Fast Fraction-Integer Method for Computing Multiplicative Inverse

JOURNAL OF COMP UTING, VOLUME 1, ISSUE 1, DECEMBER 2009, ISS N: 2151-9617 HTTPS://SITES.GOOGLE.COM/SIT E/JOURNALOFCOMPUTING/ Fast Fraction-Integer Method for Computing Multiplicative Inverse Hani M. AL-Matari 1 and Sattar J. Aboud 2 and Nidal F. Shilba yeh 1 1 Middle East Un iversity for Gra duate Studies, Faculty of IT, Jordan-Amman 2 Information Technology Advisor, Iraqi Council of Representatives, B aghdad-Iraq Abstract - Multiplicative inverse is a crucial ope ration in publ ic key cryptogr aphy, and bee n widely used in crypt ography. Public ke y cryptography ha s given rise to such a need, in which we need to generate a related public and private pair of number s, ea ch of which is the invers e of the other. The basic method to fin d multiplicat ive inverses is Extended-Eucli dean method. In this paper we w ill propose a new algorithm for comput ing the inverse, based on continues sub tract fraction from integer and divide by fracti on to ob tain intege r that wil l be used t o compute t he inverse d. The authors claim that th e proposed method mo re effici ent and f aster than the exist ed methods. Keyword s - Multiplica tive inverse, greater com mon divisor, Euclidean m ethod, Stein method, Gordon method, Ba ghdad method 1. Introduction Modular arithmetic plays a n important role in cryptography. Many public-key schemes [2] involve modular exponentiation. Modular inversion, the computation of a b mod 1 − has a part in exponentiation based on addition- subtraction chains [6], as well as other applications in such public key systems. The multiplicative inverse of e modulus n is an integer d such that n d e mod 1 * ≡ , d is called the inverse of e and de noted 1 − e [5]. The study of inverse calculation was an intractable science due to lack of real improvement, the modulus inverse problem is a lot mor e diffic ult to solve [1]. Howe ver, ther e were only a few m ethods. The first one is triv ial and length y in calculating the inverse, because it i s a sequential sea rch. It starts by 1 = d , keep on adding 1 to d until n d e mod 1 * ≡ . In [3] Euclidia n described th e algorithm in hi s book, Elemen ts, written around 3 00 B.C. It is the olde st nontrivi al algorithm that has survi ved to the p resent da y, and it i s still a good one. E uclid's al gorithm is a n efficient method to calculate the greatest comm on divisor of two intege rs without factor ing them. Euclidian a lgorithm can also compute the inverse of a number modul o n , sometimes this is call ed the exte nded Euclid ean algorith m , this method is based on the idea that if a n > then ) mod , gcd( ) , gcd( a n a n a = , also on findin g 1 * * = + n y x a in which x is the multi plicative inverse. Euclidian a lgorithm is approx imately irrelev ant to e or n , but other algorithms are affected by e and the modul us n . 2. Previous methods In this secti on we will describe the m ethods that deal wit h the computin g multiplica tive inverse which are as follows: 2.1. Euclid alg orithm This method is based on the idea that if e n > then 1 ) , gcd( = n e , also on finding 1 * * = + n y x e in which x is the multipl icative inverse of e [4]. The algorithm is iter ative and can be slow for large number s. Knuth showed that the average number of divis ions performed by the algorithm i s 47 . 1 ) ( log * 843 . 