The Chinese Remainder Theorem

Similar documents
Quadratic Congruences, the Quadratic Formula, and Euler s Criterion

The Chinese Remainder Theorem

Know the Well-ordering principle: Any set of positive integers which has at least one element contains a smallest element.

Notes on Systems of Linear Congruences

Chapter 5. Modular arithmetic. 5.1 The modular ring

Homework #2 solutions Due: June 15, 2012

LECTURE 4: CHINESE REMAINDER THEOREM AND MULTIPLICATIVE FUNCTIONS

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

Basic elements of number theory

Basic elements of number theory

Euler s, Fermat s and Wilson s Theorems

ALGEBRA I (LECTURE NOTES 2017/2018) LECTURE 9 - CYCLIC GROUPS AND EULER S FUNCTION

Definitions. Notations. Injective, Surjective and Bijective. Divides. Cartesian Product. Relations. Equivalence Relations

1 Overview and revision

Math 120 HW 9 Solutions

The group (Z/nZ) February 17, In these notes we figure out the structure of the unit group (Z/nZ) where n > 1 is an integer.

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

7. Prime Numbers Part VI of PJE

MATH 361: NUMBER THEORY FOURTH LECTURE

ax b mod m. has a solution if and only if d b. In this case, there is one solution, call it x 0, to the equation and there are d solutions x m d

Congruences and Residue Class Rings

CYCLICITY OF (Z/(p))

a = mq + r where 0 r m 1.

= 1 2x. x 2 a ) 0 (mod p n ), (x 2 + 2a + a2. x a ) 2

Math 324, Fall 2011 Assignment 7 Solutions. 1 (ab) γ = a γ b γ mod n.

2 More on Congruences

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

Math 319 Problem Set #2 Solution 14 February 2002

Review Problems for Midterm Exam II MTH 299 Spring n(n + 1) 2. = 1. So assume there is some k 1 for which

A SURVEY OF PRIMALITY TESTS

SOLUTIONS Math 345 Homework 6 10/11/2017. Exercise 23. (a) Solve the following congruences: (i) x (mod 12) Answer. We have

Number Theory Proof Portfolio

Numbers. Çetin Kaya Koç Winter / 18

MATH 115, SUMMER 2012 LECTURE 12

Math 4400 First Midterm Examination September 21, 2012 ANSWER KEY. Please indicate your reasoning and show all work on this exam paper.

1 2 3 style total. Circle the correct answer; no explanation is required. Each problem in this section counts 5 points.

Mathematics for Cryptography

Definition 6.1 (p.277) A positive integer n is prime when n > 1 and the only positive divisors are 1 and n. Alternatively

Number theory (Chapter 4)

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

Transposition as a permutation: a tale of group actions and modular arithmetic

ICS141: Discrete Mathematics for Computer Science I

Public-key Cryptography: Theory and Practice

D-MATH Algebra II FS18 Prof. Marc Burger. Solution 26. Cyclotomic extensions.

ECEN 5022 Cryptography

Math 312/ AMS 351 (Fall 17) Sample Questions for Final

A. Algebra and Number Theory

INVERSE LIMITS AND PROFINITE GROUPS

MATH 25 CLASS 21 NOTES, NOV Contents. 2. Subgroups 2 3. Isomorphisms 4

Chapter 1 : The language of mathematics.

A Few Primality Testing Algorithms

MATH 2200 Final Review

Q 2.0.2: If it s 5:30pm now, what time will it be in 4753 hours? Q 2.0.3: Today is Wednesday. What day of the week will it be in one year from today?

SOLUTIONS TO PROBLEM SET 1. Section = 2 3, 1. n n + 1. k(k + 1) k=1 k(k + 1) + 1 (n + 1)(n + 2) n + 2,

Chapter 5. Number Theory. 5.1 Base b representations

COMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635

AN ALGEBRA PRIMER WITH A VIEW TOWARD CURVES OVER FINITE FIELDS

All variables a, b, n, etc are integers unless otherwise stated. Each part of a problem is worth 5 points.

