Introduction Construction Applications The Coda

Chinese Remainder Theorem

Debabrota Basu

Department of Computer Science School of Computing

October 5, 2016

October 5, 2016 D. Basu CS1231R: CRT 1/24 Introduction Construction Applications The Coda

“You probably said or were told at some point that diamonds are forever, right? That depends on your definition of forever! A theorem – that really is forever.” – Eduardo S´anzde Cabez´on

October 5, 2016 D. Basu CS1231R: CRT 2/24 Introduction Construction Applications The Coda

History

Sun Tzu first mentioned this problem in his 3rd century book Sunzi Suanjing. Aryabhata described an algorithm to solve it in 6th century A.D. Fibonacci mentioned a special case of it in Liber Abaci, published in 1202. Gauss used congruences to give it the modern formulation in his Disquisitiones Arithmeticae of 1801.

October 5, 2016 D. Basu CS1231R: CRT 3/24 Introduction Construction Applications The Coda

An Example

There are certain things whose number is unknown. Repeatedly divided by 3, the remainder is 2; by 5 the remainder is 3; and by 7 the remainder is 2. What will be the number?

-Sun Tzu

October 5, 2016 D. Basu CS1231R: CRT 4/24 – Primitive version – Two integers a and b are called pairwise coprime or relatively prime, if gcd(a, b) = 1. – ni’s are called modulis or divisors.

Introduction Construction Applications The Coda

Chinese Remainder Theorem (I)

Theorem (Remainder Version) If K i. {ni}i=1 are pairwise coprime integers greater than 1, QK ii. N = i=1 ni, and K iii. {ai}i=1 are K integers, such that ai ∈ {0, 1, . . . , ni − 1} for every i, then there exists an unique integer x ∈ {0, 1,...,N − 1} such that the remainder of x divided by ni is ai for every i.

October 5, 2016 D. Basu CS1231R: CRT 5/24 – Two integers a and b are called pairwise coprime or relatively prime, if gcd(a, b) = 1. – ni’s are called modulis or divisors.

Introduction Construction Applications The Coda

Chinese Remainder Theorem (I)

Theorem (Remainder Version) If K i. {ni}i=1 are pairwise coprime integers greater than 1, QK ii. N = i=1 ni, and K iii. {ai}i=1 are K integers, such that ai ∈ {0, 1, . . . , ni − 1} for every i, then there exists an unique integer x ∈ {0, 1,...,N − 1} such that the remainder of x divided by ni is ai for every i. – Primitive version

October 5, 2016 D. Basu CS1231R: CRT 5/24 – ni’s are called modulis or divisors.

Introduction Construction Applications The Coda

Chinese Remainder Theorem (I)

Theorem (Remainder Version) If K i. {ni}i=1 are pairwise coprime integers greater than 1, QK ii. N = i=1 ni, and K iii. {ai}i=1 are K integers, such that ai ∈ {0, 1, . . . , ni − 1} for every i, then there exists an unique integer x ∈ {0, 1,...,N − 1} such that the remainder of x divided by ni is ai for every i. – Primitive version – Two integers a and b are called pairwise coprime or relatively prime, if gcd(a, b) = 1.

October 5, 2016 D. Basu CS1231R: CRT 5/24 Introduction Construction Applications The Coda

Chinese Remainder Theorem (I)

Theorem (Remainder Version) If K i. {ni}i=1 are pairwise coprime integers greater than 1, QK ii. N = i=1 ni, and K iii. {ai}i=1 are K integers, such that ai ∈ {0, 1, . . . , ni − 1} for every i, then there exists an unique integer x ∈ {0, 1,...,N − 1} such that the remainder of x divided by ni is ai for every i. – Primitive version – Two integers a and b are called pairwise coprime or relatively prime, if gcd(a, b) = 1. – ni’s are called modulis or divisors.

