ax b mod m. has a solution if and only if d b. In this case, there is one solution, call it x 0, to the equation and there are d solutions x m d

Similar documents
LECTURE 4: CHINESE REMAINDER THEOREM AND MULTIPLICATIVE FUNCTIONS

CHAPTER 3. Congruences. Congruence: definitions and properties

The Chinese Remainder Theorem

Chapter 5. Modular arithmetic. 5.1 The modular ring

COMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635

Solution Sheet (i) q = 5, r = 15 (ii) q = 58, r = 15 (iii) q = 3, r = 7 (iv) q = 6, r = (i) gcd (97, 157) = 1 = ,

Math 109 HW 9 Solutions

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Basic elements of number theory

Basic elements of number theory

MATH 433 Applied Algebra Lecture 4: Modular arithmetic (continued). Linear congruences.

Algebra. Modular arithmetic can be handled mathematically by introducing a congruence relation on the integers described in the above example.

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Definitions. Notations. Injective, Surjective and Bijective. Divides. Cartesian Product. Relations. Equivalence Relations

Mathematics for Cryptography

This exam contains 5 pages (including this cover page) and 4 questions. The total number of points is 100. Grade Table

Chinese Remainder Algorithms. Çetin Kaya Koç Spring / 22

Chapter 1 : The language of mathematics.

Math From Scratch Lesson 20: The Chinese Remainder Theorem

MODEL ANSWERS TO HWK #10

Chinese Remainder Theorem

The Chinese Remainder Theorem

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

MATH 25 CLASS 12 NOTES, OCT Contents 1. Simultaneous linear congruences 1 2. Simultaneous linear congruences 2

NOTES ON FINITE FIELDS

This is an auxiliary note; its goal is to prove a form of the Chinese Remainder Theorem that will be used in [2].

The security of RSA (part 1) The security of RSA (part 1)

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

Tomáš Madaras Congruence classes

Congruences. September 16, 2006

Number Theory Solutions Packet

3.2 Solving linear congruences. v3

Math 312/ AMS 351 (Fall 17) Sample Questions for Final

Public-key Cryptography: Theory and Practice

= 1 2x. x 2 a ) 0 (mod p n ), (x 2 + 2a + a2. x a ) 2

Lecture Notes. Advanced Discrete Structures COT S

12x + 18y = 50. 2x + v = 12. (x, v) = (6 + k, 2k), k Z.

a = mq + r where 0 r m 1.

Wilson s Theorem and Fermat s Little Theorem

Number theory (Chapter 4)

cse 311: foundations of computing Fall 2015 Lecture 11: Modular arithmetic and applications

Elementary Number Theory. Franz Luef

MATH 361: NUMBER THEORY FOURTH LECTURE

Number Theory Homework.

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

Solutions to Problem Set 3 - Fall 2008 Due Tuesday, Sep. 30 at 1:00

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

LEGENDRE S THEOREM, LEGRANGE S DESCENT

1. multiplication is commutative and associative;

Elementary Number Theory Review. Franz Luef

4. Congruence Classes

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

Lecture 7 Number Theory Euiseong Seo

1 Overview and revision

Math 131 notes. Jason Riedy. 6 October, Linear Diophantine equations : Likely delayed 6

A Classification of Integral Apollonian Circle Packings

Computations/Applications

The Chinese Remainder Theorem

3.7 Non-linear Diophantine Equations

THESIS. Presented in Partial Fulfillment of the Requirements for the Degree Master of Science in the Graduate School of The Ohio State University

LINEAR CONGRUENCES AND LINEAR DIOPHANTINE EQUATIONS

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Simultaneous Linear, and Non-linear Congruences

Part IA Numbers and Sets

3 The fundamentals: Algorithms, the integers, and matrices

THE JOHNS HOPKINS UNIVERSITY Faculty of Arts and Sciences FINAL EXAM - FALL SESSION ADVANCED ALGEBRA I.

4.4 Solving Congruences using Inverses

Elementary Number Theory MARUCO. Summer, 2018

MTH 346: The Chinese Remainder Theorem

MATH 2112/CSCI 2112, Discrete Structures I Winter 2007 Toby Kenney Homework Sheet 5 Hints & Model Solutions

Introduction to Algebraic Geometry. Franz Lemmermeyer

Notes on Systems of Linear Congruences

Solutions to Homework for M351 Algebra I

5 Group theory. 5.1 Binary operations

Math 120 HW 9 Solutions

Part II. Number Theory. Year

Course 2316 Sample Paper 1

MATH 115, SUMMER 2012 LECTURE 4 THURSDAY, JUNE 21ST

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

School of Mathematics

Q 2.0.2: If it s 5:30pm now, what time will it be in 4753 hours? Q 2.0.3: Today is Wednesday. What day of the week will it be in one year from today?

