholar]
  13. Mezher, A.E. Enhanced RSA cryptosystem based on multiplicity of public and private keys. Int. J. Electr. Comput. Eng. 2018, 8, 3949. [Google Scholar] [CrossRef] [Green Version]
  14. Kumar, V.; Kumar, R.; Pandey, S. An enhanced and secured RSA public key cryptosystem algorithm using Chinese remainder theorem. In Proceedings of the International Conference on Next Generation Computing Technologies, Dehradun, India, 30–31 October 2017; pp. 543–554. [Google Scholar]
  15. Islam, M.A.; Islam, M.A.; Islam, N.; Shabnam, B. A modified and secured RSA public key cryptosystem based on “n” prime numbers. J. Comput. Commun. 2018, 6, 78. [Google Scholar] [CrossRef] [Green Version]
  16. Raja shree, S.; Chilambu Chelvan, A.; Rajesh, M. An efficient RSA cryptosystem by applying cuckoo search optimization algorithm. Concurr. Comput. Pract. Exp. 2019, 31, e4845. [Google Scholar] [CrossRef]
  17. Mumtaz, M.; Ping, L. Forty years of attacks on the RSA cryptosystem: A brief survey. J. Discret. Math. Sci. Cryptogr. 2019, 22, 9–29. [Google Scholar] [CrossRef]
  18. Bayat-Sarmadi, S.; Kermani, M.M.; Azarderakhsh, R.; Lee, C.Y. Dual-Basis Superserial Multipliers for Secure Applications and Lightweight Cryptographic Architectures. IEEE Trans. Circuits Syst. II Express Briefs 2013, 61, 125–129. [Google Scholar] [CrossRef]
  19. Biham, E.; Shamir, A. Differential fault analysis of secret key cryptosystems. In Advances in Cryptology—CRYPTO ’97; Springer: Berlin, Germany, 2006; pp. 513–525. [Google Scholar] [CrossRef] [Green Version]
  20. Boneh, D.; DeMillo, R.A.; Lipton, R.J. On the Importance of Eliminating Errors in Cryptographic Computations. J. Cryptol. 2001, 14, 101–119. [Google Scholar] [CrossRef]
  21. Boneh, D.; DeMillo, R.A.; Lipton, R.J. On the Importance of Checking Cryptographic Protocols for Faults. In Advances in Cryptology—EUROCRYPT ’97; Springer: Berlin, Germany, 2001; pp. 37–51. [Google Scholar] [CrossRef] [Green Version]
  22. Ali, S.; Guo, X.; Karri, R.; Mukhopadhyay, D. Fault Attacks on AES and Their Countermeasures. In Secure System Design and Trustable Computing; Springer: Cham, Switzerland, 2016; pp. 163–208. [Google Scholar] [CrossRef]
  23. Dofe, J.; Frey, J.; Pahlevanzadeh, H.; Yu, Q. Strengthening SIMON Implementation Against Intelligent Fault Attacks. IEEE Embed. Syst. Lett. 2015, 7, 113–116. [Google Scholar] [CrossRef]
  24. Tian, J.; Wu, B.; Wang, Z. High-Speed FPGA Implementation of SIKE Based on an Ultra-Low-Latency Modular Multiplier. IEEE Trans. Circuits Syst. I Regul. Pap. 2021, 68, 3719–3731. [Google Scholar] [CrossRef]
  25. LaPierre, R. Shor Algorithm. In Introduction to Quantum Computing; Springer: Cham, Switzerland, 2021; pp. 177–192. [Google Scholar] [CrossRef]
  26. Mozaffari-Kermani, M.; Azarderakhsh, R. Reliable hash trees for post-quantum stateless cryptographic hash-based signatures. In Proceedings of the 2015 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFTS), Amherst, MA, USA, 12–14 October 2015; pp. 103–108. [Google Scholar] [CrossRef]
  27. Dubrova, E.; Ngo, K.; Gärtner, J. Breaking a Fifth-Order Masked Implementation of CRYSTALS-Kyber by Copy-Paste. Cryptology ePrint Archive. 2022. Available online: https://eprint.iacr.org/2022/1713 (accessed on 20 March 2023).