0 2 + n [2]. The method needs 8 var iables, and used subtraction, multiplica tion, divi sion, and JOURNAL OF COM PUTING, VOLUME 1, ISSUE 1, DECEMBER 2009, ISSN: 2151-9617 HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFC OMPUT ING/ comparison as operations, the complexit y of ) (log n O . Algorithm Input: n Z e ∈ such that 1 ) , gcd( = n e . Output: n e mod 1 − where i e = − 1 provided that it exis ts. The algorithm is as follows: 1. Set ; 1 ; 0 ; ; ← ← ← ← v i e u n g 2. While 0 > u do the foll owing: ; * |; / | u q g t u g q − ← ← ; * ; ; v q i t t u u g − ← ← ← ; ; t v v i ← ← 3. If 0 < i then ; i n i + ← 4. i e ← − 1 Example Let 60 ; 7 ← ← n e g u i v q t 60 7 0 1 0 0 7 4 1 -8 8 -8 4 3 -8 9 1 9 3 1 9 -17 1 -17 1 0 -17 -52 3 -52 43 ) 17 ( 60 1 = − + = + ← − i n e 2.2. Stein Method In 1967, Stei n introduced an inverse algorit hm [7] and later improve d by Penk Knuth. It is based on the observation th at = ) , gcd( y x ) , 2 / gcd( y x if x is even , also 2 ) , gcd( = y x , ) 2 / , 2 / gcd( y x if bo th y x , are even, and = ) , gcd( y x ) , 2 / ) gcd(( y y x − if y x , are both odd. The algorithm needs a bout 11 var iables, and uses additi on, subtracti on, mult iplication , division an d comparison, the comple xity is ) (log n O . Algorithm Input: n Z e ∈ such that 1 ) , gcd( = n e . Output: n e mod 1 − provided that it exists. The algorithm is as follows: While e and n is even do ⎣⎦ ⎣ ⎦ ; 2 / ; 2 / n n e e ← ← ; ; 1 ; ; ; 0 ; 1 3 2 1 3 2 1 n v e v n v e u u u ← − ← ← ← ← ← If e is odd then ; ; 1 ; 0 3 2 1 n t t t − ← − ← ← Else ; ; 0 ; 1 3 2 1 e t t t ← ← ← Repeat While 3 t is even do ⎣⎦ 2 / 3 3 t t ← If 1 t and 2 t is even t he n ⎣ ⎦ ⎣ ⎦ ; 2 / ; 2 / 2 2 1 1 t t t t ← ← Else ⎣ ⎦⎣ ⎦ ; 2 / ) ( ; 2 / ) ( 2 2 1 1 e t t n t t − ← + ← If ) 0 ( 3 > t then ; ; ; 3 3 2 2 1 1 t u t u t u ← ← ← Else ; ); ( ; 3 3 2 2 1 1 t v t e v t n v − ← + − ← − ← ; ; ; 3 3 3 2 2 2 1 1 1 v u t v u t v u t − ← − ← − ← If ) 0 ( 1 < t then ; ; 2 2 1 1 e t t n t t − ← + ← Until ; 0 3 = t ; 1 1 u e ← − Example Let ; 60 ; 7 = = n e e n 1 u 2 u 3 u 1 v 2 v 3 v 1 t 2 t 3 t 7 60 1 0 7 60 -6 60 0 -1 -60 30 -4 -30 15 -2 -15 45 -5 15 -44 5 -8 16 -2 8 -1 -4 34 -4 -2 17 -2 -1 43 1 -42 5 6 -18 -2 9 -1 3 9 -1 3 -43 4 2 -26 -3 43 -5 1 43 -5 1 0 0 0 43 1 1 = ← − u e 2.3. Gordon Meth od In 1989, Gordon [2] described an other algorithm fo r computi ng an inverse. It i s based on the ob servation that q at Euclidian method does not need to be the remainder o f a n / but it can be any pow er of 2 up to that limit [4] . The algorithm n eeds about 9 variabl es, and uses addition, su btraction, comparison, a nd shifting. The complexit y of the algorithm is ) (log n O Algorithm Input: n Z e ∈ such that 1 ) , gcd( = n e . Output: n e mod 1 − provided that it exists. The algorithm is as follows: ; ; 1 ; 0 ; e u v i n g ← ← ← ← Repeat ; 0 ; 1 ← − ← p s If g u > then JOURNAL OF COM PUTING, VOLUME 1, ISSUE 1, DECEMBER 2009, ISSN: 2151-9617 HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFC OMPUT ING/ ; 0 ← t Else ; ; 1 u t p ← ← While ) ( g t ≤ do ; 1 + ← s s ← t Left shift t by 1; ← t Right shif t t by 1; ; ; ; ; ; v i i t t u u g t g t ← ← ← ← − ← If 1 = p then ← v Lef t shift v by ; s ; v t t − ← ; t v ← Until 0 = u or ; g u = If 0 < i the n ; i n i + ← ; 1 i e ← − Example Let 60 ; 7 ← ← n e g u i v s p t 60 7 0 1 0 1 14 1 28 2 58 3 112 56 7 4 4 1 0 8 8 − 1 − 0 1 4 0 8 4 3 3 -8 1 9 9 1 − 0 1 3 0 6 3 1 1 1 9 8 − 17 − 17 − 1 − 0 1 1 0 2 1 4 2 1 1 17 − 9 3 − 43 43 43 17 60 1 = − ← − e 2.4. Baghdad algorith m In 2004, Sattar A boud [6] introd uced another algorithm en titled "Baghdad method" to calculat e the inve rse. The id ea behind Ba ghdad method i s very si mple invol ving addin g 1 to the mo dulus n and then divi des the result by the expon ent e . Then keep on adding th e result to the modulus n and divide the new result by the expo nent e until an integer is obtain. The algorithm needs only 5 variables, and uses additio n and division onl y. The complexit y of the algorithm is ) (log n O Algorithm Input: n Z e ∈ s uch t hat 1 ) , gcd( = n e Output: n e mod 1 − provided th at it exi sts The algorithm is as follows: Set ; 1 ← d Repeat ; / ) ( e n d d + = Until d is int ege r ; 1 d e ← − Example Let ; 60 ; 7 ← ← n e d result (1+60)/7 not integer (61+60)/7 not integer (121+60)/7 n ot int eger (181+60)/7 n ot int eger (241+60)/7 i nteger matc h 43 1 = ← − d e 3. Fast Fraction-Integer Method The idea b ehind the pr oposal method is a very simple, based on c ontinues subtrac t fraction from integer and di vide by fraction to obta in integer th at will b e used to compute t he inverse d . The algor ithm needs on ly 6 variables, and uses additio n and division o nly. The complexity of the al gorithm is ) (log n O Algorithm Input: n Z e ∈ such that 1 ) , gcd( = n e Output: n e mod 1 − provided th at it exi sts. The algo rithm as fo llows: ; : real r ; 1 = i ; / ) mod 1 ( e e n s f + = ; / ) mod ( e e n d f = If 0 = f s then Stop; Else Repeat ); / ) (( f f d s i r − = JOURNAL OF COM PUTING, VOLUME 1, ISSUE 1, DECEMBER 2009, ISSN: 2151-9617 HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFC OMPUT ING/ ; 1 + = i i Until r is int ege r ; / 1 )) 1 ( * ( e r n d + + = Example Let ; 60 ; 7 ← ← n e i f s f d r 1 71428 . 0 57142 . 0 50001 . 0 2 25004 . 2 3 00000 . 4 e r d / 1 )) 1 ( * 60 ( + + = = (60*(4+1)) +1/ 7 = (60*5) +1/7 = 301/7 = 43 3.1 Proof of Fast Fract ion-Integer Meth od In order to pr ove the algor ithm, w e need to prove that the algori thm will give integer number only when d is the inverse of e . As we know that if d is the inverse of e then 1. Both e , d are positive integer num bers between ] .. 1 [ n ……. …………………… (1) 2. 1 ) , gcd( = n e ……………..……...……... (2) 3. n d e mod 1 * ≡ , it means that n k d e * 1 * + = for Z k ∈ ………………………....…... (3) So e n k d / ) * 1 ( + = e n k e / * / 1 + = …...………………... (4) From the al gorithm of Fast F raction-Intege r Method we see that ; / 1 )) 1 ( * ( e r n d + + = this will re peated i times until d ………....... (5) From that we know that t he algorithm above is correct for k i = , but if this is the case we ne ed to prove that (5) will give none integer for all values of k i < , and the onl y integer va lue is when k i = , so we know d is an integer so e n k / ) * 1 ( + is also i nteger for integer value of k . Then we need to proo f that e n i / ) * 1 ( + is never an integer for all value s of i between ] 1 , 1 [ − k . Assume tha t there is another value of i where k i i < < such that e n i d / ) * 1 ( + = i s a l s o a n integer, it means that 1 − = k i ------ ------ (6) Then e n k d / ) * ) 1 ( 1 ( − + = will be in teger. So e n n k d / ) * 1 ( − + = e n e n k / / ) * 1 ( − + = e n e n k e / / * / 1 − + = But by e n k e / * / 1 + is integer, and b y that ) , gcd( n e should be 1. So if there is no grea ter common div isor betwee n e and n except 1, that me ans e n / is a non integer value. Thus subtracti ng a