6
$\begingroup$

I'm learning how the diffie-hellman key exchange algorithm, works and I came to a mathematical conflict which I can't understand its logic .

This is the story: ( yuu can bypass this , it's just a brief)

Alice and Bob wants to generate the same secret number for they can use to encrypt data. (Eve is the bad guy and listening to every transmission over the network).

Alice                       Eve                    Bob

secret 15                                          secret 13    

Alice says to Bob ( let's choose the formula : `3^e % 17`)

                         Eve knows now 3,7


3^secret % 17 =6
3^15 % 17 = 6             ---->                    6    
                       Eve knows now 3,7,6
                                                 3^secret % 17 = 12  
                                                 3^13 % 17 = 12
12                          <----       
                       Eve knows now 3,7,6,12



(bob's 12)^secret %17
12^15 %17 = 10                      


                                                  (Alice's 6)^secret %17 
                                                  6^13 %17 = 10

They got the same number 10 , and it's hard for Eve to try figure 10 with very large numbers

And it's becuase :




(3^13 % 17) ^ 15 %17        is equal to         ((3^15 % 17)^13 %17)

But I was wondering about that : 

(3^13 % 17) ^ 15 %17

It appears that (3^13 % 17) ^ 15 %17 is equal also to (3^13 ) ^ 15 %17

My question is what is the logic behind it. I'm not asking for the accurate mathematical proof , I just want to understand the simple-human-logic behind this.

3 Answers 3

2

Assuming the number and base are positive, all the modulo operator n % 17 does is to give you the last "digit" of $n$ when written in base 17.

Now when you want to calculate the last digit (base 17) of $(n^{13})^{15}$, you could calculate $x=n^{13}$, then raise $x$ to the power $15$, then look at the last digit. In order to raise your big number $x$ to the power $15$, you have to multiply a bunch of numbers (all equal to $x$) together. But if all you care about is the last digit (base 17) of the answer, all you need to know is the last digit of $x$, because when you do a multiplication longhand only the digits in the last column affect the last column of the answer. This is perhaps easier to convince yourself of working in base 10, since that's how we're used to doing long multiplication, but it works equally well in any base -- the last digit of $a\times b$ only depends on the last digits of $a$ and $b$.

  • 0
    n % 17 can yield 0..16 , so it's not just one digit2017-01-30
  • 1
    @RoyiNamir that's why I put "digit" in quotes. Working in base 17, the "digits" can go up to 16 (where I suppose you would write a for 10 and so on up to g for 16). So, for example, $3^5=243=e5_{17}$. $3^{10}=e5_{17}\times e5_{17}=c58_{17}$. But if you only want to know the last "digit" of $e5_{17}\times e5_{17}$ then you just need to use the last digit of $e5_{17}$. Since $5\times 5=18_{17}$, the last (base-17) digit of $e5_{17}\times e5_{17}$ must be $8$.2017-01-30
0

My view is that I don't see modulo as an operation the way computers do. To me, it's a relation, and its symbol looks like ${\cdot}\equiv {\cdot}\pmod{17}$. Two numbers can be checked against one another (we write that by filling in the two numbers where the dots are) and either they fulfill that property, or they don't. This property works well with addition, subtraction, multiplication and exponentiation in the sense that if $$ a\equiv b\pmod{17} $$ is true, then $$ a+n \equiv b+n\pmod{17}\\ a-n \equiv b-n\pmod{17}\\ a\cdot n \equiv b\cdot n\pmod{17}\\ a^n \equiv b^n\pmod{17} $$ are also all true for any integer $n$.

What you do is first saying that $3^{13}\equiv 12\pmod{17}$, in other words, $a = 3^{13}$ and $b = 12$. Then you raise each side of that to the $15$th power, i.e. set $n = 15$ and use the last of the four above properties. The relation therefore still holds.

What a % k does in a computer program is simply to find the smallest natural number $b$ such that $a \equiv b\pmod{k}$. As long as your operations are addition, subtraction, multiplication and exponentiation, it doesn't matter whether you do this reducing step during intermediate calculations or not, precisely by the four properties above.

