Public-Key Math Essentials

Invertible really means "division works"
Extended GCD -> inverse -> linear congruence
CRT combine step with numbers
Euler/Fermat/Carmichael -> RSA
Pitfalls + big.Int

1 / 11

Invertible (no heavy formalism)

a is invertible mod n if there exists b: a*b \equiv 1 (mod n)
Invertible values are exactly the coprimes
These are the units \(\mathbb{Z}_n^*\), count = \(\varphi(n)\)

2 / 11

Extended GCD -> inverse

$$ax + by = gcd(a,b)$$

If gcd = 1, then:

ax + by = 1 \Rightarrow ax \equiv 1 \pmod{b}

So x mod b is the inverse.

3 / 11

Worked inverse (negative normalize)

56^{-1} mod 15:

Extended GCD gives 56(-4) + 1515 = 1
x = -4, normalize: -4 mod 15 = 11
11*11 = 121 \equiv 1 (mod 15)

4 / 11

Linear congruence example

Solve 14 x \equiv 30 (mod 100):

g = gcd(14,100) = 2 divides 30
7 x \equiv 15 (mod 50)
7^{-1} mod 50 = 43
x \equiv 45 (mod 50)
Two solutions mod 100: x = 45, 70

5 / 11

CRT combine step (numbers)

Solve:

x \equiv 2 (mod 3)
x \equiv 3 (mod 5)
x \equiv 2 (mod 7)

Compute M=105, M1=35, M2=21, M3=15, (t1,t2,t3)=(2,1,1).

x = 2*35*2 + 3*21*1 + 2*15*1 = 233 \equiv 23

6 / 11

Euler/Fermat/Carmichael

If gcd(a,n)=1:

a^{\varphi(n)} \equiv 1 \pmod{n}

For RSA n = p*q:

\lambda(n) = lcm(p-1, q-1)

7 / 11

RSA correctness (sketch)

e d \equiv 1 \pmod{\lambda(n)}

Then m^{ed} \equiv m (mod p, q) and CRT gives (mod n).

8 / 11

RSA parameters

Need gcd(e, phi) = 1 so d exists
e commonly 65537
lambda(n) is tighter than phi(n)
Toy RSA is insecure without padding

9 / 11

Pitfalls + big.Int

Non-coprime inputs break inverses/CRT
Normalize negatives: (x % m + m) % m
Use big.Int when products overflow 64-bit

10 / 11

What you will build

Extended GCD
Modular inverse
CRT solver
Toy RSA math

11 / 11

Use arrow keys or click edges to navigate. Press H to toggle help, F for fullscreen.