Confusion on RSA attack equation

Question

I am reading this paper on RSA attacks and it describes the equation where ed = 1 mod φ(N)

This confuses me because wouldn’t 1 mod of anything (not 1) just always be equal to 1?

Answer 1

This is what is known as a modular inverse.

The easiest way to think about this is to think of the multiplication table in modular arithmetic. Let's start with the modulus being a prime number, 5.

$$\begin{array} {}\times{} & 0 & 1 & 2 & 3 & 4 \\ \hline 0 & 0 & 0 & 0 & 0 & 0 \\ 1 & 0 & 1 & 2 & 3 & 4 \\ 2 & 0 & 2 & 4 & 1 & 3 \\ 3 & 0 & 3 & 1 & 4 & 5 \\ 4 & 0 & 4 & 3 & 2 & 1 \end{array}$$

Every element, apart from zero, has a multiplicative inverse, in the sense for every $x$ there is a $y$ such that $xy = yx = 1$.

Now we'll look at a composite modulus. Let's try 6. $$\begin{array} {}\times{} & 0 & 1 & 2 & 3 & 4 & 5\\ \hline 0 & 0 & 0 & 0 & 0 & 0 & 0\\ 1 & 0 & 1 & 2 & 3 & 4 & 5\\ 2 & 0 & 2 & 4 & 0 & 2 & 4\\ 3 & 0 & 3 & 0 & 3 & 0 & 3\\ 4 & 0 & 4 & 2 & 0 & 4 & 2\\ 5 & 0 & 5 & 4 & 3 & 2 & 1 \end{array}$$

Here, only 1 and 5 have a multiplicative inverse. These two are also the numbers that are coprime to 6, and this is not a coincidence.

Intuitively, if $x$ has a factor $f$ in common with the modulus $M$, then any multiple of $x$ is a multiple of $f$ modulo $M$, so it cannot be 1. What may not be obvious is that the converse also holds: if $x$ is coprime to $M$, then $x$ has an inverse modulo $M$.

To say that $xy$ is congruent to $1$ modulo $M$ is to say that there exists an integer $k$ such that:

$$xy + Mk = 1$$

The problem of finding a suitable $y$ is, therefore, equivalent to solving the above linear Diophantine equation. This always has a solution if $\gcd(x,M) = 1$ (i.e. $x$ and $M$ are coprime), and it can be found with the extended Euclidean algorithm.