In mathematics, particularly in the area of arithmetic, a modular multiplicative inverse of an integer is an integer such that the product is congruent to 1 with respect to the modulus .[1] In the standard notation of modular arithmetic this congruence is written as
ax\equiv1\pmod{m},
\overline{w}
\overline{a}
\overline{x}
\overline{a} ⋅ m\overline{x}=\overline{1},
⋅ m
As with the analogous operation on the real numbers, a fundamental use of this operation is in solving, when possible, linear congruences of the form
ax\equivb\pmod{m}.
See main article: Modular arithmetic. For a given positive integer, two integers, and, are said to be congruent modulo if divides their difference. This binary relation is denoted by,
a\equivb\pmod{m}.
Z
\overline{a}
\overline{a}=\{b\inZ\mida\equivb\pmod{m}\}.
ax\equivb\pmod{m}.
\overline{x}
If is the greatest common divisor of and then the linear congruence has solutions if and only if divides . If divides, then there are exactly solutions.
A modular multiplicative inverse of an integer with respect to the modulus is a solution of the linear congruence
ax\equiv1\pmod{m}.
ab\equivab'\equiv1\pmod{m},
a(b-b')\equiv0\pmod{m}.
When has a solution it is often denoted in this way −
x\equiva-1\pmod{m},
a
\overline{a}
The congruence relation, modulo, partitions the set of integers into congruence classes. Operations of addition and multiplication can be defined on these objects in the following way: To either add or multiply two congruence classes, first pick a representative (in any way) from each class, then perform the usual operation for integers on the two representatives and finally take the congruence class that the result of the integer operation lies in as the result of the operation on the congruence classes. In symbols, with
+m
⋅ m
\overline{a}+m\overline{b}=\overline{a+b}
\overline{a} ⋅ m\overline{b}=\overline{ab}.
The congruence classes with these two defined operations form a ring, called the ring of integers modulo . There are several notations used for these algebraic objects, most often
Z/mZ
Z/m
Zm
The congruence classes of the integers modulo were traditionally known as residue classes modulo m, reflecting the fact that all the elements of a congruence class have the same remainder (i.e., "residue") upon being divided by . Any set of integers selected so that each comes from a different congruence class modulo m is called a complete system of residues modulo . The division algorithm shows that the set of integers, form a complete system of residues modulo, known as the least residue system modulo . In working with arithmetic problems it is sometimes more convenient to work with a complete system of residues and use the language of congruences while at other times the point of view of the congruence classes of the ring
Z/mZ
See main article: Multiplicative group of integers modulo n. Not every element of a complete residue system modulo has a modular multiplicative inverse, for instance, zero never does. After removing the elements of a complete residue system that are not relatively prime to, what is left is called a reduced residue system, all of whose elements have modular multiplicative inverses. The number of elements in a reduced residue system is
\phi(m)
\phi
In a general ring with unity not every element has a multiplicative inverse and those that do are called units. As the product of two units is a unit, the units of a ring form a group, the group of units of the ring and often denoted by if is the name of the ring. The group of units of the ring of integers modulo is called the multiplicative group of integers modulo , and it is isomorphic to a reduced residue system. In particular, it has order (size),
\phi(m)
In the case that is a prime, say, then
\phi(p)=p-1
Z/pZ
Z/pZ
For any integer
n>1
n2-n+1
n+1
n2
(n+1)(n2-n+1)=n3+1
3 x 3\equiv1\pmod{4}
4 x 7\equiv1\pmod{9}
5 x 13\equiv1\pmod{16}
The following example uses the modulus 10: Two integers are congruent mod 10 if and only if their difference is divisible by 10, for instance
32\equiv2\pmod{10}
111\equiv1\pmod{10}
Some of the ten congruence classes with respect to this modulus are:
\overline{0}=\{ … ,-20,-10,0,10,20, … \}
\overline{1}=\{ … ,-19,-9,1,11,21, … \}
\overline{5}=\{ … ,-15,-5,5,15,25, … \}
\overline{9}=\{ … ,-11,-1,9,19,29, … \}.