23.1. Proof of the fundamental theorem of homomorphisms (FTH). We start by recalling the statement of FTH introduced last time.

Applied Cryptography and Computer Security CSE 664 Spring 2018

I Foundations Of Divisibility And Congruence 1

D-MATH Algebra I HS 2013 Prof. Brent Doran. Solution 3. Modular arithmetic, quotients, product groups

4.4 Solving Congruences using Inverses

7.2 Applications of Euler s and Fermat s Theorem.

Elementary Algebra Chinese Remainder Theorem Euclidean Algorithm

This exam contains 5 pages (including this cover page) and 4 questions. The total number of points is 100. Grade Table

Discrete Structures Lecture Solving Congruences. mathematician of the eighteenth century). Also, the equation gggggg(aa, bb) =

SUBGROUPS OF CYCLIC GROUPS. 1. Introduction In a group G, we denote the (cyclic) group of powers of some g G by

MATH 55 - HOMEWORK 6 SOLUTIONS. 1. Section = 1 = (n + 1) 3 = 2. + (n + 1) 3. + (n + 1) 3 = n2 (n + 1) 2.

Corollary 4.2 (Pepin s Test, 1877). Let F k = 2 2k + 1, the kth Fermat number, where k 1. Then F k is prime iff 3 F k 1

The Chinese Remainder Theorem

Dirichlet Characters. Chapter 4

TC10 / 3. Finite fields S. Xambó

Primes and Modular Arithmetic! CSCI 2824, Fall 2014!!

Section 4.4 Functions. CS 130 Discrete Structures

0 Sets and Induction. Sets

Math 314 Course Notes: Brief description

MATH 310: Homework 7

5 Group theory. 5.1 Binary operations

The primitive root theorem

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

Math 109 HW 9 Solutions

NUMBER THEORY. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

Algebra. Modular arithmetic can be handled mathematically by introducing a congruence relation on the integers described in the above example.

Mathematics 228(Q1), Assignment 2 Solutions

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Homework 10 M 373K by Mark Lindberg (mal4549)

NOTES ON FINITE FIELDS

ORDERS OF ELEMENTS IN A GROUP

Number Theory Alex X. Liu & Haipeng Dai

A Generalization of Wilson s Theorem

4 Number Theory and Cryptography

A Readable Introduction to Real Mathematics

12x + 18y = 50. 2x + v = 12. (x, v) = (6 + k, 2k), k Z.

Math 121 Homework 5: Notes on Selected Problems

The number of ways to choose r elements (without replacement) from an n-element set is. = r r!(n r)!.

Lecture 4: Number theory

Rings and modular arithmetic

Notes on Primitive Roots Dan Klain

A connection between number theory and linear algebra

Transcription:

The Chinese Remainder Theorem R. C. Daileda February 19, 2018 1 The Chinese Remainder Theorem We begin with an example. Example 1. Consider the system of simultaneous congruences x 3 (mod 5), x 2 (mod 6). Clearly x = 8 is a solution. If y were another solution, then we would have y 8(mod 5) and y 8(mod 6). Hence 5 y 8 and 6 y 8. As (5, 6) = 1, this means 30 y 8 or y 8 (mod 30). As this line of reasoning is completely reversible, we find that the set of solutions to the simultaneous congruences (1) is the congruence class 8 + 30Z. Hence, modulo 30, there is a unique solution to the system (1). The Chinese remainder theorem tells us that, under an appropriate hypothesis on the moduli, systems of the type in the previous example always have solutions that are unique modulo the product of the moduli. Before we state it, however, we need to generalize a result from the homework. Lemma 1. Let a 1, a 2,..., a n Z be pairwise relatively prime. If b Z and a i b for all i, then a 1 a 2 a n b. Proof. By induction on n. We take as our base case n = 2. Although this case was given as a homework exercise, in the interest of completeness we prove it here anyway. So suppose a 1 and a 2 are relatively prime and both divide b. Use Bézout s lemma to write ra 1 + sa 2 = 1 for some r, s Z. Also write b = b 1 a 1 and b = b 2 a 2. We multiply the Bézout relation by b and then substitute in the divisibility equations: b = bra 1 + bsa 2 = b 2 a 2 ra 1 + b 1 a 1 sa 2 = (b 2 r + b 1 s)a 1 a 2 which implies that a 1 a 2 b. Now assume that the result holds for some n 2. Let a 1, a 2,... a n, a n+1 Z be pairwise relatively prime and suppose that a i b for all i. By the inductive hypothesis, a 1 a 2 a n b. It therefore suffices so show that a 1 a 2 a n and a n+1 are relatively prime, for the result will then follow from the n = 2 case. Let d = (a 1 a 2 a n, a n+1 ). If d 1, then there is a prime p d. It follows that p a 1 a 2 a n and p a n+1. By (the extended version of) Euclid s lemma, we must have p a i for some 1 i n. But then p is a nontrivial common divisor of a i and a n+1, contradicting the fact that (a i, a n+1 ) = 1. Hence d = 1 and, as noted above, the n + 1 case is established. By induction, the lemma holds for all n 2. (1) 1

The auxiliary fact established in the final paragraph of the preceding proof is worth recording independently. Corollary 1. If a 1, a 2,..., a n Z are pairwise relatively prime, then (a 1 a 2 a n 1, a n ) = 1. We are now ready for our main result. Theorem 1 (Chinese remainder theorem). Let n 1, n 2,... n r N be pairwise relatively prime. For any a 1, a 2,..., a r Z the solution set of the system of simultaneous congruences x a 1 (mod n 1 ), x a 2 (mod n 2 ),. x a r (mod n r ), consists of a unique congruence class modulo N = n 1 n 2 n r. Proof. We will give an indirect, nonconstructive proof. We will return to the question of how to actually find the solution to (2) once we have proven the theorem. Consider the map ρ : Z/NZ Z/n 1 Z Z/n 2 Z Z/n 1 Z a + NZ (a + Z/n 1 Z, a + Z/n 2 Z,..., a + Z/n r Z). i.e. ρ maps the class of a modulo N to the r-tuple of classes of a modulo the n i. ρ is welldefined since if a + NZ = b + NZ then N a b. As n i N for all i, this means n i a b and hence a + n i Z = b + n i Z for all i. To prove the theorem it suffices to prove that ρ is a bijection. To see this, first notice that x solves the system (2) if and only if x + n i Z = a i + n i Z for all i and that this happens if and only if ρ(x + NZ) = (a 1 + Z/n 1 Z, a 2 + Z/n 2 Z,..., a r + Z/n r Z). If ρ is a bijection, then there exists a unique a+nz Z/NZ so that ρ(a+nz) = (a 1 +Z/n 1 Z, a 2 +Z/n 2 Z,..., a r +Z/n r Z). According to what we first noticed, this shows that x solves (2) if and only if x a + NZ. This is precisely what the theorem states. It remains to prove that ρ is bijective. To do so we only need to show that ρ is injective since both its domain and codomain have size n 1 n 2 n r = N. So suppose ρ(a + NZ) = ρ(b + NZ) for some a, b Z. Then a + n i Z = b + n i Z, or n i a b, for all i. Since the n i are pairwise relatively prime, this means their product, N, divides a b by Lemma 1. Hence a + NZ = b + NZ and ρ is injective. This completes the proof. Remark 1. The Chinese remainder theorem (CRT) asserts that there is a unique class a + NZ so that x solves the system (2) if and only if x a + NZ, i.e. x a(mod N). Thus the system (2) is equivalent to a single congruence modulo N. Although we only proved one implication, one can actually show that the CRT is equivalent to the bijectivity of ρ. Now we turn to the question of actually producing the solution to the system (2) of the Chinese remainder theorem. Since we know the solution is unique modulo the product (2) 2

