GENERALIZED ARYABHATA REMAINDER THEOREM

Transcription

1 International Journal of Innovative Computing, Information and Control ICIC International c 2010 ISSN Volume 6, Number 4, April 2010 pp GENERALIZED ARYABHATA REMAINDER THEOREM Chin-Chen Chang 1, Jieh-Shan Yeh 2 and Jen-Ho Yang 3 1 Department of Information Engineering and Computer Science Feng Chia University Taichung 40724, Taiwan ccc@cs.ccu.edu.tw 2 Department of Computer Science and Information Management Providence University 200 ChungChi Rd., Taichung 43301, Taiwan jsyeh@pu.edu.tw 3 Department of Computer Science and Information Engineering National Chung Cheng University Chiayi 621, Taiwan jenho@cs.ccu.edu.tw Received October 2008; revised March 2009 Abstract. The Chinese Remainder Theorem (CRT) and the Generalized Chinese Remainder Theorem (GCRT) are widely employed in signal processing, information coding, and cryptography. However, CRT and GCRT must compute the modular operation with a large number in the final step, which is a time-consuming operation. Instead, the Aryabhata Remainder Theorem (ART) reduces the computation time without computing such large modular operation. However, to the best of our knowledge, no previously published works discuss any variation of ART. Therefore, this study proposes the Generalized Aryabhata Remainder Theorem (GART) which is the first work that discusses the generalized version of ART. Unlike the time complexities of the GCRT, which is O(n 2 t 2 ), GART is just O(n t 2 ), where n is the number of moduli and t is the number of bits in each modulus. Therefore, the proposed GART is more efficient than GCRT. Keywords: Aryabhata remainder theorem, Chinese remainder theorem, Residue number system 1. Introduction. In recent years, Residue Number System (RNS) is a popular research in computing large number arithmetic because of its properties of parallel, carry-free and high-speed arithmetic [9]. In RNS, a number is moduloed by the selected moduli, and the number is represented by a vector of several residues. Therefore, the computations in RNS are performed on each residue independently. That is, a large number is separated into several small residues for parallel computing on a multi-processor computer. To apply RNS for large number arithmetic, the conversion between RNS and the binary number system is an important issue. Thus, the literature discloses many conversion algorithms with specific moduli in RNS [1,4,5,7,12]. The common method for the conversion with general moduli in RNS uses the Chinese Remainder Theorem (CRT). An integer is easily reconstructed from its residues which are moduloed by the moduli in RNS. Moreover, CRT can be applied to many applications, such as signal processing, information coding, cryptography, etc. Besides, many generalized version of CRT also have been proposed [2,3,6,11]. The Generalized CRT (GCRT) [1] is a variation of the conventional CRT. In some applications, such as image coding [10,13], GCRT is more practical and flexible than CRT because GCRT additionally provides an 1865

2 1866 C.-C. CHANG, J.-S. YEH AND J.-H. YANG extra modulus. However, both CRT and GCRT need to compute the modular arithmetic with a large number, which is the product of all moduli. This disadvantage increases their computation time. On the other hand, Rao and Yang proposed the Aryabhata Remainder Theorem (ART) [8], which solves the conversion problem with two moduli in RNS. They also introduced an extension of ART to any number of moduli, which solves the conversion problem with n congruencies in RNS. Comparing with CRT and GCRT, ART does not compute the large modular arithmetic. Consequently, ART greatly reduces the conversion time. However, to the best of our knowledge, no previously published works discuss any variation of ART. Therefore, this study proposes the Generalized Aryabhata Remainder Theorem (GART). Research s Contributions. The main contributions of the proposed GART are as follows: 1. Practicality: Like GCRT [2], the proposed GART possesses an additional modulus so that it can be applied to many applications, such as access control, database, and cryptosystems. 2. Efficiency: With n moduli, the time complexity of the GCRT is O(n 2 t 2 ), where t is the number of bits in each modulus. The proposed GART only requires O(n t 2 ). Thus, the proposed GART has less computation time and is more efficient than the GCRT. The above description explains that the proposed GART is more practical and efficient than the previous works. The rest of this paper is organized as follows. First, Section 2 reviews the related works. Then, Section 3 offers the proposed generalized Aryabhata Remainder Theorem. Section 4 provides the performance analysis. Finally, Section 5 presents the study s conclusions. 2. Related Works. This section reviews the Chinese Remainder Theorem (CRT), the Generalized Chinese Remainder Theorem (GCRT), and the Aryabhata Remainder Theorem (ART) Chinese remainder theorem (CRT). In RNS, a number is represented by the residues using a set of relatively prime moduli {m 1, m 2,, m n } satisfying GCD(m i, m j ) = 1 for i j, where GCD(m i, m j ) denotes the greatest common divisor of m i and m j. For an integer X, its RNS-representation is denoted as (r 1, r 2,, r n ), where r i = X mi = X mod m i for i = 1, 2,, n. According to CRT [9], the RNS-representation number r i = X mi = X mod m i is converted into its decimal representation X by the equation: X M = n i=1 m i r i m 1 i mi M, (1) where M = n i=1 m i, m i = M/m i, and m 1 i mi is the multiplicative inverse of m i modulo m i. Example 2.1 illustrates CRT as follows. Example 2.1. Convert the RNS-representation number (2, 4, 1) with the moduli set {3, 5, 7} into its decimal representation X. According to CRT, M = = 105, m 1 = 5 7 = 35, m 2 = 3 7 = 21, m 2 = 3 5 = 15, m 1 1 m1 = 2, m 2 1 m2 = 1, and m 3 1 m3 = 1. Then, the decimal representation of the RNS-representation number (2, 4, 1) is X 30 = = = 29.