October 5, 2016 D. Basu CS1231R: CRT 5/24 Introduction Construction Applications The Coda

Chinese Remainder Theorem (II)

Theorem (Congruence Modulo Version) If K i. {ni}i=1 are pairwise coprime integers greater than 1, QK ii. N = i=1 ni, and K iii. {ai}i=1 are K integers, then there exists an unique residue class x(modN) such that,

x ≡ a1(mod n1),

x ≡ a2(mod n2), . .

x ≡ aK (mod nK ).

October 5, 2016 D. Basu CS1231R: CRT 6/24 – Z/niZ is the quotient ring of Z generated by the equivalence class [ni] .

Introduction Construction Applications The Coda

Chinese Remainder Theorem (III)

Theorem (Ring Isomorphism Version) If K i. {ni}i=1 are pairwise coprime integers greater than 1, and QK ii. N = i=1 ni, then the map x mod N 7→ (x mod n1, . . . , x mod nK ) defines a ring isomorphism, ∼ Z/NZ = Z/n1Z × ... × Z/nK Z.

October 5, 2016 D. Basu CS1231R: CRT 7/24 Introduction Construction Applications The Coda

Chinese Remainder Theorem (III)

Theorem (Ring Isomorphism Version) If K i. {ni}i=1 are pairwise coprime integers greater than 1, and QK ii. N = i=1 ni, then the map x mod N 7→ (x mod n1, . . . , x mod nK ) defines a ring isomorphism, ∼ Z/NZ = Z/n1Z × ... × Z/nK Z.

– Z/niZ is the quotient ring of Z generated by the equivalence class [ni] .

October 5, 2016 D. Basu CS1231R: CRT 7/24 – x mod I denotes the image of the element x in the quotient ring R/I defined by the ideal I.

Introduction Construction Applications The Coda

Chinese Remainder Theorem (IV)

Theorem (Generalized Version) If K i. {Ii}i=1 are pairwise coprime two-sided ideals of a ring R, and K ii. I = ∩i=1Ii, then the map x mod I 7→ (x mod I1, . . . , x mod IK ) defines a ring isomorphism, ∼ R/I = R/I1 × ... × R/IK .

October 5, 2016 D. Basu CS1231R: CRT 8/24 Introduction Construction Applications The Coda

Chinese Remainder Theorem (IV)

Theorem (Generalized Version) If K i. {Ii}i=1 are pairwise coprime two-sided ideals of a ring R, and K ii. I = ∩i=1Ii, then the map x mod I 7→ (x mod I1, . . . , x mod IK ) defines a ring isomorphism, ∼ R/I = R/I1 × ... × R/IK .

– x mod I denotes the image of the element x in the quotient ring R/I defined by the ideal I.

October 5, 2016 D. Basu CS1231R: CRT 8/24 Solution methods– Geometric approach Modular or algebraic approach General solution : not possible to obtain (Hilbert’s 10th problem)

Introduction Construction Applications The Coda

Linear Diophantine’s Equation

Problem Given a, b, c ∈ Z,

ax + by = c,

find integers x and y satisfying this equation.

October 5, 2016 D. Basu CS1231R: CRT 9/24 Introduction Construction Applications The Coda

Linear Diophantine’s Equation

Problem Given a, b, c ∈ Z,

ax + by = c,

find integers x and y satisfying this equation.

Solution methods– Geometric approach Modular or algebraic approach General solution : not possible to obtain (Hilbert’s 10th problem)

October 5, 2016 D. Basu CS1231R: CRT 9/24 Step 2: Find out the minimal element c Plug in y = 0.The basic solution is ( a , 0). Step 3: The general solution is c x = −bt + a y = at

for t ∈ Z.

Introduction Construction Applications The Coda

Geometric approach

Step 1: Find out the equation of curve b c x = − y + . a a The solutions to the Diophantine equation correspond to lattice points that lie on the curve.

October 5, 2016 D. Basu CS1231R: CRT 10 / 24 Step 3: The general solution is c x = −bt + a y = at

for t ∈ Z.

Introduction Construction Applications The Coda

Geometric approach

Step 1: Find out the equation of curve b c x = − y + . a a The solutions to the Diophantine equation correspond to lattice points that lie on the curve. Step 2: Find out the minimal element c Plug in y = 0.The basic solution is ( a , 0).