N of the moduli, if we can find a single solution, we can find them all by simply adding NZ. It turns out that producing a particular solution is not that hard if one is just a bit clever. Before describing it, we make a quick observation. Suppose n 1, n 2,..., n r are pairwise relatively prime. Let N = n 1 n 2 n r and N i = N/n i (so that N i is the product of all the n j except n i ). Then n i and N i are relatively prime for all i by Corollary 1. Theorem 2. Let n 1, n 2,..., n r N be pairwise relatively prime and define N, N i as above. Let m i be a modular inverse of N i modulo n i, i.e. m i N i 1(mod n i ). Given a 1, a 2,..., a r Z set a = a 1 m 1 N 1 + a 2 m 2 N 2 + + a r m r N r. Then a solves the system (2) of the Chinese remainder theorem. Therefore the solution set of (2) is a + NZ, i.e. x is a solution if and only if x a(mod N). Proof. As noted above, in light of Theorem 1 it suffices to simply show that a is a solution to the system (2). We will show that a a 1 (mod n 1 ). The same argument works for all of the other congruences. Since n 1 N j for j 2, a a 1 m 1 N 1 a 1 (mod n 1 ) by our choice of m 1. That s it. Remark 2. According to comments that we ve already made, the element a constructed in Theorem 2 satisfies ρ(a + NZ) = (a 1 + Z/n 1 Z, a 2 + Z/n 2 Z,..., a r + Z/n r Z). We have therefore proven, independently and constructively, that ρ is surjective. Once more appealing to the fact that the domain and codomain of ρ have the same size, we conclude that ρ must be injective as well and is thus a bijection. This provides a second proof of the CRT. Another choice for a in Theorem 2 is a = a 1 N ϕ(n 1) 1 + a 2 N ϕ(n 2) 2 + + a r N ϕ(nr) r as is easily seen by appealing to Euler s theorem. The main difficulty with using this expression, however, is that ϕ(n) can be difficult to compute. Example 2. Solve the system of congruences x 1 (mod 25), x 17 (mod 26), x 11 (mod 27). We have n 1 = 25 = 5 5, n 2 = 26 = 2 13 and n 3 = 3 3. Since their factorizations involve 3

distinct primes, n 1, n 2 and n 3 are certainly pairwise relatively prime. Moreover N 1 = n 2 n 3 = 26 27 1 2 2 (mod 25) (25 = n 1 ), m 1 13 (mod 25), N 2 = n 1 n 3 = 25 27 1 (mod 26) (26 = n 2 ), m 2 1 (mod 26), N 3 = n 1 n 2 = 25 26 ( 2)( 1) 2 (mod 27) (27 = n 3 ), m 3 14 (mod 27). Thus x is a solution if and only if x 1 26 27 13 + 17 25 27 ( 1) + 11 25 26 14 (mod 25 26 27) 97751 (mod 17550) 10001 (mod 17550). Example 3. One day Dr. Daileda decided to sort through his CD collection. When he put them into piles of 8 CDs, he had 4 left over. When he put them into piles of 17 CDs he had 15 left over. And when he put them into piles of 25 he had 4 left over. What is the smallest possible number of CDs that Dr. Daileda had? The number of CDs must simultaneously solve the congruences x 4 (mod 8), x 15 (mod 17), x 4 (mod 25). Since n 1 = 8, n 2 = 17 and n 3 = 25 are clearly relatively prime, we may apply the Chinese remainder theorem. We have N 1 = 17 25 1 1 1 (mod 8) m 1 1 (mod 8), (3) N 2 = 8 25 8 8 = 64 13 (mod 17) m 2 4 (mod 17), (4) N 3 = 8 17 8( 8) = 64 14 11 (mod 25) m 3 16 (mod 25). (5) Hence the solutions to this set of congruences are given by x 4 17 25 1 + 15 8 25 4 + 4 8 17 16 (mod 8 17 25) 22404 (mod 3400) 2004 (mod 3400). Since 2004 is the least positive element in its congruence class modulo 3400 (it s a remainder), this is the fewest number of CDs. Example 4. Use the second remark after Theorem 2 to solve the system of congruences x 4 (mod 5), x 2 (mod 7), x 2 (mod 8), x 1 (mod 9). 4