3 GENERALIZED ARYABHATA REMAINDER THEOREM Generalized Chinese remainder theorem (GCRT). GCRT is a variation of CRT. Compared with CRT, an additional modulus k is provided during the computations in GCRT. GCRT is introduced as follows. Given a set of relatively prime moduli {m 1, m 2,, m n } and an additional modulus k, where k < Min{m i } for i = 1, 2,, n. In GCRT, an integer X can be represented as (x 1, x 2,, x n ) satisfying Max{x i } < k < Min{m i }, where x i = X/m i mod k for i = 1, 2,, n. According to GCRT [6], the number X can be computed from n-tuple (x 1, x 2,, x n ) by the equation X km = n i=1 m i a i b i km, where M = n i=1 m i, m i = k n j=1,j i m j, m i a i = k mod (k m i ), and b i = x i m i /k. Example 2.2 illustrates GCRT. Example 2.2. Given a set of moduli {11, 13, 17} and a general modulus k = 8 find the number X = (x 1, x 2, x 3 ) = (6, 2, 6) using GCRT. According to GCRT, M = = 2431, m 1 = = 1768, M 2 = = 1768, m 3 = = 1144, a 1 = 1, a 2 = 8, a 3 = 5, b 1 = 6 11/8 = 9, b 2 = 2 13/8 = 4, and b 3 = 6 17/8 = 13. Then, X = = = The solution is verified as follows: x 1 = 2008/11 mod 8 = 182 mod 8 = 6, x 2 = 2008/13 mod 8 = 154 mod 8 = 2, x 3 = 2008/17 mod 8 = 118 mod 8 = Aryabhata remainder theorem (ART). Assume that there are two relatively prime moduli m 1 and m 2. Let r 1 = X mod m 1, r 2 = X mod m 2, and M = m 1 m 2. According to ART [7], X has a unique solution in Z M, and the solution is computed by the equation X = m 1 (r 2 r 1 ) m 1 1 m2 + r 1. The proof of ART is shown in [8]. Example 2.3 demonstrates an example of ART. Example 2.3. Given two relatively prime moduli m 1 = 13 and m 2 = 17. Let r 1 = X mod 13 = 11 and r 2 = X mod 17 = 8, find X using ART. According to ART, X can be computed by the equation X = m 1 (r 2 r 1 ) m 1 1 m2 + r 1 = 13 (8 11) = 76. The solution is verified as follows: 76 mod 13 = 11 = r 1 and 76 mod 17 = 8 = r 2. Both above-mentioned CRT and GCRT have to compute modular operations with a large number, which is the product of all moduli. This time-consuming operation greatly increases the computation time. However, ART does not have to compute such time-consuming operation. Thus, this research investigates the Generalized Aryabhata Remainder Theorem (GCRT) to avoid large modular arithmetic in GCRT. 3. Generalized Aryabhata Remainder Theorem (GART). This section first presents the proposed GART with two moduli and further extends the proposed GART to n moduli for the general case GART with two moduli. The following Lemma 3.1 and Theorem 3.1 are necessary for establishing the proposed GART. Lemma 3.1. Let m 1 and m 2 be two relatively prime moduli, and k be a positive integer. Given q 1 = X mod (k m 1 ) and q 2 = X mod (k m 2 ) satisfying q 2 q 1 = 0 mod k, then X has a unique solution in Z km1 m 2 computed by X = k m 1 (q 2 q 1 )/k m 1 1 m2 + q 1. Theorem 3.1. Let m 1 and m 2 be two relatively prime moduli, and k be a positive integer. Given two equations x/m 1 = x 1 mod k and x/m 2 = x 2 mod k, where Max{x 1, x 2 } < k < Min{m 1, m 2 }. For any pair (r 1, r 2 ) satisfying 0 r 1 < m 1, 0 r 2 < m 2, and x 2 m 2 x 1 m 1 + r 2 r 1 = 0 mod k, X has a solution in Z km1 m 2 given by X = k m 1 (x 2 m 2 x 1 m 1 + r 2 r 1 )/k m 1 1 m2 + x 1 m 1 + r 1.

