Topic 1

Modular Arithmetic, Bar

Codes and Ciphers

We often identify items with numbers - student numbers are a good example of
this. Such numbers can be easily transcribed incorrectly and hence it is a good
idea to have some checking built into the way that the numbers are constructed.
We look at the maths behind such checking schemes, called modular arithmetic,
and look at two familiar checking schemes. Finally we describe another appli-
cation of modular arithmetic.

1.1 Modular Arithmetic

Let a, b and n be integers with n > 0. We say that a ≡ b (mod n) (read “a is
congruent to b mod n”) if a − b is a multiple of n.

EXAMPLE 1.1.1.
24 ≡ 4 (mod 5), 28 ≡ 2 (mod 26).
There are a number of results about congruence that we will use frequently
and we collect them here for easy reference.
LEMMA 1.1.1.
Let a, b, c and n be integers with n 6= 0. Then the following results are true.
1. a ≡ 0 (mod n) if and only if n|a.
2. a ≡ a (mod n).
3. a ≡ b (mod n) if and only if b ≡ a (mod n).

4. If a ≡ b and b ≡ c (mod n) then a ≡ c (mod n).

5
 Now that we have the idea of two integers being congruent if their difference
is divisible by n, we can think in terms of having only a finite set of integers. So
we let Zn be the integers mod n. Thus Zn = {0, 1, 2, . . . , n − 1} and addition,
subtraction, multiplication and division are carried out on the elements of Zn
mod n.
It is often helpful when doing this to imagine the elements of Zn being the
numbers on a clock face. Then addition can be carried out on this circular
number line. Multiplication of y by x, say, can be thought of as adding y to 0
x times.
The next example illustrates these ideas modulo 3.
EXAMPLE 1.1.2.
We know that we have the numbers 0, 1 and 2 to place on the clock face. When
we add 1 to any number we move clockwise by 1 number. When we add 2
we move clockwise by 2 numbers. Thus we have that 0 + 2 ≡ 2 (mod 3) and
2 + 2 ≡ 1 (mod 3), for instance. We can summarise this in an addition table,
given in Table1.1.
We know that 2 × 2 = 2 + 2 and so 2 × 2 ≡ 1 (mod 3). The results of all
possible pairwise multiplications are given in Table1.2.

+ 0 1 2
0
1
2

Table 1.1: Addition Tables

+ 0 1 2 3
+ 0 1 2
+ 0 1 0 0 1 2 3
0 0 1 2
0 0 1 1 1 2 3 0
1 1 2 0
1 1 0 2 2 3 0 1
2 2 0 1
3 3 0 1 2

Modulo 2 Modulo 3 Modulo 4

Observe that 0 + x ≡ x ≡ x + 0 mod 3 ∀x. We say that 0 is the additive

identity. This is true for every value of n. Also note that there is a single 0 in
each row of the addition table. If x + y ≡ 0 mod n then we say that y is the
additive inverse of x mod n and that x is the additive inverse of y mod n.

c
°Debbie Street, 2011 6
 Table 1.2: Multiplication Tables

× 0 1 2 3
× 0 1 2
× 0 1 0 0 0 0 0
0 0 0 0
0 0 0 1 0 1 2 3
1 0 1 2
1 0 1 2 0 2 0 2
2 0 2 1
3 0 3 2 1

Modulo 2 Modulo 3 Modulo 4

For all values of n we have that x × 1 ≡ x ≡ 1 × x (mod n) and we call

1 the multiplicative identity. If x × y ≡ 1 (mod n) then we say that y is the
multiplicative inverse of x mod n and that x is the multiplicative inverse of y
mod n

1.1.1 Exercises
1. Give the addition and multiplication tables mod 7. Can you see any 0s in
these tables? Comment.

2. Give the addition and multiplication tables mod 6. Can you see any 0s in
these tables? Comment. Two numbers that multiply to give 0 are called
divisors of 0. Give all the divisors of 0 in this case. What do you notice?