The linear congruence has no solutions since the integers that are congruent to 5 (i.e., those in
\overline{5}
Since, the linear congruence will have solutions, that is, modular multiplicative inverses of 3 modulo 10 will exist. In fact, 7 satisfies this congruence (i.e., 21 − 1 = 20). However, other integers also satisfy the congruence, for instance 17 and −3 (i.e., 3(17) − 1 = 50 and 3(−3) − 1 = −10). In particular, every integer in
\overline{7}
3(7+10r)-1=21+30r-1=20+30r=10(2+3r),
The product of congruence classes
\overline{5}
\overline{8}
\overline{5}
\overline{8}
\overline{0}
\overline{5} ⋅ 10\overline{8}=\overline{0}
Z/10Z
A complete residue system modulo 10 can be the set where each integer is in a different congruence class modulo 10. The unique least residue system modulo 10 is . A reduced residue system modulo 10 could be . The product of any two congruence classes represented by these numbers is again one of these four congruence classes. This implies that these four congruence classes form a group, in this case the cyclic group of order four, having either 3 or 7 as a (multiplicative) generator. The represented congruence classes form the group of units of the ring
Z/10Z
See main article: Extended Euclidean algorithm. A modular multiplicative inverse of modulo can be found by using the extended Euclidean algorithm.
The Euclidean algorithm determines the greatest common divisor (gcd) of two integers, say and . If has a multiplicative inverse modulo, this gcd must be 1. The last of several equations produced by the algorithm may be solved for this gcd. Then, using a method called "back substitution", an expression connecting the original parameters and this gcd can be obtained. In other words, integers and can be found to satisfy Bézout's identity,
ax+my=\gcd(a,m)=1.
Rewritten, this is
ax-1=(-y)m,
that is,
ax\equiv1\pmod{m},
so, a modular multiplicative inverse of has been calculated. A more efficient version of the algorithm is the extended Euclidean algorithm, which, by using auxiliary equations, reduces two passes through the algorithm (back substitution can be thought of as passing through the algorithm in reverse) to just one.
In big O notation, this algorithm runs in time, assuming, and is considered to be very fast and generally more efficient than its alternative, exponentiation.
As an alternative to the extended Euclidean algorithm, Euler's theorem may be used to compute modular inverses.[6]
According to Euler's theorem, if is coprime to, that is,, then
a\phi(m)\equiv1\pmod{m},
where
\phi
(Z/mZ)
a\phi(m)-1\equiva-1\pmod{m}.
In the special case where is a prime,
\phi(m)=m-1
a-1\equivam-2\pmod{m}.
This method is generally slower than the extended Euclidean algorithm, but is sometimes used when an implementation for modular exponentiation is already available. Some disadvantages of this method include:
\phi(m)
\phi(m)
One notable advantage of this technique is that there are no conditional branches which depend on the value of, and thus the value of, which may be an important secret in public-key cryptography, can be protected from side-channel attacks. For this reason, the standard implementation of Curve25519 uses this technique to compute an inverse.
It is possible to compute the inverse of multiple numbers, modulo a common, with a single invocation of the Euclidean algorithm and three multiplications per additional input.[7] The basic idea is to form the product of all the, invert that, then multiply by for all to leave only the desired .
More specifically, the algorithm is (all arithmetic performed modulo):
It is possible to perform the multiplications in a tree structure rather than linearly to exploit parallel computing.
Finding a modular multiplicative inverse has many applications in algorithms that rely on the theory of modular arithmetic. For instance, in cryptography the use of modular arithmetic permits some operations to be carried out more quickly and with fewer storage requirements, while other operations become more difficult. Both of these features can be used to advantage. In particular, in the RSA algorithm, encrypting and decrypting a message is done using a pair of numbers that are multiplicative inverses with respect to a carefully selected modulus. One of these numbers is made public and can be used in a rapid encryption procedure, while the other, used in the decryption procedure, is kept hidden. Determining the hidden number from the public number is considered to be computationally infeasible and this is what makes the system work to ensure privacy.
As another example in a different context, consider the exact division problem in computer science where you have a list of odd word-sized numbers each divisible by and you wish to divide them all by . One solution is as follows:
On many machines, particularly those without hardware support for division, division is a slower operation than multiplication, so this approach can yield a considerable speedup. The first step is relatively slow but only needs to be done once.
Modular multiplicative inverses are used to obtain a solution of a system of linear congruences that is guaranteed by the Chinese Remainder Theorem.
For example, the system
≡ 4 (mod 5)
≡ 4 (mod 7)
≡ 6 (mod 11)has common solutions since 5,7 and 11 are pairwise coprime. A solution is given by
= (7 × 11) × 4 + (5 × 11) × 4 + (5 × 7) × 6where
= 3 is the modular multiplicative inverse of 7 × 11 (mod 5),
= 6 is the modular multiplicative inverse of 5 × 11 (mod 7) and
= 6 is the modular multiplicative inverse of 5 × 7 (mod 11). Thus,
= 3 × (7 × 11) × 4 + 6 × (5 × 11) × 4 + 6 × (5 × 7) × 6 = 3504and in its unique reduced form
≡ 3504 ≡ 39 (mod 385)since 385 is the LCM of 5,7 and 11.
Also, the modular multiplicative inverse figures prominently in the definition of the Kloosterman sum.