4 1868 C.-C. CHANG, J.-S. YEH AND J.-H. YANG To increase the readablility of the section, the detailed proofs of Lemma 3.1 and Theorem 3.1 are offered in Appendixes. Corollary 3.1 states the proposed GART as follows. Corollary 3.1. Generalized Aryabhata Remainder Theorem (GART): Let m 1 and m 2 be two relatively prime moduli, and k be a positive integer. Given two equations x/m 1 = x 1 mod k and x/m 2 = x 2 mod k, where Max{x 1, x 2 } < k < Min{m 1, m 2 }, X = k m 1 ( x 2 m 2 x 1 m 1 )/k m 1 1 m2 + x 1 m 1 is one solution in Z km1 m 2. Proof: By Theorem 3.1, one solution is obtained from the equation X = k m 1 (x 2 m 2 x 1 m 1 + r 2 r 1 )/k m 1 1 m2 + x 1 m 1 + r 1 if r 1 and r 2 are properly assigned. Thus, simply let r 1 = 0 and r 2 be the smallest integer such that the equation (x 2 m 2 x 1 m 1 +r 2 ) can be a multiple of k, the equation X = k m 1 ( x 2 m 2 x 1 m 1 )/k m 1 1 m2 + x 1 m 1 (2) derives one solution in Z km1 m 2. An example of the proposed GART is illustrated as follows. Example 3.1. Given a set of two relatively prime moduli {m 1, m 2 } = {11, 13} and a general modulus k = 8, find X satisfying X/11 = 0 mod 8 and X/13 = 7 mod 8 using the proposed GART. The proposed GART ensures the following equation. X = k m 1 ( x 2 m 2 x 1 m 1 )/k m 1 1 m2 + x 1 m 1 = 8 11 ( )/ = = 616. The solution is verified as 616/11 mod 8 = 0 and 616/13 mod 8 = GART with n moduli. To extend the 2-modulus GART introduced in Subsection 3.1, this subsection presents an iterative GART algorithm with n moduli in this Subsection. Given a set of relatively prime moduli {m 1, m 2,, m i } and an additional modulus k satisfying k < Min{m i } for i = 1, 2,, n. Assume that an integer X is represented by n-tuple {x 1, x 2,, x i } satisfying Max{x i } < k < Min{m i }, where x i = X/m i mod k for i = 1, 2,, n. Then, X is computed by the proposed iterative GART algorithm shown as follows. Input: ({x 1, x 2,, x i }, {m 1, m 2,, m i }, k) Output: X 1. M 1 m 1, X 1 = x 1 m for i = 2 to n do 3. M i M i 1 m i. 4. X i k M i 1 ( X i m i X i 1 )/k (M i 1 ) 1 mi + X i 1 5. end for. 6. Return X n. In this algorithm M i, k M i 1 and (M i 1 ) 1 mi are precomputed to reduce the processing time. The proposed algorithm is illustrated in Example 3.2 as follows. Example 3.2. Given a set of relatively prime moduli {m 1, m 2, m 3, m 4 } = {11, 13, 17, 19} and a general modulus k = 8, find X satisfying X/11 = 7 mod 8, X/13 = 6 mod 8, X/17 = 5 mod 8, and X/19 = 4 mod 8. According to the proposed algorithm, X is obtained by three rounds shown as follows. Round 1 (i = 2): 1. M 2 = M 1 m 2 = m 1 m 2 = 143, X 1 = x 1 m 1 = 7 11 = X 2 =k M 1 ( x 2 m 2 X 1 )/k (M 1 ) 1 m2 + X 1

5 GENERALIZED ARYABHATA REMAINDER THEOREM 1869 =8 11 ( )/8 (11) = =605. Round 2 (i = 3): 1. M 3 = M 2 m 3 = m 1 m 2 m 3 = X 3 =k M 2 ( x 3 m 3 X 2 )/k (M 2 ) 1 m3 + X 2 =8 143 ( )/8 (143) = = Round 3 (i = 4): 1. M 4 = M 3 m 4 = m 1 m 2 m 3 m 4 = X 4 =k M 3 ( x 4 m 4 X 3 )/k (M 3 ) 1 m4 + X 3 = ( )/8 (2431) = = /11 mod 8 = 7, /13 mod 8 = 6, /17 mod 8 = 5, and /19 mod 8 = 4 verify the correctness of the solution. 