MATH 115, SUMMER 2012 LECTURE 12

M381 Number Theory 2004 Page 1

Chapter 4 Mathematics of Cryptography

Numbers. Çetin Kaya Koç Winter / 18

A Few Primality Testing Algorithms

Monoids. Definition: A binary operation on a set M is a function : M M M. Examples:

[Part 2] Asymmetric-Key Encipherment. Chapter 9. Mathematics of Cryptography. Objectives. Contents. Objectives

SOLUTIONS TO PROBLEM SET 1. Section = 2 3, 1. n n + 1. k(k + 1) k=1 k(k + 1) + 1 (n + 1)(n + 2) n + 2,

Finite Fields and Error-Correcting Codes

Part IA Numbers and Sets

Modular Arithmetic Instructor: Marizza Bailey Name:

4 Number Theory and Cryptography

x 3 2x = (x 2) (x 2 2x + 1) + (x 2) x 2 2x + 1 = (x 4) (x + 2) + 9 (x + 2) = ( 1 9 x ) (9) + 0

Mathematical Foundations of Public-Key Cryptography

Homework 10 M 373K by Mark Lindberg (mal4549)

Rings and Fields Theorems

10 Problem 1. The following assertions may be true or false, depending on the choice of the integers a, b 0. a "

Notes for Lecture 25

Transcription:

10. Linear congruences In general we are going to be interested in the problem of solving polynomial equations modulo an integer m. Following Gauss, we can work in the ring Z m and find all solutions to polynomial equations with coefficients in this ring. One huge advantage of this approach is that we can count the number of solutions in the ring Z m, simply because Z m is finite. As a warm up we consider linear equations. It is easy to do the case of one equation. Theorem 10.1. Let m > 1 be a natural number and let a and b be integers. Let d = (a, m). The equation ax b has a solution if and only if d b. In this case, there is one solution, call it x 0, to the equation and there are d solutions x 0 x 0 + m d to the equation (a/d)x = (b/d) x 0 + 2 m d Proof. Solving the equation ax b. ax b is equivalent to solving the equation in integers x and y. Indeed, if x 0 is a solution to /d,... and x 0 + (d 1) m d, ax + ( m)y = b ax b then ax 0 b. It follows that ax 0 b is divisible by m, that is, there is an integer y 0 such that ax 0 b = my 0. Rewriting, we see that ax 0 + ( m)y 0 = b, so that (x 0, y 0 ) is a solution to ax + ( m)y = b. Vice-versa, if (x 0, y 0 ) is a solution of ax + ( m)y = b 1

then ax 0 b so that x 0 is a solution of ax b. Now we already know that the linear Diophantine equation ax + ( m)y = b has a solution if and only if d b. In this case, pick a solution (x 0, y 0 ) to the equation (a/d)x + ( m/d)y = b/d. Then every solution to the equation is given by (a/d)x + ( m/d)y = b/d. x = x 0 + mt and y = y 0 + ta d d. These are all equivalent modulo m/d, so the equation (a/d)x (b/d) /d, has a unique solution and we get d solutions x 0 x 0 + m d to the equation x 0 + 2 m d... and x 0 + (d 1) m d, ax b. Question 10.2. Find all solutions of the equation 9x 15 mod 51. First note that (9, 51) = 3 and 3 15, so this equation does have a solution and it is equivalent to the equation 3x 5 mod 17. This is also equivalent to the equation 3x + 17y = 5. We can solve this as usual by applying the Euclidean algorithm Therefore 17 = 5 3 + 2 3 = 1 2 + 1. 1 = 3 2 = 3 (17 5 3) = 3 6 + 17 1. 2

Multiplying by 5 we get Reducing modulo 17 we get 3 30 + 17 5 = 5. 3 13 5 mod 17. Thus x = 13 is one possible solution. The others are given by jumps of 17, 13, 30 and 47. Now let us turn to the problem of solving simultaneous linear equations. The interesting feature of this problem is that it is possible to solve two or more equations with respect to different moduli. Now one linear equation of the form ax b is equivalent to a collection of equations of the form x c where c might take a collection of values. It follows that working on each equation one at a time, when the modulus is fixed, we can reduce our equations to a collection of simultaneous equations x c 1 1 x c 2 2..... x c k k. Note that these equations might be incompatible. For example, we cannot solve x 0 mod 2 x 1 mod 2. In this case any solution is supposed to be both even and odd, which is impossible. The problem is when two moduli are not coprime. Amazingly, if the moduli are coprime there is a simple way to solve a system of equations. Theorem 10.3 (Chinese remainder theorem). If the moduli m 1, m 2,..., m r are pairwise coprime, that is (m i, m j ) = 1 for i j, then the system 3

