Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [congruence]

If two numbers $b$ and $c$ have the property that their difference $b-c$ is integrally divisible by a number $m$ (i.e., $(b-c)/m$ is an integer), then $b$ and $c$ are said to be "congruent modulo $m$."

If two numbers $b$ and $c$ have the property that their difference $b-c$ is integrally divisible by a number $m$ (i.e., $(b-c)/m$ is an integer), then $b$ and $c$ are said to be "congruent modulo $m$."

The number $m$ is called the modulus, and the statement "$b$ is congruent to $c$ (modulo $m$)"; mathematically written as $b≡c \pmod{m}$.

If $b-c$ is not integrally divisible by $m$, then it is said that "$b$ is not congruent to $c$ (modulo $m$),"; mathematically written as $b≢c \pmod{m}$.

The explicit $\pmod{m}$ is sometimes omitted when the modulus $m$ is understood by context, so in such cases, care must be taken not to confuse the symbol $≡$ with the equivalence sign.

The quantity $b$ is sometimes called the "base," and the quantity $c$ is called the residue or remainder. There are several types of residues. The common residue defined to be non-negative and smaller than $m$, while the minimal residue is $c$ or $c-m$, whichever is smaller in absolute value.

20 questions
10
votes
2 answers

Significance of 3mod4 in squares and square roots mod n?

Why do most literature while discussing squares or square root modulo a prime P, consider P to be congruent to 3 mod 4?
Kiran
  • 203
  • 2
  • 3
  • 7
6
votes
1 answer

Crack linear congruential generator knowing every other word in sequence

I need to crack one of the example of linear congruential generator. I have $X_{n+1} = (a \cdot X_n + b) \bmod m$ and I know every other word in the output sequence: ..., 3158, ..., 1888, ..., 1285, ..., 1744, ..., 253, ..., 722, ... The question is…
Gravian
  • 195
  • 1
  • 7
5
votes
2 answers

Safe elliptic curve point addition using projective coordinates: How do I tell if the points are the same?

I am trying to implement elliptic curve point addition in hardware for NIST p256 and p384 curves. I have noticed the following issue with the suggested NIST routines: Consider routine 2.2.7 of http://www.nsa.gov/ia/_files/nist-routines.pdf: Point…
user11886
  • 51
  • 2
3
votes
0 answers

Finding the cycle sets of an LCG

My LCG has the form: $$S_0 = k$$ $$S_{n+1} = S_n \times a + 1 \pmod m$$ Each choice of $k$ generates a different sequence but in some cases a sequence may just be a cyclic shift of another. In this case we say the two sequences are equivalent. This…
mbuke
  • 31
  • 1
3
votes
1 answer

What's causing the poor randomness in this program: the LCG, or the program logic itself?

(Crypto Gods, I should begin by stressing that I haven't lost my mind: I'm not doing this in real life, I'm just trying to understand the theory behind what's happening. With your help, hopefully I can do that.) Let's say I choose the parameters for…
user17140
  • 33
  • 2
3
votes
2 answers

How can I solve congruence modulo N?

I am trying to solve congruences of the form $$J_A \cdot a^e\equiv 1 \pmod n$$ where $n=pq$ for $p,q$ prime and $\gcd(e,\varphi(n))=\gcd(J_A,n)=1$ Solve for $a\in \mathbb{Z}$, in terms of $n,J_A$ and $e$. I am using example from GQ signature scheme…
user5507
  • 1,933
  • 5
  • 21
  • 29
2
votes
1 answer

About Naccache-Stern higher residue cryptosystem definition

About the Naccache-Stern cryptosystem, I have found two different encryption algorithms: In the original paper from Naccache and Stern, the encryption step is performed by calculating $c = g^m \hspace{2mm} (mod \hspace{2mm} n)$, with $m$ being the…
hectorvr14
  • 23
  • 3
1
vote
2 answers

What exactly means to sample from the set of congruence classes?

Say one is doing some cryptography around the set of congruence classes, namely: $$\mathbb{Z}/n\mathbb{Z} = \mathbb{Z}_n = \{[0]_n, [1]_m, \dots, [n-1]_n\}.$$ Sometimes we use to write $a \leftarrow_R \mathbb{Z}_n$ to denote that we are sampling an…
Bean Guy
  • 772
  • 3
  • 11
1
vote
0 answers

RSA congruence (n is not given)

it might be a silly question but i need help please given RSA system , where $n=pq , p\ and \ q \ are \ primes $ , $ v_0,v_1,v_2, v_3 \ are \ known $ $p^p \equiv v_0 \mod q$ $q^q \equiv v_1 \mod p$ $q^p + p^q \equiv v_2 \mod pq$ $(p+q)^{p+q} …
hardyrama
  • 2,288
  • 1
  • 17
  • 41
1
vote
0 answers

How to get unknown constants from linear congruential generator

I need to crack this linear congruential generator. I have $$X_{n+1}=a⋅X_n +b \pmod m$$ I know: $m=31,X_3=30,X_4=19,X_5=26$ How can I find $a,b$ and $X_0$? I have got already the following equations: $$26=a \cdot 19+b \pmod{31}$$ $$19=a \cdot…
Antoshka
  • 11
  • 2
1
vote
0 answers

Geometry of the outputs of linear congruential random number generators

I learned that possible $m$ long sequences produced by linear congruential random number generators(of the form $r_{i+1}\equiv ar_i+b \mod n$) fall on hyperplanes. Using this fact I have come to think it might be possible to significantly narrow…
JeWe37
  • 11
  • 1
1
vote
0 answers

Determining the Parity of Exponent b in Modular Exponentiation Given Three Known Values

I have three numbers x, a, and c, where both a and c are odd numbers. The number x is the output of the following function: $$ x = a^b\!\!\!\!\!\!\!\mod{c} $$ I am attempting to determine whether the input exponent, b, was an odd or even number…
Puneet Jain
  • 11
  • 1
1
vote
1 answer

Solve congruent equation likes N = p*q c1 = (2*p + 3*q)**e1 mod N c2 = (5*p + 7*q)**e2 mod N

Here is a CTF crypto challenge likes(its write up is public on https://ctftime.org/writeup/15438): $$N = p*q\\ c1 = (2*p + 3*q)^{e_{1}} mod N\\ c2 = (5*p + 7*q)^{e_{2}} mod N$$ After i transform these: $$(c^{e_2}_1)\equiv…
Ayumi80s
  • 23
  • 3
1
vote
0 answers

What is the proof that the RSA is collision-free?

We have the RSA function: $c = m^e (mod n)$. I would like to know the proof that there is not an $m_1$ and an $m_2$ message that produce the same $c$. My thoughts: We know that $m \le n$, so $m_1 \ncong m_2 (mod n)$. We also know that if $a \cong b…
Jakab Martin
  • 11
  • 1
1
vote
0 answers

Possible plain text needed on a congruence modulo - based encryption

Suppose m is a positive integer converted from the plain text in bytes. And there are two positive integers a, b which satisfies $a^2=1+4919b^2$ in the encryption process. (a and b are both unknown) The cipher text is x which satisfies $x = (am+b)…
Raine Huang
  • 11
  • 3
1
2