4. Performance Analysis. This section analyzes the time complexities of GCRT and GART. Suppose that the number of moduli is n. According to Subsection 2.2, GART computes the equation X km = n i=0 m i a i b i km, where M = n i=1 m i, m i = k n j=1,j i m j, m i a i = k kmi, and b i = x i m i /k. Here, k M and m i a i can be precomputed. Therefore, it requires 2n multiplications, n divisions, (n 1) additions, and one modular operation. To analyze the computation complexity, each modulus m i is assumed to be about t digits. For simplicity, k is also assigned to be t digits. Therefore, the addition and multiplication of two moduli need t and t 2 bit operations, respectively. Then, the computation cost of division is the same with that of multiplication. In addition, performing a modular operation with t-bit modulus costs t 2 bit operations. Thus, the total computation cost of GCRT is about 3n t 2 + (n 1) t + ((n + 1) t) 2 bit operations, where (n + 1) t is the number of digits in k M. Finally, the time complexity of CRT is O(n 2 t 2 ). According to the proposed GART with n moduli, X i = k M i 1 ( x i m i X i 1 /k ) M i 1 1 mi + X i 1 (3) is computed in each round, where M 1 = m 1, X 1 = x 1 m 1, i = 2, 3,, n, and M i = M i 1 m i. Thus, it requires two multiplications, one subtraction, one division, and one modular operation in each round. Here, k M i 1 (M i 1 ) 1 mi can be precomputed. Therefore, the total computation cost is (n 1) (2t 2 + t 2 + 2t), where (n 1) is the number of execution rounds. Finally, the time complexity of the proposed GART is O(n t 2 ). Compared with GCRT, the proposed GART greatly reduces the computation time. 5. Conclusions. This research proposes an efficient GART without large modular arithmetic and further extends the proposed GART to the n-modulus system. According to the performance analysis in Section 4, the proposed GART significantly reduces the computational complexity in O(n t 2 ). In the future, research needs to offer and investigate the parallel algorithm for the proposed GART on a multi-processor architecture to make the method more efficient in practice. REFERENCES [1] N. B. Chakraborti, J. S. Soundararajan and A. L. Reddy, An implementation of mixed-radix conversion for residue number applications, IEEE Transactions on Computers, vol.35, no.8, pp , 1986.

6 1870 C.-C. CHANG, J.-S. YEH AND J.-H. YANG [2] C. C. Chang and C. H. Lin, A reciprocal confluence tree unit and its applications, BIT, vol.30, no.1, pp.27-33, [3] R. Conway and J. Nelson, Fast converter for 3 moduli RNS using new property of CRT, IEEE Transactions on Computers, vol.48, no.8, pp , [4] A. A. Hiasat and H. S. Abdel-Aty-Zohdy, Residue-to-binary arithmetic converter for the moduli set (2 k, 2 k 1, 2 k 1 1), IEEE Transactions on Circuits and Systems II: Analog and Digital Signal Processing, vol.45, no.2, pp , [5] A. A. Hiasat, Efficient residue to binary converter, IEE Proc. on Computers and Digital Techniques, vol.150, no.1, pp.11-16, [6] Y. P. Lai and C. C. Chang, A parallel computational algorithms for generalized Chinese remainder theorem, Computers and Electrical Engineering, vol.29, no.8, pp , [7] A. Premkumar, An RNS to binary converter in 2n+1, 2n, 2n-1 moduli set, IEEE Transactions on Circuits and Systems II: Analog and Digital Signal Processing, vol.39, no.7, pp , [8] T. R. N. Rao and C. H. Yang, Aryabhata remainder theorem: Relevance