of equations x c 1 1 x c 2 2..... x c k r, has one solution, given by a residue class modulo the product, m = m 1 m 2... m r. Proof. This system is completely described, if we fix the moduli and their order, by a vector (c 1, c 2,..., c r ). Even better, we can view replace c i be a residue class c i modulo m. Thus any equation is represented by a vector ( c 1, c 2,..., c r ) Z m1 Z m2 Z mr. Now if a is a solution to these equations and b a then b is also a solution. Indeed, as m i divides m, it follows that b a i. Thus the solutions to this equation are naturally residue classes modulo m, ā Z m. Suppose that a and b Z m are two solutions to the same equation. Then a b i, for all 1 i r. Thus m i divides a b for all 1 i r. As (m i, m j ) = 1 it follows that the product m divides a b. Thus a b. Thus each equation has at most one solution. On the other hand, every element a Z m is the solution to the equation with c i a i. Note that there are m equations, since we can choose c 1, c 2,..., c r freely. As Z m also has m equations, it follows that there is a one to one correspondence between equations and solutions. In other words, each equation has exactly one solution modulo m. In fact we have much more than a one to one correspondence between Z m and the product of the sets Z m1 Z m2 Z mr. In general, given two rings R and S one can make another ring R S as follows. The elements of R S are just the elements of the Cartesian product. We have to decide how to add and how to multiply and then we have to check the axioms for a ring. To add and multiply, just add and multiply component by component: (r 1, s 1 )+(r 2, s 2 ) = (r 1 +r 2, s 1 +s 2 ) and (r 1, s 1 ) (r 2, s 2 ) = (r 1 r 2, s 1 s 2 ). It is not hard to check that this rule of addition and multiplication is associative. One checks this component by component. (0, 0) plays the role of zero, ( r, s) is the additive inverse of (r, s) and (1, 1) plays the role of one. 4

Theorem 10.4 (Chinese remainder theorem, bis). If m 1, m 2,..., m r are pairwise coprime natural numbers then the two rings are isomorphic. Z m and Z m1 Z m2 Z mr. Proof. We have already written down a bijection between the two underlying sets. It suffices to check that this bijection is a homomorphism, so that it respects addition, multiplication and sends one to one. But all of these statements are clear, because the addition and multiplication on both sides is the natural one inherited from the integers Z. Note that this the Chinese remainder theorem is quite useful in practice. If you want do arithmetic modulo m, it is enough to do arithmetic modulo m i, for every 1 i r. Consider the problem of trying to solve an equation with vector (c 1, c 2,..., c r ). If we let e i be the vector with an 1 in the ith entry and zero everywhere else, then we have (c 1, c 2,..., c r ) = c 1 e 1 + ce 2 + + c r e r. If we can solve the equation with vector e i then we can solve the general equation by taking the appropriate linear combination. Suppose that y i is a solution of the equations for the vector e i. Then the solution to the equations for the vector (c 1, c 2,..., c r ) is c 1 y 1 + c 2 y 2 + + c r y r. Consider trying to find y i. We want y i 0 j. Thus y i is a multiple of m j, for all j i, so that y i is a multiple of m/m + i. Thus m y i = z i. m i We want to choose z i so that m z i 1 i. m i Putting all of this together, once we have found z 1, z 2,..., z r then m m m x = c 1 z 1 + c 2 z 2 + + c r z r m 1 m 2 m r has the property that x c i i, for all 1 i r. 5

Question 10.5. Solve the three equations x = 3 mod 5 x = 7 mod 11 x = 4 mod 13. We use the method above. We first have to solve These reduce to These have solutions 11 13z 1 = 1 mod 5 5 13z 2 = 1 mod 11 5 11z 3 = 1 mod 13. 3z 1 = 1 mod 5 10z 2 = 1 mod 11 3z 3 = 1 mod 13. z 1 = 2 mod 5 z 2 = 10 mod 11 z 3 = 9 mod 13. The solution to the equation above is x = 11 13 2 3 + 5 13 10 7 + 5 11 9 4 11 13 + 5 13 6 5 11 3 mod 5 11 13 41 13 5 11 3 mod 5 11 13 = 41 2 + 41 5 3 5 11 3 = 41 2 + 30 5 3 = 368. Finally, we deal with the case that the moduli are not necessarily coprime. Theorem 10.6. The system of equations x c 1 1 x c 2 2..... x c k r, has a solution if and only if (m i, m j ) c i c j for all i and j. In this case the general solution is a residue class modulo [m 1, m 2,..., m r ]. 6

In particular a finite set of arithmetic progressions intersects if and only if any pair of them intersect. Proof. Suppose that a is a solution. As a c i i and a c j j there are integers k and l such that a = c i + m i k and a = c j +m j l. It follows that c i +m i k = c j +m j l, so that c i c j = m i k+m j l. It follows that (m i, m j ) (c i c j ). Now suppose that (m i, m j ) (c i c j ) for all i and j. Let p be a prime. Suppose that m i = p e i m i, where m i is coprime to p. By the Chinese remainder theorem, it suffices to solve each of these equations modulo p e i i. Thus we may assume that m i = 1 so that m i = p e i are all powers of the same prime p. Rearranging we may assume that e 1 e 2 e 3.... In this case, (m 1, m j ) = m j. If a = c 1 then a c 1 j c j j. Thus a = c 1 is a solution to these equations. 7

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback