Solve for the unknown x in the following equation:
ax ≡ b mod n
given a , b and n .
Consider the subgroup of ( Zn, +n ), i.e., { a x : x > 0 } = { ax mod n : x > 0 } = < a >. Thus the above equation has a solution if and only if b ∈< a >.
Theorem 1 :
For any positive integers a and n , if d = gcd( a , n ), then < a > = < d > = {0, d , 2 d , 3 d , …., (( n / d )-1)/ d } in Znand thus |< a >| = n / d .
Proof :
We have to show that < a > = < d >. First we show < d > ⊆ < a > . Since d = gcd ( a , b ) we have x , y ∈ Zn+ such that d = ax + ny . If either x or y returned by EXTENDED-EUCLID is negative we consider them as [ n + x ] n or [ n + y ] n respectively. Thus ax ≡ d mod n ⇒ d ∈ < a > ⇒ d is some multiple of a . All others members of < d > belongs to < a > since they are multiple of d ⇒ multiple of multiple of a .
Now we show < a > ⊆ < d >. Pick an arbitrary element m ≡ ax mod n ∈ < a > ⇒ m = ax + ny ⇒ d | m (since d | a and d | n ) ⇒ m ∈ < d >. Combining these result < a > = < d > 
Corollary 1:
The equation ax ≡ b (mod n ) is solvable for the unknown x if and only if gcd( a , n ) | b .
Theorem 2: Let d = gcd ( a , n ) and suppose that d = ax'+ ny' for some integers x' and y ' . If d | b then the equation ax ≡ b mod n has one of its solutions x0 as:
x0 = x' ( b / d ) mod n
Proof: We have to show ax0 ≡ b mod n . From the given condition we know ax' ≡ d mod n . Thus ax0 ≡ ax' ( b / d ) mod n ≡ d ( b / d ) mod n ≡ b mod n .
Theorem 3: Consider the modular linear equation ax ≡ b mod n . If d = gcd( a , n ) and d | b and that x0 is any solution to this equation then this equation has d distinct solutions:
xi = x 0 + i ( n / d ) for i = 0, 1, …, d -1