1.2 Bar Codes

1.2.1 International Standard Book Number (ISBN)
These are 10 digit codes for each book that is published. They were developed
between 1968 and 1972 and they have a fixed format. For example, the ISBN
for Trappe and Washington’s book on Cryptography is 0-13-198199-4. What do
these different sets of numbers tell us?
The first set of one or two digits is for the language group. 0 is for books
written in English, 2 for those written in French, 3 for those in German, 87 for
those in Danish and 90 for those in Dutch, for example.
The next set of two to five digits is the publisher code. 13 is for Prentice-
Hall, 19 is for Oxford University Press and 471 is for John Wiley and Sons, for
example.
The third set is the book number and is chosen by the publisher. The length
of the language group, publisher code and book number must be 9 digits long.
We will write this as a1 a2 a3 a4 a5 a6 a7 a8 a9 .
The final number is called the check digit and is given by the solution to the

c
°Debbie Street, 2011 7
equation
10
X
(11 − j)aj ≡ 0 mod 11.
j=1

‘X’ is used if a10 = 10.

EXAMPLE 1.2.1.
Since the ISBN for Trappe and Washington’s book on Cryptography is 0-13-
198199-4, we know that a1 = 0, a2 = 1, a3 = 3, a4 = 1, a5 = 9, a6 = 8, a7 = 1,
a8 = 9 and a9 = 9. To calculate the check digit we need to evaluaute
10×0+9×1+8×3+7×1+6×9+5×8+4×1+3×9+2×9+a10 ≡ 0 mod 11.
Evaluating each term mod 11 gives
0 + 9 + 2 + 7 + 10 + 7 + 4 + 5 + 7 ≡ 7 mod 11
and so the check digit is a10 ≡ −7 ≡ 4 mod 11, as expected.

1.2.2 European Article Number (EAN)

Most products for sale in stores have a 13 digit barcode on them, the European
Article Number (EAN), which can be used by the store for inventory control.
The EAN is a superset of the 12 digit universal product codes (UPC) developed
in the United States and Canada and also includes the Japanese Article Number
(JAN) used in Japan. All three types of numbers are referred to as Global Trade
Item Numbers (GTIN).
The EAN is divided into 4 parts:
• the first two or three digits identify the country where the manufacturer
is registered, although for books the first three digits are 978 or 979,
regardless of the country of the publisher;
• the manufacturer code, consisting of five or four digits depending on the
number of digits used above;
• the product code, of five digits;
• a check digit.
The check digit is calculated mod 10, however, rather than mod 11. If the
EAN is a1 a2 a3 a4 a5 a6 a7 a8 a9 a10 a11 a12 a13 then
6
X 6
X
a2i+1 + 3 × a2i ≡ 0 mod 10.
i=0 i=1

EXAMPLE 1.2.2.
The EAN 9300624005377 satisfies
(9 + 0 + 6 + 4 + 0 + 3 + 7) + 3 × (3 + 0 + 2 + 0 + 5 + 7) ≡ 0 mod 10,
as expected.

c
°Debbie Street, 2011 8
1.2.3 Exercises
1. Suppose that only the check digit needs to be determined for the book
number 0-3021-9041 to make it an ISBN. What is the check digit?

2. Suppose that an ISBN a1 a2 a3 a4 a5 a6 a7 a8 a9 a10 is recorded correctly except

that ai is replaced by bi for exactly one i. Show that this error will be
detected.
3. Consider the book number 1-84046-798. Show that it needs a check digit
of 3 to become an ISBN. To get the corresponding EAN the book number
is prefaced by 978. Show that the check digit is now 7.

4. Does the EAN scheme catch all single digit errors? (You must prove your
answer, either by giving a single digit error which is not detected, or by
proving that every single digit error will be detected.)
5. A transposition error occurs when two digits are interchanged. Show that
a transposition error is not caught by the EAN scheme if |ai − ai+1 | = 5.
6. Suppose that 3 is replaced by 4 in the formula for the EAN scheme. Is
this modified EAN scheme just as good? What if the 3 is replaced by 7?
Comment.