October 5, 2016 D. Basu CS1231R: CRT 10 / 24 Introduction Construction Applications The Coda

Geometric approach

Step 1: Find out the equation of curve b c x = − y + . a a The solutions to the Diophantine equation correspond to lattice points that lie on the curve. Step 2: Find out the minimal element c Plug in y = 0.The basic solution is ( a , 0). Step 3: The general solution is c x = −bt + a y = at

for t ∈ Z.

October 5, 2016 D. Basu CS1231R: CRT 10 / 24 Introduction Construction Applications The Coda

a-axis

b -axis

ax + by = c

October 5, 2016 D. Basu CS1231R: CRT 11 / 24 – Thus, the problem reduces to finding out the equivalence class ca−1 for mod b.

– This is canonical to finding the isomorphism Z → Z/bZ and to evaluate it for ca−1.

Introduction Construction Applications The Coda

Modular or Algebraic approach

ax + by = c ⇒ ax = −by + c ⇒ ax ≡ c(mod b) ⇒ x ≡ ca−1(mod b)

October 5, 2016 D. Basu CS1231R: CRT 12 / 24 Introduction Construction Applications The Coda

Modular or Algebraic approach

ax + by = c ⇒ ax = −by + c ⇒ ax ≡ c(mod b) ⇒ x ≡ ca−1(mod b)

– Thus, the problem reduces to finding out the equivalence class ca−1 for mod b.

– This is canonical to finding the isomorphism Z → Z/bZ and to evaluate it for ca−1.

October 5, 2016 D. Basu CS1231R: CRT 12 / 24 – Does there exist a solution? – If it exists, how is it? – Is it unique?

Introduction Construction Applications The Coda

System of Linear Diophantine’s Equations

Problem K K Given integers {ni}i=1 and {ai}i=1,

x = a1 + x1n1, . .

x = aK + xK nK ,

K find integers x and {xi}i=1 satisfying this equation.

October 5, 2016 D. Basu CS1231R: CRT 13 / 24 Introduction Construction Applications The Coda

System of Linear Diophantine’s Equations

Problem K K Given integers {ni}i=1 and {ai}i=1,

x = a1 + x1n1, . .

x = aK + xK nK ,

K find integers x and {xi}i=1 satisfying this equation. – Does there exist a solution? – If it exists, how is it? – Is it unique?

October 5, 2016 D. Basu CS1231R: CRT 13 / 24 Claims of Chinese remainder theorem:

There exists a solution if ni’s are pairwise coprime. The solution will have unique mod N.

Introduction Construction Applications The Coda

System of Linear Congruences

We can reformulate this problem as, Problem K K Given integers {ni}i=1 and {ai}i=1,

x ≡ a1(mod n1), . .

x ≡ aK (mod nK ),

find integer x satisfying this equation.

October 5, 2016 D. Basu CS1231R: CRT 14 / 24 Introduction Construction Applications The Coda

System of Linear Congruences

We can reformulate this problem as, Problem K K Given integers {ni}i=1 and {ai}i=1,

x ≡ a1(mod n1), . .

x ≡ aK (mod nK ),

find integer x satisfying this equation.

Claims of Chinese remainder theorem:

There exists a solution if ni’s are pairwise coprime. The solution will have unique mod N.

October 5, 2016 D. Basu CS1231R: CRT 14 / 24 Introduction Construction Applications The Coda

Uniqueness Proof

Let x and y be two solutions of this system of equations.

⇒ x ≡ ai(mod ni) ∧ y ≡ ai(mod ni) ∀i

⇒ x ≡ y(mod ni) ∀i

⇒ ni | x − y ∀i

⇒ N | x − y (since ni’s are coprime)

∴ The solution is unique in mod N. Q.E.D.

– Thus, the map x mod N 7→ (x mod n1, . . . , x mod nK ) is injective.