  28. Berzati, A.; Viera, A.C.; Chartouni, M.; Madec, S.; Vergnaud, D.; Vigilant, D. A Practical Template Attack on CRYSTALS-Dilithium. Cryptology ePrint Archive. 2023. Available online: https://eprint.iacr.org/2023/050 (accessed on 20 March 2023).
  29. Steed, H. Integer-Complexity-Bound-of-Post-Quantum-Cryptography. 2023. Available online: https://github.com/steedhuang/Integer-Complexity-Bound-of-Post-Quantum-Cryptography (accessed on 20 January 2023).
  30. Zhang, Y. Discrete mean estimates and the Landau-Siegel zero. arXiv 2022, arXiv:2211.02515. [Google Scholar]
Figure 1. The sequence ( z j ) 1 j 200 for the case where a = 91 and n = 131 . The red line highlights the entire sequence between two consecutive unitary values of z i (represented by red circles).
Figure 1. The sequence ( z j ) 1 j 200 for the case where a = 91 and n = 131 . The red line highlights the entire sequence between two consecutive unitary values of z i (represented by red circles).
Computation 11 00070 g001
Figure 2. Set I representing the minima of ( z j ) j 0 when a = 91 and n = 131 .
Figure 2. Set I representing the minima of ( z j ) j 0 when a = 91 and n = 131 .
Computation 11 00070 g002
Figure 3. Set F representing the bundle of parallel straight lines passing related to the minima of ( z j ) j 0 (when a = 91 and n = 131 ), for different values of k.
Figure 3. Set F representing the bundle of parallel straight lines passing related to the minima of ( z j ) j 0 (when a = 91 and n = 131 ), for different values of k.
Computation 11 00070 g003
Figure 4. Logarithm of complexity O ( · ) comparison between our algorithm in both a possible worst and better case (i.e., a = 0.001 n and a = 0.999 n , respectively–black dotted lines), the extended Euclidean algorithm (red line) and the post-quantum cryptography (PQC) algorithm (blue line).
Figure 4. Logarithm of complexity O ( · ) comparison between our algorithm in both a possible worst and better case (i.e., a = 0.001 n and a = 0.999 n , respectively–black dotted lines), the extended Euclidean algorithm (red line) and the post-quantum cryptography (PQC) algorithm (blue line).
Computation 11 00070 g004
Table 1. Complexity comparison between the naive method (i.e., recursive multiplications), Euler’s phi function, extended Euclidean algorithm, and the suggested approach described by the pseudocode Algorithm 1.
Table 1. Complexity comparison between the naive method (i.e., recursive multiplications), Euler’s phi function, extended Euclidean algorithm, and the suggested approach described by the pseudocode Algorithm 1.
MethodNaiveEuler’s phi Func.Ext. Euclidean Algo.Sugg. Algo.
Complexity O ( n ) O ( n ln n ) O ( ln n ) O ( a )
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Bufalo, M.; Bufalo, D.; Orlando, G. Some Properties of the Computation of the Modular Inverse with Applications in Cryptography. Computation 2023, 11, 70. https://doi.org/10.3390/computation11040070

AMA Style

Bufalo M, Bufalo D, Orlando G. Some Properties of the Computation of the Modular Inverse with Applications in Cryptography. Computation. 2023; 11(4):70. https://doi.org/10.3390/computation11040070

Chicago/Turabian Style

Bufalo, Michele, Daniele Bufalo, and Giuseppe Orlando. 2023. "Some Properties of the Computation of the Modular Inverse with Applications in Cryptography" Computation 11, no. 4: 70. https://doi.org/10.3390/computation11040070

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop