Modular Arithmetic as Algebra: The Ring Behind RSA
Viewing modular arithmetic through the lens of ring theory, from Euler's totient to the Chinese Remainder Theorem, and why RSA works.
Terminology
| Term | Definition |
|---|---|
| $\mathbb{Z}/n\mathbb{Z}$ | The ring of integers modulo $n$: $\{0, 1, 2, \ldots, n-1\}$ with addition and multiplication mod $n$ |
| Unit | An element $a \in \mathbb{Z}/n\mathbb{Z}$ that has a multiplicative inverse, i.e., $\gcd(a, n) = 1$ |
| $(\mathbb{Z}/n\mathbb{Z})^*$ | The group of units mod $n$: all elements coprime to $n$, under multiplication |
| Euler's totient $\phi(n)$ | The number of integers in $\{1, \ldots, n\}$ coprime to $n$. Equals $|(\mathbb{Z}/n\mathbb{Z})^*|$. |
| Euler's theorem | If $\gcd(a, n) = 1$, then $a^{\phi(n)} \equiv 1 \pmod{n}$ |
| Fermat's little theorem | Special case: if $p$ is prime, $a^{p-1} \equiv 1 \pmod{p}$ for $a \not\equiv 0$ |
| Chinese Remainder Theorem (CRT) | If $\gcd(m, n) = 1$, then $\mathbb{Z}/mn\mathbb{Z} \cong \mathbb{Z}/m\mathbb{Z} \times \mathbb{Z}/n\mathbb{Z}$ as rings |
| RSA | A public-key cryptosystem where encryption/decryption are modular exponentiations in $\mathbb{Z}/n\mathbb{Z}$ |
What & Why
Modular arithmetic is familiar to every programmer: the % operator. But viewed through the lens of abstract algebra, $\mathbb{Z}/n\mathbb{Z}$ is a ring with rich structure. The units (invertible elements) form a group $(\mathbb{Z}/n\mathbb{Z})^*$ whose size is Euler's totient $\phi(n)$. The Chinese Remainder Theorem decomposes this ring into simpler pieces. Together, these results form the algebraic foundation of RSA.
Why does this matter for CS?
- RSA cryptography: encryption computes $m^e \bmod n$, decryption computes $c^d \bmod n$, and correctness relies on Euler's theorem: $m^{ed} \equiv m \pmod{n}$ when $ed \equiv 1 \pmod{\phi(n)}$
- Hash function design: many hash functions use modular arithmetic to map keys to table indices. Understanding the ring structure explains why prime table sizes reduce collisions.
- Load balancing: consistent hashing maps servers and keys to positions on a modular ring $\mathbb{Z}/m\mathbb{Z}$
- CRT-based speedups: RSA implementations use the Chinese Remainder Theorem to speed up decryption by a factor of ~4x, computing mod $p$ and mod $q$ separately
How It Works
The Ring $\mathbb{Z}/n\mathbb{Z}$ and Its Units
The ring $\mathbb{Z}/n\mathbb{Z}$ has $n$ elements. An element $a$ is a unit (has a multiplicative inverse) if and only if $\gcd(a, n) = 1$. The set of all units forms the multiplicative group $(\mathbb{Z}/n\mathbb{Z})^*$.
Euler's Totient Function
For $n = p_1^{a_1} p_2^{a_2} \cdots p_k^{a_k}$:
Special cases:
- $\phi(p) = p - 1$ for prime $p$
- $\phi(p^k) = p^{k-1}(p - 1)$
- $\phi(pq) = (p-1)(q-1)$ for distinct primes $p, q$ (this is the RSA case)
The Chinese Remainder Theorem
If $\gcd(m, n) = 1$, then the ring isomorphism holds:
This means solving a system of congruences $x \equiv a \pmod{m}$, $x \equiv b \pmod{n}$ has a unique solution mod $mn$. For RSA with $n = pq$, CRT lets us compute $m^d \bmod n$ by separately computing $m^d \bmod p$ and $m^d \bmod q$, then combining. Since the moduli are half the size, each exponentiation is ~4x faster.
RSA: The Algebraic View
Choose primes $p, q$, set $n = pq$. Pick $e$ coprime to $\phi(n) = (p-1)(q-1)$, compute $d \equiv e^{-1} \pmod{\phi(n)}$. Then:
The last step uses Euler's theorem. This is why RSA decryption recovers the original message.