October 5, 2016 D. Basu CS1231R: CRT 15 / 24 Introduction Construction Applications The Coda

Existence Proof: Ring Isomorphism

x mod N 7→ (x mod n1, . . . , x mod nK ) maps congruence classes mod N to K set of congruence classes mod ni.

The proof of uniqueness shows that this map is injective.

As the domain and the codomain of this map have the same number of elements, N, the map is also surjective.

Thus, the map induces an isomorphism ∼ Z/NZ = Z/n1Z × ... × Z/nK Z.

– This proves the existence of the solution.

October 5, 2016 D. Basu CS1231R: CRT 16 / 24 Introduction Construction Applications The Coda

Existence Proof: Computational (I)

–Shall be described in lecture

October 5, 2016 D. Basu CS1231R: CRT 17 / 24 Introduction Construction Applications The Coda

Existence Proof: Computational (II)

– Shall be described in lecture

October 5, 2016 D. Basu CS1231R: CRT 18 / 24 Introduction Construction Applications The Coda

Applications: Cryptography

i. RSA decryption Most state-of-art implementations of RSA use the Chinese remainder theorem to optimize and speed-up decryption and signing.

ii. Secret sharing Each of the shares of secrets is represented using a congruence, and the solution of the system of congruences using the Chinese remainder theorem is the secret to be recovered.

October 5, 2016 D. Basu CS1231R: CRT 19 / 24 Introduction Construction Applications The Coda

Applications: Fast computation

i. Fast Fourier Transform The prime-factor FFT algorithm or Good-Thomas algorithm reduces the computation of a fast Fourier transform of size n1n2 to the computation of two fast Fourier transforms of smaller sizes n1 and n2 which are coprime.

ii. Parallel computation If we have an expensive computational task that involves adding, multiplying and subtracting integers on a finite set S. Then, we can choose primes p1, p2, . . . , pr which do not divide any element of S and split the computation over r processors. Afterwards CRT is used to put the answers back together.

October 5, 2016 D. Basu CS1231R: CRT 20 / 24 Introduction Construction Applications The Coda

Applications: Mathematics

i. Lagrangian interpolation Given a set of k + 1 data points (x0, y0),..., (xk, yk) where no two xj’s are the same, the Lagrangian interpolation tries to fit a polynomial of degree k. ii. Hermite interpolation Given a set of k + 1 data points (x0, y0),..., (xk, yk), the Hermite polynomial tries to find out a polynomial of the least possible degree, such that the polynomial and its first derivatives take given values at the given data points. iii. G¨odel’s(First) incompleteness theorem Proof of the theorem depends on choosing a way to encode formulas and proofs as numbers. The Chinese remainder theorem has been used to construct such a Gdel numbering for sequences.

October 5, 2016 D. Basu CS1231R: CRT 21 / 24 Introduction Construction Applications The Coda

“The elegance of a mathematical theorem is directly proportional to the number of independent ideas one can see in the theorem and inversely proportional to the effort it takes to see them.”

– George P´olya

October 5, 2016 D. Basu CS1231R: CRT 22 / 24 Introduction Construction Applications The Coda

Useful Links

Wikipedia: Chinese remainder theorem

http://www.cut-the-knot.org/blue/chinese.shtml

Jane Liu’s page on CRT

Stanford’s crypto group page

https://drexel28.wordpress.com/2011/09/06/ the-chinese-remainder-theorem/

http://math.stackexchange.com/questions/1102037/ the-chinese-remainder-theorem-for-rings

October 5, 2016 D. Basu CS1231R: CRT 23 / 24 Introduction Construction Applications The Coda

References

Ding, C., Pei, D., and Salomaa, A. (1996). Chinese Remainder Theorem: Applications in Computing, Coding, Cryptography. World Scientific Publishing Co., Inc., River Edge, NJ, USA.

Gauss, C. F. (1986). Disquisitiones arithmeticae, 1801. english translation by arthur a. clarke.

Ore, O. (2012). Number theory and its history. Courier Corporation.

Rosen, K. H. (2011). Elementary number theory. Pearson Education.

October 5, 2016 D. Basu CS1231R: CRT 24 / 24