0

Given a number set of integers $\mathbb{Z}$, how do I find the inverse of a given number?

I am trying to test an algorithm to extract the $k$ and $x$ values from the Elgamal Signature algorithm given that $k$ is repeated.

What I have is $k$ congruent to $(m_1 - m_2)\times(s_1 - s_2)^{-1} \mod p - 1$ given $k$ is used twice.

I am not sure how to calculate the mod inverse though? _ Is the above formula the same thing as $((m_1 - m_2) \mod p -1 \times (s_1 - s_2)^{-1} \mod p -1) \mod p -1$

I am not sure if it is any different since I am doing a mod inverse.

PS. I am a programmer, not a mathematician so please elaborate.

Mason
  • 3,792
User
  • 101
  • 2
    Use the Extended Euclidean Algorithm, e.g. see here – Bill Dubuque Nov 19 '18 at 20:36
  • I know how to find a mod inverse. But if I have a number AB^-1 mod p-1 is that equivalent to A mod p-1 B mod p-1 mod p-1. That is what I found online but I wasn't sure. – User Nov 19 '18 at 20:39
  • $ab$ is invertible $\iff a,b$ are invertible $\iff a,b,$ are coprime to the modulus. When so we have $(ab)^{-1}\equiv b^{-1}a^{-1},$ by $\ b^{-1}a^{-1} (ab) \equiv b^{-1}(a^{-1}a)b\equiv b^{-1}b \equiv 1\ $ (inverses are always unique) – Bill Dubuque Nov 19 '18 at 20:58
  • So what if I have a number * an inverse mod p -1. How would I break that down? – User Nov 19 '18 at 21:01
  • Calculate the inverse then modular_multiply the two as you would any pair of (modular) integers - using the mod prodcut rule – Bill Dubuque Nov 19 '18 at 21:05
  • If you seek a rigorous prove it then you'll also need to show $, A\equiv a,\Rightarrow, A^{-1}\equiv a^{-1},,$ asumming that $\gcd(a,n) = 1\ [!\iff \gcd(A,n) = 1,,$ by $,A\equiv a\pmod{!n}]$ – Bill Dubuque Nov 19 '18 at 21:18
  • I think this should be good I am just trying to show how to retrieve the private exponent of ElGamal signature when k is repeated. Which has me trying to calculate an example using the formula in the question. – User Nov 19 '18 at 21:21
  • In summary, you can mod the argument of the inverse operation just as you do for arguments of sums and products. But beware that you can't do that for exponents (though exponents can be modded out by the order of the base, when it is invertible, or by any other power $k$ such that $a^k\equiv 1$, e.g. as in Fermat or Euler's theorem) – Bill Dubuque Nov 19 '18 at 21:25

1 Answers1

1

Yes, the two formulas you wrote in the question give the same output.

More generally, as Bill Dubuque points out in the comments, you can usually just take mods at each step, instead of doing the whole computation and then modding at the end. However, exponentiation is a notable exception; you can reduce the base but generally not the exponent $$ a^k \bmod n \quad=\quad (a\bmod n)^k \bmod n \qquad\neq\qquad (a\bmod n)^{(k \bmod n)}.$$

aleph_two
  • 404
  • This answer exists primarily to remove this question from the Unanswered list; please upvote (or give Best Answer) to complete the process. – aleph_two Dec 22 '18 at 05:06