non integer value form an integer value w ill yield d is not an intege r. This will contradict our assumpti on (that d is an integer). Now assume th at there ex ist q k i − = such that d is an intege r for q between ] 1 , 1 [ − k . Then e n q k d / ) * ) ( 1 ( − + = e n q e n k e / * / * / 1 − + = If this t o be integ er then e n q / * must be integer, but since 1 ) , gcd( = n e then q must be a multiple of e so n x e n k e d * / * / 1 − + = (5) This will lead to d being a ne gative numbe r 0 < d but fr om definition w e know that bo th e and d must be positive (1) so ther e is no values for x that satisfy the defin ition. So the only value for q that satisfy the condi tions i s when 0 = q and that k i = . 3.2Problem of Fast Fraction -Integer met hod We have proved that F ast Frac tion-Integer algorithm is correct, but the questi on is that is it imp lemental? Yes th e algorith m will terminat e giving the corre ct answer when implemente d using the com puter program ming langua ges. Let dm be the mathemat ical valu e of d where dm d = . Let dc be the calculat ed value of d in the computer memory and registers. Let ξ be the error in c alculating, between th e mathematical value and the computer value (round off error). So em nm km m dm / ) * 1 ( + = em nm km em m / * / 1 + = m e n k m e ) / * ( ) / 1 ( + = But we know that the ca lculated value of fractions is never exactly as the mathem atical value for big value s of e that wh en used to divide 1 a nd n will give a cy clic frac tion number. So 1 ) / 1 ( ) / 1 ( ξ + = c e m e and 2 ) / ( ) / ( ξ + = c e n m e n where c e ) / 1 ( 1 << ξ , c e n ) / ( 2 << ξ and 2 * 1 ) / 1 ( ξ ξ k c e dc + + = such errors will yield that eith er dc dm ≤ or dc dm ≥ , dc dm − if a nd only if 0 2 * 1 = + ξ ξ k it means th at c e m e ) / 1 ( ) / 1 ( = , c e n m e n ) / ( ) / ( = We know that the error 2 , 1 ξ ξ is small, b ut multiplying 2 ξ with k will give big value to th e error and the JOURNAL OF COM PUTING, VOLUME 1, ISSUE 1, DECEMBER 2009, ISSN: 2151-9617 HTTPS://SITES.GOOGLE.COM/SITE/JOURNALOFC OMPUT ING/ error will multiply by k , so as k is increa sing the error also will increase so the best appr oach is to use small values for e . 4. Conclusions For security reas ons, cryptog raphy recommends s maller values for publ ic keys and bigger values for priva te keys [4]. The suggested algorithm needs lower values for public keys ( lower va lue of e ) and high er values for private ke y, which is fully compatible w ith the pre ferred crypt ography algorithm. The m ethod is simp le, fast and needs less storage , and its c omplexity is also less. Refere nces 1. B . Schneie r, applied C ryptography, Seco nd Edition, John Wiley and s ons, 1996, p 246. 2. J. Gordon, F ast Multiplica tive inverse i n modular arithmetic , Cryptography a nd Coding, Clarendo n Press Oxford, 1 989, .pp 269 - 279. 3. D. E. Knuth, The art of computer programming, 2n d Ed., A ddison - Wesle y, Vol. 2, 1981, pp 319, 321, 339, 599. 4. A. Menezes. et al, Han dbook of ap plied cryptography, C RT Press, 1996, p 67, p 71. 5. R. Rivest, A. Sham ir., and L. Adlemen, A method for obtaining digi tal signatures and public key cr yptosystem s, ACM, 197 8, pp 120-126. 6. Sattar J A boud, Bag hdad Method for calculating Multiplicati ve Inverse, T he International Confer ence on Information Technology (ITCC 2004 ), IEEE, 5-7 April 2004, Las Vegas, U .S. A 7. J. Stein, Comp. Phys, 1, (1967), p 397-405.