7. The actual encodings used are described at http://en.wikipedia.org/wiki/EAN-

13. Give the encoding that would be used for the EAN of question 3.

1.3 Ciphers
Ciphers are used in an attempt to keep information from an adversary. Be-
cause the world is becoming more connected, there is an increasing demand on
electronic systems and an increased need to protect data, such as credit card
numbers, that are transmitted over the internet. The techniques that do this
form the field of cryptology.
Cryptology is the “study of of communication over non-secure channels”(Trappe
and Washington (2006)). Cryptography is the process of designing systems to
facilitate confidential communications over non-secure channels. Cryptanalysis
is the study of techniques to break the confidential communications of others.
Finally a particular encryption method will be referred to as a cryptosystem.

1.3.1 The typical situation

We could describe the communication scenario for cryptography in the following
way. There are two parties, traditionally called Alice and Bob, who want to
communicate with each other. There is also a third party, Eve, a potential
eavesdropper. Alice wants to send a message to Bob and doesn’t want Eve to
know what it is. Alice and Bob assume that Eve can see every transmission that
they send. So to communicate confidentially Alice takes her message, called the

c
°Debbie Street, 2011 9
plaintext, and encrypts it using a method that Alice and Bob have agreed on
beforehand. This produces the ciphertext which is sent to Bob. When Bob
receives the ciphertext he then decrypts it to recover the plaintext. Alice and
Bob assume that Eve knows the method of encryption but that she doesn’t
know the secret key. As we will see the secret key may be the encryption key
but it may only be the decryption key that is secret; such a system is called a
public key system.

1.3.2 Why eavesdrop?

What are Eve’s goals? Four possibilities spring to mind.
1. Read the message.
2. Find the key and so be able to read all messages associated with that key.
3. Change the message that Bob receives so that it looks like Alice has sent
the altered message.
4. Pretend to be Alice and send messages to Bob that appear to come from
Alice.
The final two items in the list relate to issues of integrity and authentication
respectively.

1.3.3 Possible applications

We begin by thinking about the four main properties that a cryptosystem should
have. These are as follows:
1. Confidentiality: The message sent by Alice to Bob should not be acces-
sible to Eve even though she can read the ciphertext.
2. Data integrity: Bob needs to be sure that Alice’s message has not been
altered. Transmission errors might occur (and error-correcting codes (see
the next three topics) are one way of helping to deal with this eventual-
ity) but an adversary may intercept the message and alter it. There are
methods that allow the detection of such manipulation.

3. Authentication: Bob needs to be sure that only Alice could have sent the
message. For example, if Bob is a computer then password protocols are
an example of this. Entity authentication is aimed at proving the identity
of parties involved in a communication. Data-origin authentication aims
to link the origin of data (such as time, place) with the actual data.
4. Non-repudiation: Bob wants to be sure that Alice can not claim that
she did not send the message. Here Bob might be a store and the store
does not want Alice to be able to deny she ordered the goods.

c
°Debbie Street, 2011 10
 These various ideas are combined to provide digital signatures, to provide
identification schemes, to provide electronic cash systems, to provide ways to
have secure transactions over the internet and to provide ways to share parts of
a secret so that the presence of a certain subset of people is required to be able
to open a bank vault say.

1.3.4 Possible attacks on a cryptosystem

There are four different attacks that could be used on a cryptosystem by Eve.
These are as follows:
1. Ciphertext only: Eve just has access to ciphertext.
2. Known plaintext: Eve intercepts some ciphertext and then later sees
the corresponding plaintext. It need not be plaintext of the whole mes-
sage either; there are examples from World War 2 where stock phrases
were used to start each daily message and these were used to break the
cryptosystem used that day.
3. Chosen plaintext: Eve gains access to the encryption machine. She
can not find the key from the machine but she can use it to encrypt as
many messages as she likes and she will have both the plaintext and the
ciphertext for each message. Which messages should she encrypt?
4. Chosen ciphertext: Eve gains access to the decryption machine and
uses it to decrypt several strings of characters. She then tries to deduce
the key. Which strings should she decrypt?
Throughout this subject we will assume Kerckhoff ’s principle that the se-
curity of a system should be assessed under the assumption that the adversary
knows the method of encryption used. Thus it is the key that protects the
system rather than the algorithm that is used.