We have N = 2520 and Hence so that the solution is N ϕ(n 1) 1 = (7 8 9) 4 = 64524128256 2016 (mod 2520), N ϕ(n 2) 2 = (5 8 9) 6 = 2176782336000000 1800 (mod 2520), N ϕ(n 3) 3 = (5 7 9) 4 = 9845600625 945 (mod 2520), N ϕ(n 4) 4 = (5 7 8) 6 = 481890304000000 280 (mod 2520). a 4 2016 + 2 1800 + 2 945 + 1 280 = 13834 1234 (mod 2520) x 1234 (mod 2520). 2 CRT and Units Modulo n 2.1 Direct Products of Rings Given rings R 1, R 2,..., R n the set R 1 R 2 R n is endowed with two binary operations which arise by simply applying the operations of the individual R i coordinate-wise: (r 1, r 2,..., r n ) + (s 1, s 2,..., s n ) = (r 1 + s 1, r 2 + s 2,..., r n + s n ), (r 1, r 2,..., r n ) (s 1, s 2,..., s n ) = (r 1 s 1, r 2 s 2,..., r n s n ). It is not difficult to show that R 1 R 2 R n together with these operations is again a ring, called the direct product of R 1, R 2,..., R n. Its zero is (0 R1, 0 R2,..., 0 Rn ) and its identity is (1 R1, 1 R2,..., 1 Rn ). Consequently, it is not difficult to show that (R 1 R 2 R n ) = R 1 R 2 R n. That is, an element of the direct product is a unit if and only if every coordinate is a unit (in its respective ring). The map ρ in the proof of the Chinese remainder theorem can therefore be viewed as a bijection between two rings. It actually has another property relative to ring structure that is very useful: it preserves ring operations. For example ρ((a + NZ) + (b + NZ)) = ρ((a + b) + nz) = ((a + b) + n 1 Z, (a + b) + n 2 Z,..., (a + b) + n r Z) = ((a + n 1 Z) + (b + n 1 Z), (a + n 2 Z) + (b + n 2 Z),..., (a + n r Z) + (b + n r Z)) = (a + n 1 Z, a + n 2 Z,..., a + n r Z) + (b + n 1 Z, b + n 2 Z,..., b + n r Z) = ρ(a + NZ) + ρ(b + NZ). An entirely similar computation shows that ρ((a + NZ)(b + NZ)) = ρ(a + NZ)ρ(b + NZ). Maps between rings that preserve both binary operations are called ring homomorphisms. If a ring homomorphism is bijective it is called an isomorphism and the domain and codomain 5