Complexity Analysis
| Operation | Time | Notes |
|---|---|---|
| Compute $\phi(n)$ given factorization | $O(k)$ | $k$ = number of prime factors |
| Modular inverse via extended GCD | $O(b^2)$ | $b$ = bit length of modulus |
| Modular exponentiation $a^e \bmod n$ | $O(b^2 \log e)$ | Repeated squaring with $b$-bit multiplications |
| RSA decryption (direct) | $O(b^2 \log d)$ | $b$-bit modulus, $d$ is private exponent |
| RSA decryption (CRT speedup) | $O((b/2)^2 \log d) \approx \frac{1}{4}$ of direct | Two half-size exponentiations + CRT combine |
| CRT reconstruction | $O(b^2)$ | One extended GCD + two multiplications |
The CRT speedup is why every real RSA implementation stores $p$, $q$, $d \bmod (p-1)$, and $d \bmod (q-1)$ alongside the private key.
Implementation
ALGORITHM EulerTotient(n, prime_factors)
INPUT: n: positive integer
prime_factors: list of distinct prime factors of n
OUTPUT: phi(n)
BEGIN
result := n
FOR EACH p IN prime_factors DO
result := result - result / p // integer division: result * (1 - 1/p)
END FOR
RETURN result
END
ALGORITHM CRT_Solve(a, m, b, n_mod)
INPUT: a, m, b, n_mod: integers with gcd(m, n_mod) = 1
Find x such that x = a (mod m) and x = b (mod n_mod)
OUTPUT: x in [0, m * n_mod)
BEGIN
(g, u, v) := ExtendedGCD(m, n_mod)
// u*m + v*n_mod = 1
x := a * v * n_mod + b * u * m
x := x MOD (m * n_mod)
IF x < 0 THEN
x := x + m * n_mod
END IF
RETURN x
END
ALGORITHM RSA_Decrypt_CRT(c, p, q, dp, dq, q_inv)
INPUT: c: ciphertext
p, q: prime factors of n
dp: d mod (p-1)
dq: d mod (q-1)
q_inv: q^{-1} mod p
OUTPUT: plaintext m = c^d mod (p*q)
BEGIN
// Compute partial results mod p and mod q
m1 := RepeatedSquaring(c MOD p, dp, p)
m2 := RepeatedSquaring(c MOD q, dq, q)
// Combine using Garner's formula (variant of CRT)
h := (q_inv * (m1 - m2)) MOD p
IF h < 0 THEN
h := h + p
END IF
m := m2 + h * q
RETURN m
END
Real-World Applications
- RSA encryption/decryption: the entire RSA system is built on modular arithmetic in $\mathbb{Z}/n\mathbb{Z}$. Key generation uses $\phi(n)$, encryption/decryption use modular exponentiation, and CRT accelerates private key operations.
- Hash tables: hash functions often compute $h(k) = k \bmod m$. Choosing $m$ to be prime avoids patterns in the input from causing clustering, because $\mathbb{Z}/p\mathbb{Z}$ has no zero divisors.
- Consistent hashing: distributed systems map keys and servers to positions on a ring $\mathbb{Z}/m\mathbb{Z}$, using the modular structure for uniform distribution and minimal remapping on server changes.
- Checksums and error detection: ISBN check digits, credit card Luhn checks, and UPC barcodes all use modular arithmetic for error detection.
- Pseudorandom number generators: linear congruential generators compute $x_{n+1} = (ax_n + c) \bmod m$, and the period depends on the algebraic properties of $a$ and $m$ in $\mathbb{Z}/m\mathbb{Z}$.
- Scheduling and circular buffers: ring buffers use modular indexing ($i \bmod n$) to wrap around, directly implementing $\mathbb{Z}/n\mathbb{Z}$ addition.
Key Takeaways
- $\mathbb{Z}/n\mathbb{Z}$ is a ring; its units (elements coprime to $n$) form the multiplicative group $(\mathbb{Z}/n\mathbb{Z})^*$ of size $\phi(n)$
- Euler's theorem ($a^{\phi(n)} \equiv 1$) is the algebraic reason RSA decryption recovers the original message
- The Chinese Remainder Theorem decomposes $\mathbb{Z}/mn\mathbb{Z}$ into $\mathbb{Z}/m\mathbb{Z} \times \mathbb{Z}/n\mathbb{Z}$, enabling a ~4x speedup for RSA decryption
- Choosing prime moduli for hash tables avoids zero divisors and reduces collision patterns
- Modular arithmetic appears in hash functions, consistent hashing, checksums, PRNGs, and circular buffers
Read More
2025-06-22
Polynomials over Finite Fields: Why Your Network Card Does Algebra
How polynomial division over GF(2) powers CRC checksums, and how irreducible polynomials enable BCH codes and error detection in every network packet.
2025-06-23
Lattices and Order Theory: The Algebra of Static Analysis
How lattices provide the mathematical foundation for fixed-point computation in program analysis, type systems, and abstract interpretation.
2025-06-24
Monoids and Semigroups in Programming: Why MapReduce Works
How the humble monoid, a set with an associative operation and identity, explains why MapReduce parallelizes, why folds compose, and why functional programming patterns work.