1.3.5 Shift ciphers

Possibly the simplest cryptosystem is the shift cipher. Shift ciphers are easy
to describe: shift all the letters of the plaintext alphabet by a fixed amount to
obtain the letters of the ciphertext, wrapping round at the end of the alphabet.
Julius Caesar is often credited with using a shift cipher with a shift of 3, so a
became D, b became E, c became F and the “wrapping round at the end” means
that a became X, b became Y and c became Z. (Throughout these notes we will
call the message that we want to encipher the plaintext and it will be written
in lower case. The enciphered plaintext will be called the ciphertext and it will
be written in UPPER CASE.)
In practice this was achieved by having two rotating discs, where the inside
disc contained the plaintext letters and the outside disc contained the ciphertext
letters and a shift was obtained by rotating a to the correct position and then
all the other letters would also be aligned correctly.

c
°Debbie Street, 2011 11
 Since the alphabet has 26 letters in it, it is natural to think in terms of
representing the letters of the alphabet by the numbers in Z26 . Thus we let a
be represented by “0”, b by “1” and so on until z is represented by “25”. Then
Caesar’s cipher can be described by saying that

x 7→ x + 3 mod 26.

We say that Caesar’s cipher has a key of 3.

EXAMPLE 1.3.1.
Suppose that the plaintext is caesar cipher. Then numerically this is
{2,0,4,18,0,17,2,8,15,7,4,17}. To encipher this we calculate x + 3 mod 26 which
gives (numerically)

{2+3, 0+3, 4+3, 18+3, 0+3, 17+3, 2+3, 8+3, 15+3, 7+3, 4+3, 17+3} mod 26

which becomes
{5, 3, 7, 21, 3, 20, 5, 11, 18, 10, 7, 20}
which is transmitted as FDHVDU FLSKHU.
Cryptanalysis An unsophisticated but successful strategy is just to try all the
possibilities (there are only 25) but see the exercises for an example where this
can break down.

1.3.6 Affine ciphers

Affine ciphers are a generalisation of shift ciphers. Instead of defining the en-
ciphering function by adding a constant, first multiply by a constant. So we
have
x 7→ αx + β mod 26
for some constants α and β. We represent the key by (α, β).
It turns out that there needs to be some restriction on the values of α that
can be used, as the following example shows.
EXAMPLE 1.3.2.
Suppose that we let α = 13 and β = 4. Then x 7→ 13x + 4 mod 26. Suppose we
encipher the plaintext input. Since this is {8,13,15,20,19} we get

{8 × 13 + 4, 13 × 13 + 4, 15 × 13 + 4, 20 × 13 + 4, 19 × 13 + 4}

which when evaluated mod 26 gives {4,17,17,4,17} which is ERRER. Now let’s
encipher alter. This is {0,11,19,4,17} we get

{0 × 13 + 4, 11 × 13 + 4, 19 × 13 + 4, 4 × 13 + 4, 17 × 13 + 4}

which when evaluated mod 26 gives {4,17,17,4,17} which is ERRER. Thus we

see that we have the same ciphertext and so ciphertexts can not be deciphered
to a unique plaintext.

c
°Debbie Street, 2011 12
 This happens because we can not get a multiplicative inverse for 13 mod
26. Why not? By definition a multiplicative inverse of 13 in Z26 is a number
s ∈ Z26 such that 13s ≡ 1 mod 26. If we check all the possibilities for s we
realise that if s is even then 13s ≡ 0 mod 26 and if s is odd then 13s ≡ 13 mod
26. So 13 has no multiplicative inverse mod 26.
So let’s look at some of the other numbers mod 26. Try 2. Then 2s is always
going to be congruent to an even number mod 26 and 1 is odd so 2 has no
multiplicative inverse mod 26. Now let’s try 3. Then 3 × 9 = 27 ≡ 1 mod 26
and so the multiplicative inverse of 3 is 9 and of 9 is 3. What happens if we let
α = 3 in the previous example?

EXAMPLE 1.3.3.
Suppose that we let α = 3 and β = 4. Then x 7→ 3x + 4 mod 26. Suppose we
encipher the plaintext input. Since this is {8,13,15,20,19} we get {8 × 3 + 4, 13 ×
3 + 4, 15 × 3 + 4, 20 × 3 + 4, 19 × 3 + 4} which when evaluated mod 26 gives
{2,17,23,12,9} which is CRXMJ. To decipher this we only need to reverse the
encipherment and calculate X 7→ 9 × (X − 4) mod 26 (where we use 9 since it is
3−1 mod 26). This gives {9×(2−4), 9×(17−4), 9×(23−4), 9×(12−4), 9×(2−4)}
which gives {8,13,15,20,19} as we expect.

A similar argument to that used for 2 shows that any even element of Z26
has no multiplicative inverse mod 26. For the odd numbers notice that 5 × 21 =
105 = 4 × 26 + 1, 7 × 15 = 105 = 4 × 26 + 1,11 × 19 = 209 = 8 × 26 + 1,
17 × 23 = 391 = 26 × 15 + 1 and 25 × 25 = 625 = 24 × 26 + 1. So we see that
all of the odd numbers other than 13 have a multiplicative inverse.
So what we need to do to find a multiplicative inverse of a mod 26, is to find
a number s such that as + 26t = 1 for some number t. By looking at all the
cases we have shown that this is only true if the greatest common divisor of a
and 26 is 1. This turns out to be a general result and we will discuss it later.

1.3.7 Exercises
1. Suppose that you know that KDDKMU was enciphered using the shift
cipher. To what does it decipher?
2. Suppose that you know that EVIRE was enciphered using the shift cipher.
To what does it decipher? Comment.
3. Encipher howareyou using the affine cipher x 7→ 5x + 7 mod 26. What is
the decipherment function? Check that it works.
4. Consider an affine cipher mod 26. You do a chosen plaintext attack using
hahaha and get the ciphertextNONONO. Determine the values of α and
β. Would it be sufficient to encipher only one letter? Would you get
any additional information by enciphering more than two distinct letters?
(Think about pairs of letters that are 13 apart, such as a and n, as well
as pairs that are some other distance apart, when giving your answer.)

c
°Debbie Street, 2011 13
 5. Suppose that you encipher using an affine cipher and then encipher the
result using another affine cipher (both mod 26). Is there any gain to
doing this rather than using just one affine cipher? Say why or why not.
6. Suppose that we decide to extend the alphabet to include a space which
is represented by 26. So now we will use an affine function mod 27 to
encipher (and decipher) messages. How many different keys are possible?
How many keys are possible if we also include ? and ! and work mod 29?
7. (Harder Question) If the encipherment function is the same as the deci-
pherment function then the corresponding key is said to be involutory.
(a) Find all the involutory keys for the shift cipher.
(b) Prove that for an affine cipher over Zn , (α, β) is an involutory key if
and only if α−1 mod n = α and β(α + 1) ≡ 0 mod n.
(c) Determine all the involutory keys in the affine cipher over Z26 .
(d) Determine all the involutory keys in the affine cipher over Z15 .

1.4 References and Comments

Kirtland (2001) gives a thorough introduction to identification numbers and
check digit schemes. There is also much topical information available on var-
ious web pages so have a look to read something about the use of these bar
codes in practice. Trappe and Washington (2006) provide an introduction to
cryptography and have a number of results on modular arithmetic and its use
in the construction of cryptographic schemes.

c
°Debbie Street, 2011 14