to public-key cryptoalgorithms, Circuits, Systems, and Signal Processing, vol.25, no.1, pp.1-15, [9] N. Szabo and R. Tanaka, Residue Arithmetic and Its Applications to Computer Technology, McGraw Hill, New York, [10] Q. She, H. Su, L. Dong and J. Chu, Support vector machine with adaptive parameters in image coding, International Journal of Innovative Computing, Information and Control, vol.4, no.2, pp , [11] Y. Wang, Residue-to-binary converters based on new Chinese remainder theorem, IEEE Transactions on Circuits and Systems II: Analog and Digital Signal Processing, vol.47, no.3, pp , [12] W. Wang, M. N. S. Swamy, M. O. Ahmad and Y. Wang, A study of the residue-to-binary converters for the three-moduli sets, IEEE Transactions on Circuits and Systems I: Fundamental Theory and Applications, vol.50, no.2, pp , [13] Z. Zhang and Y. Zhao, Multiple description image coding based on fractal, International Journal of Innovative Computing, Information and Control, vol.3, no.6(b), pp , Appendixes. Lemma 5.1. Let m 1 and m 2 be two relatively prime moduli, and k be a positive integer. Given q 1 = X mod (k m 1 ) and q 2 = X mod (k m 2 ) satisfying q 2 q 1 = 0 mod k, then X has a unique solution in Z km1 m 2 computed by X = k m 1 (q 2 q 1 )/k m 1 1 m2 + q 1. Proof: First we show that X Z km1 m 2. Since q 1 = X mod (k m 1 ), we have q 1 < k m 1. Thus, X = k m 1 (q 2 q 1 )/k m 1 1 m2 + q 1 < k m 1 ( (q 2 q 1 )/k m 1 1 m2 + 1). Besides, (q 2 q 1 )/k m 1 1 m2 Z m2, it implies 0 (q 2 q 1 )/k m 1 1 m2 m 2 1. Therefore, we have 0 X < k m 1 m 2, so that X Z km1 m 2. Second, we show that q i = X mod (k m i ) for i = 1 and 2. Clearly, q 1 = X mod (k m 1 ) holds because k m 1 (q 2 q 1 )/k m 1 1 m2 is a multiple of k m 1. On the other hand, since q 2 q 1 = 0 mod k, so (q 2 q 1 )/k is an integer. It is clear to have m 1 (q 2 q 1 )/k m 1 1 m2 = (q 2 q 1 )/k mod m 2. By multiplying k to the equation, we have k m 1 (q 2 q 1 )/k m 1 1 m2 = k (q 2 q 1 )/k = (q 2 q 1 ) mod (k m 2 ). Therefore, X = k m 1 (q 2 q 1 )/k m 1 1 m2 + q 1 = q 2 mod (k m 2 ). Third, we show that X has a unique solution in Z km1 m 2. If Y Z km1 m 2 is another solution, then X Y = 0 mod (k m 1 ) and X Y = 0 mod (k m 2 ). Because m 1 and m 2 are two relatively prime moduli, X Y = 0 mod (k m 1 m 2 ). Therefore, we have X = Y. Theorem 5.1. Let m 1 and m 2 be two relatively prime moduli, and k be a positive integer. Given two equations X/m 1 = x 1 mod k and X/m 2 = x 2 mod k, where Max{x 1, x 2 } < k < Min{m 1, m 2 }. For any pair (r 1, r 2 ) satisfying 0 r 1 < m 1, 0 r 2 < m 2, and x 2 m 2 x 1 m 1 + r 2 r 1 = 0 mod k, X has a solution in Z km1 m 2 given by X = k m 1 (x 2 m 2 x 1 m 1 + r 2 r 1 )/k m 1 1 m2 + x 1 m 1 + r 1.

7 GENERALIZED ARYABHATA REMAINDER THEOREM 1871 Proof: Since X/m 1 = x 1 mod k and X/m 2 = x 2 mod k, we assume X/m 1 = a 1 k + x 1 and X/m 2 = a 2 k + x 2, for some integers a 1 and a 2. Moreover, X = (a 1 k + x 1 ) m 1 + r 1 and X = (a 2 k + x 2 ) m 2 + r 2, where 0 r 1 < m 1 and 0 r 2 < m 2. That is, X = x i m i + r i mod (k m i ) for i = 1 and 2. By Lemma 5.1, X = k m 1 (x 2 m 2 x 1 m 1 + r 2 r 1 )/k m 1 1 m2 + x 1 m 1 + r 1 is a unique solution in Z km1 m 2 if x 2 m 2 x 1 m 1 + r 2 r 1 = 0 mod k. The theorem is asserted.