are said to be isomorphic. So we see that ρ is an isomorphism. Isomorphic rings are the same in the sense that they share their ring-theoretic properties. For example, we have the next result. Lemma 2. Let α : R S be an isomorphism of rings. Then α(1 R ) = 1 S and α R gives a (multiplication preserving) bijection from R to S. Proof. Since α is surjective, there is an r R so that α(r) = 1 S. Then α(1 R ) = α(1 R ) 1 S = α(1 R )α(r) = α(1 R r) = α(r) = 1 S. Since α R is injective, to prove the second part of the theorem it suffices to show that α(r ) = S. Let a R. Then 1 S = α(1 R ) = α(aa 1 ) = α(a)α(a 1 ). Likewise, α(a 1 )α(a) = 1 S. Hence α(r ) S. Let s S. Choose a, b R so that α(a) = s and α(b) = s 1. Then α(ab) = α(a)α(b) = ss 1 = 1 S = α(1 R ). Since α is injective, we must have ab = 1 R. Similarly, ba = 1 R. Hence a R and therefore S α(r ). It follows that the two sets are equal which we have already noted finishes the proof. 2.2 Decomposition of (Z/nZ) Finally, let s apply the discussion of the preceding section to the isomorphism ρ. Corollary 2. Let n 1, n 2,..., n r N be pairwise relatively prime. If N = n 1 n 2 n r, then the map a + NZ (a + n 1 Z, a + n 2 Z,..., a + n r Z) gives a (multiplication preserving) bijection from (Z/NZ) to (Z/n 1 Z) (Z/n 2 Z) (Z/n r Z). Corollary 3. If n 1, n 2,..., n r N are pairwise relatively prime, then i.e. ϕ is multiplicative. ϕ(n 1 n 2 n r ) = ϕ(n 1 )ϕ(n 2 ) ϕ(n r ), Remark 3. Given an arithmetic function f : N C, one usually says it is multiplicative if f(mn) = f(m)f(n) whenever (m, n) = 1. It is not too hard to show, however, that this is equivalent to the property stated for ϕ above. Corollary 4. Let n N and write n as a product of powers of distinct primes: Then: n = p m 1 1 p m 2 2 p mr r, p i distinct primes, m i N. 1. (Z/nZ) is isomorphic to (Z/p m 1 1 Z) (Z/p m 2 2 Z) (Z/p mr r Z) ; 1 2. ϕ(n) = ϕ(p m 1 1 )ϕ(p m 2 2 ) ϕ(p mr r ). Proof. Take n i = p m i i in the previous two corollaries. 1 Two groups are said to be isomorphic if there is an operation preserving bijection between them. 6

Corollary 4 was the true goal of introducing the Chinese remainder theorem. It reduces the study of the structure of the unit group (Z/nZ) for arbitrary n to the study of unit groups of the form (Z/p m Z) where p is prime. We ll return to this topic later. The corollary also allows us to determine an explicit formula for ϕ(n) in terms of the prime factorization of n, as we will now see. Lemma 3. Let p be a prime and m N. Then ( ϕ(p m ) = p m p m 1 = p m 1 (p 1) = p m 1 1 ). p Proof. To count (Z/p m Z) we will instead count its complement in Z/p m Z and subtract that number from p m. The integers from 1 to p m that are not relatively prime to p m are precisely the multiples of p in that range. So we need to count the positive k that satisfy kp p m. But if we divide both sides by p we immediately obtain 1 k p m 1. So there are exactly p m 1 multiples of p less than or equal to p m. That leaves p m p m 1 positive integers in that range that are relatively prime to p m. Hence ϕ(p m ) = p m p m 1. Remark 4. Note that if p = 2 then ϕ(2 m ) = 2 m 1 (2 1) = 2 m 1. In other words, exactly half of the elements of Z/2 m Z are units. This is easily explained. In order to be relatively prime to 2 m an integer need only be odd, and exactly half of the positive integers up to 2 m are odd. Theorem 3. Let n N and write n as a product of powers of distinct primes: Then n = p m 1 1 p m 2 2 p mr r, p i distinct primes, m i N. ϕ(n) = p m 1 1 1 (p 1 1)p m 1 2 (p 2 1) p mr 1 r (p r 1) = n p n ( 1 1 ). p Proof. This follows immediately from the Lemma and the multiplicativity of ϕ. Example 5. ϕ(100) = ϕ(5 2 )ϕ(2 2 ) = 5(5 1) 2 = 40. ϕ(230) = ϕ(23)ϕ(2)ϕ(5) = 22 1 4 = 88. ϕ(572) = ϕ(2 2 )ϕ(11)ϕ(13) = 2 10 12 = 240. ϕ(902016) = ϕ(2 7 )ϕ(3 5 )ϕ(29) = 2 6 3 4 (3 1) 28 = 290304. Example 6. Find the remainder when 3 2049 is divided by 68 We see that ϕ(68) = ϕ(2 2 )ϕ(17) = 2 16 = 32 and 2049 1(mod 32). Hence, by Euler s theorem, 3 2049 3 1 3 (mod 68), and the remainder is 3. 7

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback