Modulo Arithmetic

Based on the modulo operations in Theorem A-2.1.1, we can derive the following properties of modulo arithmetic:

$⟨$ Theorem A-2.1.2 $⟩$ Properties of Modulo Arithmetic

1.

Associative:

(a \cdot b) \cdot c \equiv a \cdot (b \cdot c) mod q

2.

Commutative:

(a \cdot b) \equiv (b \cdot a) mod q

3.

Distributive:

(a \cdot (b + c)) \equiv ((a \cdot b) + (a \cdot c)) mod q

4.

Interchangeable: Congruent values are interchangeable in modulo arithmetic.

For example, suppose $(a \equiv b mod q)$ and $(c \equiv d mod q)$ . Then, $a$ and $b$ are interchangeable, and $c$ and $d$ are interchangeable in modulo arithmetic as follows:

$(a + c) \equiv (b + d) \equiv (a + d) \equiv (b + c) mod q$

$(a - c) \equiv (b - d) \equiv (a - d) \equiv (b - c) mod q$

$(a \cdot c) \equiv (b \cdot d) \equiv (a \cdot d) \equiv (b \cdot c) mod q$

The proof of Theorem A-2.1.2 is similar to that of Theorem A-2.1.1, which we leave as an exercise for the reader.

A-1.2.1 Inverse

$⟨$ Definition A-1.2.1 $⟩$ Inverse in Modulo Arithmetic

In modulo $q$ (i.e., in the world of remainders where all numbers have been divided by $q$ ), for each $a \in {0, 1, 2, \dots, q - 1}$ :

Additive Inverse of $a$ is denoted as $a_{+}^{- 1}$ which satisfies $a + a_{+}^{- 1} \equiv 0 mod q$ . For example, in modulo 11, $3_{+}^{- 1} = 8$ , because $3 + 8 \equiv 0 mod 11$ .
Multiplicative Inverse of $a$ is denoted as $a_{*}^{- 1}$ which satisfies $a + a_{*}^{- 1} \equiv 1 mod q$ . For example, in modulo 11, $3_{*}^{- 1} = 4$ , because $3 \cdot 4 \equiv 1 mod 11$ .

A-1.2.2 Modulo Division

In modulo arithmetic, modulo division is different from regular numeric division. Strictly speaking, there is no such thing as modulo division because the modulo operation itself is a form of division that returns only the remainder. modulo division of

b

a mod q

is equivalent to computing the modulo multiplication

b \cdot a_{*}^{- 1} mod q

. The result of modulo division is different from that of numeric division, because modulo division always gives an integer (as it multiplies two integers modulo

q

), whereas numeric division gives a real number. The inverse of an integer modulo

q

can be computed using the extended Euclidean algorithm (YouTube tutorial)

A-1.2.3 Centered Residue Representation

Throughout this section, we have assumed that the residues are positive integers. For example, the possible residues modulo

q

are assumed to be

{0, 1, \dots, q - 1}

. This system is called the canonical (i.e., unsigned) residue representation. On the other hand, there is also a counterpart system that assumes signed (i.e., centered) residues

{- \frac{q}{2}, - \frac{q}{2} + 1, \dots, 0, \dots, \frac{q}{2} - 2, \frac{q}{2} - 1}

, where the residues are centered around

0

and the total number of residues is the same, namely

q

. In both systems, a modulo operation changes a given value to another value within the system’s residue range such that: (1) if the given value is bigger than the upper bound of the residue range, the value is subtracted by the modulus

q

; (2) if the value is smaller than the lower bound of the residue range, the value is added by the modulus

q

. The only difference between these two (canonical and centered) systems is their upper bounds and lower bounds:

0

and

q - 1

in the canonical residue system, whereas

- \frac{q}{2}

and

\frac{q}{2} - 1

in the centered residue system. The canonical residue representation assumes that

ℤ_{q} = {0, 1, \dots, q - 1}

, whereas the centered residue system assumes that

ℤ_{q} = {- \frac{q}{2}, - \frac{q}{2} + 1, \dots, 0, \dots, \frac{q}{2} - 2, \frac{q}{2} - 1}

In both systems, the same modulo property of addition, subtraction, multiplication, and division holds, which can be proved by applying the same reasoning described in §A-1.2: the same properties hold in both systems because any two congruent residues in the centered system are separated by the

𝑘𝑞

gaps (for some integer

k

) in both systems.

Also, the same property holds for an inverse: an inverse of

a

modulo

q

a^{- 1}

such that

a \cdot a^{- 1} \equiv 1 mod q

Using a signed residue representation is useful in certain cases. In an example of canonical (i.e., unsigned) residue representation, suppose we have the relation

a + b mod q

and we know that in a given application,

a + b

is guaranteed to be within the

[0, q - 1]

range (i.e.,

0 \leq a + b \leq q - 1

). Then,

(a + b mod q)

a + b

, and thus we can remove the modulo operation, simplifying the relation. Now, suppose a different example of centered (i.e., signed) residue representation where we have the relation

a - b mod q

, and we know that in a given application,

a - b

is guaranteed to be within the range

[- \frac{q}{2}, \frac{q}{2} - 1]

. Then,

(a - b mod q) = a - b

. However, notice that if the relation

a - b mod q

were in a canonical residue representation, then we cannot remove the modulo operation, because if

a - b

is negative, then this becomes smaller than the lower bound of the canonical residue system (i.e.,

0

), and thus a modulo reduction (i.e., addition by one or more

q

) is needed.

In §D-5.8, we design the FastBConvEx operation based on this beneficial property of centered residue representation: in this algorithm design, we can simplify

(μ + u mod b_{α})

μ + u

, because we know that

- \frac{b_{α}}{2} \leq μ + u < \frac{b_{α}}{2}

A-1.2 Modulo Arithmetic

A-1.2.1 Inverse

A-1.2.2 Modulo Division

A-1.2.3 Centered Residue Representation