  • 0
    I dont think its the case here. I perfectly know that applying same actions on both sides- keep the identity. However look at my last lines where it begins with "it appears". Here i removed the first %17 and still it's equal . There are no same operations on two sides here2017-01-27
  • 0
    @RoyiNamir `a % 17` finds the smallest natural number that is equivalent (or "congruent", or "related") to `a` modulo $17$, and one time you feed it `(3^13 % 17)^15` and the other time you feed it `(3^13)^15`. What I'm saying is that `3^13 % 17` (which is `12`) is considered equivalent, as far as the modulo relation goes, to `3^13` (which is `1594323`), and as such, their $15$th power are also considered equivalent. That is why, when you do the last `% 17` , you get the same result.2017-01-27
0

Denoting the Modulo operator % by $\left(\,\text{mod}\,\right)$, we have for all $\,a,b,c,d\in{\mathbb N}^{+}\,$: $$ \left(\,a^{b\,c}\,\right)\color{blue}{\text{mod}}\,d =\left(\,a^{b}\,\,\color{blue}{\text{mod}}\,d\,\right)^{c}\,\,\color{blue}{\text{mod}}\,d =\left(\,a^{c}\,\,\color{blue}{\text{mod}}\,d\,\right)^{b}\,\,\color{blue}{\text{mod}}\,d =\left(\,a\,\color{blue}{\text{mod}}\,d\,\right)^{b\,c}\,\,\color{blue}{\text{mod}}\,d \\[2mm] \small \left(3^{\small13\times15}\right)\text{mod}\,17 =\left(3^{\small13}\,\text{mod}\,17\right)^{\small15}\,\text{mod}\,17 =\left(3^{\small15}\,\text{mod}\,17\right)^{\small13}\,\text{mod}\,17 =\left(3\,\text{mod}\,17\right)^{\small13\times15}\,\text{mod}\,17 $$ Where above identity results from the multiplication distributive property: $$ \left[ a_{\small1}\,.\,a_{\small2}\,.\,a_{\small3}\,.\,\cdots\, \right]\,\color{blue}{\text{mod}}\,d \,=\, \left[ \left(a_{\small1}\,\color{blue}{\text{mod}}\,d\right)\left(a_{\small2}\,\color{blue}{\text{mod}}\,d\right)\left(a_{\small3}\,\color{blue}{\text{mod}}\,d\right) \cdots\, \right]\,\color{blue}{\text{mod}}\,d \,\,\Rightarrow \\[6mm] \begin{align} \left(\,a^{b\,c}\,\right)\color{blue}{\text{mod}}\,d &= \left(\,a^{b}\,\right)^{c}\,\color{blue}{\text{mod}}\,d = \underbrace{\left[a^b.a^b.\,\cdots\,.a^b\right]}_{c\,\text{ times}}\,\,\color{blue}{\text{mod}}\,d \\[2mm] &= \underbrace{\left[\left(\,a^{b}\,\,\color{blue}{\text{mod}}\,d\,\right)\left(\,a^{b}\,\,\color{blue}{\text{mod}}\,d\,\right)\,\cdots\,\left(\,a^{b}\,\,\color{blue}{\text{mod}}\,d\,\right)\right]}_{c\,\text{ times}}\,\,\color{blue}{\text{mod}}\,d = \left(\,a^{b}\,\,\color{blue}{\text{mod}}\,d\,\right)^{c}\,\,\color{blue}{\text{mod}}\,d \end{align} $$
$$ \begin{align} {\small\text{Let:}}\,a_{\small1}=q_{\small1}.d+r_{\small1}\,, &\quad a_{\small2}=q_{\small2}.d+r_{\small2}\,, \quad a_{\small3}=q_{\small3}.d+r_{\small3}\,, \,\,\cdots \\[2mm] \left[ a_{\small1}\,a_{\small2}\,a_{\small3}\,\cdots\, \right]\,\text{mod}\,d &=\left[ \left(q_{\small1}.d+r_{\small1}\right)\,\left(q_{\small2}.d+r_{\small2}\right)\,\left(q_{\small3}.d+r_{\small3}\right)\,\cdots\, \right]\,\text{mod}\,d \\[2mm] &\quad \,\,\{{\small\text{ all terms will have a power of }}\,\,d\,\, {\small\text{ except the last term }}\} \\[2mm] &= \left[ {\large\alpha}\left(q_{\small1},r_{\small1},q_{\small2},r_{\small2},q_{\small3},r_{\small3},\cdots\right).d+\left(r_{\small1}\,r_{\small2}\,r_{\small3}\,\cdots\,\right) \right]\,\text{mod}\,d \\[2mm] &= \left[\,r_{\small1}\,r_{\small2}\,r_{\small3}\,\cdots\, \right]\,\text{mod}\,d \quad\qquad\{{\small\left(\alpha.d\right)\,\text{mod}\,d=0}\} \\[2mm] &= \left[ \left(a_{\small1}\,\text{mod}\,d\right)\left(a_{\small2}\,\text{mod}\,d\right)\left(a_{\small3}\,\text{mod}\,d\right) \cdots\, \right]\,\text{mod}\,d \\[2mm] \end{align} $$