A Novel Solution Of Linear Congruences

1. Chapter 6 A Novel Solution Of Linear Congruences Proceedings|NCUR IX. (1995), Vol. II, pp. 708{712 Jerey F. Gold Department of Mathematics, Department of Physics University of Utah Salt Lake City, Utah 84112 Don H. Tucker Department of Mathematics University of Utah Salt Lake City, Utah 84112 Introduction Although the solutions of linear congruences have been of interest for a very long time, they still remain somewhat pedagogically dicult. Because of the importance of linear congruences in

2. elds such as public-key cryptosystems, new and innovative approaches are needed both to attract interest and to make them more accessible. While the potential for new ideas used in future research is dicult to assess, some use may be found here. In this paper, the authors make use of the remodulization method developed in [1] as a vehicle to characterize the conditions under which solutions exist and then determine the solution space. The method is more ecient than those cited in the standard references. This novel approach relates the solution space of mod to the Euler totient function for rather than that cx a b c 1

3. CHAPTER 6. A NOVEL SOLUTION OF LINEAR CONGRUENCES 2 of , which allows one to develop an alternative and somewhat more ecient b approach to the problem of creating enciphering and deciphering keys in public- key cryptosystems. Remodulization De

4. nition 1 If a and b are integers, then a mod = f b a; a 6 b; a 62 b; : : : g : The notation x , means that is an element of the set a mod b x . a mod b The common terminology is to say that is congruent to modulo . These x a b sets are also frequently called residue classes since they consist of those integers which, upon division by , leave a remainder (residue) of . It is customary to b a write as the least non-negative residue. a De

5. nition 2 If a1 ,a2 ,: : : ,an ,b 2 Z, then [ 1 2 a ; a ; : : : ; an ] mod = f 1 mod g[f 2 mod g[1 1 1[f n mod g = b a b a b a b [f n ai mod gb : i=1 Theorem 1 Suppose a, b, and c 2 Z and c 0, then a mod = [b a; a + b; : : : ; a + ( 0 1)] mod b c cb : Proof. Write a mod = f b ::: a 0 cb; a 0 ( 0 1) c b; ::: a 0 b; a; a + b; ::: a + ( 0 1)c b; + a cb; a + ( + 1) c b; ::: a + (2 0 1) c b; ::: g and upon rewriting the columns, mod = f a b 0 + 0 ::: a + ( 0 1) 0 cb; a b cb; ::: a c b cb; + a; + ( 0 1)a b; ::: a c b; + + + a + ( 0 1) + cb; a b cb; ::: a c b cb; ::: g and forming unions on the extended columns, the result follows. This process is called remodulization by the factor c.

6. CHAPTER 6. A NOVEL SOLUTION OF LINEAR CONGRUENCES 3 Linear Congruences Theorem 2 A linear congruence cx a mod b, where ( ) = 1, gcd c; b has as unique solution x a 0 mod b , where a0 2 f a+bk gc01 . c k=0 Proof. Suppose one has the linear congruence, cx mod a b ; where ( ) = 1 and 0 gcd c; b . (If does not satisfy this requirement, then c b c c may be reduced or augmented by some multiple of so that it satis

7. es the b condition 0 .) c b Remodulizing a mod b by the factor gives c cx [ a; a + b; : : : ; a + ( 0 1)] mod b c cb : Because the set f + a; a + ( 0 1)g forms a complete residue system b; : : : ; a b c modulo c , there exists an element in this set, call it , which is divisible by . d c Since [ + cx a; a + ( 0 1)] mod b; : : : ; d; : : : ; a b c cb ; it is seen that the only solvable linear congruence is cx mod d cb : The remaining linear congruences, cx [ a; a + b; : : : ; d 0 b; d + b; : : : ; a + ( 0 1)] mod b c cb are not solvable, since in each case the factor c is pairwise relatively prime with the residues f +a; a 0 + b; : : : ; d + ( 0 1)g, and thus does not divide b; d b; : : : ; a b c them. For the solution cx mod , however, dividing through by the factor , d cb c cx c mod d c cb c or, x mod d c b : Note that the Euclidean algorithm has not been invoked; all that was nec- essary to solve this problem was the fact that ( ) = 1. The theorem is gcd c; b illustrated by the following example.

8. CHAPTER 6. A NOVEL SOLUTION OF LINEAR CONGRUENCES 4 Example 1 Suppose 12x 3 mod 7; this reduces to 5 3 x mod 7. This linear congruence is solvable since 3 is divisible by (5 7) = 1. gcd ; Remodulizing 3 mod 7 by the factor 5 gives 5 [3 10 17 24 31] mod 5 1 7 x ; ; ; ; so that 5 10 mod 35 x is the only possible solution and, upon dividing all three terms by 5, x 2 mod 7 : Note that the remaining linear congruences 5x [3; 17; 24; 31] mod 35 do not admit any solutions, since in this example gcd(5; 35) = 5 does not divide any element in the set f3; 17; 24; 31g. Theorem 3 If gcd(c; b) = d and dja, then the linear congruence cx a mod b, has d distinct (incongruent) solutions modulo b . Proof. In the event ( ) = , then must be divisible by , otherwise, gcd c; b d a d the linear congruence will not admit integer solutions. With that in mind, write c = 0 , = 0 , and = 0 . If all three terms of the original linear congruence c d a a d b b d are divided by , d 0 0 mod 0 c x a b : Since ( 0 0 ) = 1, the resulting linear congruence has a solution 0 gcd c ; b 0. x x mod b However, the modulus of the original congruence is = 0 ; therefore, by re- b b d modulizing the solution 0 0 by the factor one obtains x mod b d x [x ;x 0 0 + b0 ; : : : ; x0 + b0 (d 0 1)] mod b0 d : Hence there are distinct (incongruent) solutions d to the linear congru- modulo b ence cx if ( ) = and j . The theorem's utility is demonstrated a mod b gcd c; b d d a by the following: Example 2 Suppose 6x 9 mod 15. Dividing through by the common factor 3, 2x 3 mod 5. This new linear congruence is solvable because 3 is divisible by gcd(2; 5) = 1. Using the remodulization method, 2 x [3; 8] mod 10 , where the solution, by inspection, is x 4 mod 5. Then, remodulizing 4 mod 5 by the factor 3, the solutions of the original linear congruence 6x 9 mod 15 are x [4; 9; 14] mod 15. It is easily seen that the remodulization method is a trial-and-error method; however, after the solution is found, it is unnecessary to carry on any further computations. Another trial-and-error method consists of trying all residues of

9. CHAPTER 6. A NOVEL SOLUTION OF LINEAR CONGRUENCES 5 the complete residue system [1 2 ] mod in the linear congruence ; ;::: ;b b cx a mod until the solution is found. In the case , there are at most b c b c computations using the remodulization method, compared to possible compu- b tations of the alternate method. Example 3 Consider the linear congruence 3x 5 mod 37. The remodulization method requires at most 3 steps, compared to 37 possible steps trying solutions of the complete residue system modulo 37. Remodulizing by the factor 3, 3x [5; 42; : : : ] mod 111. By inspection, and requiring only 2 steps, the solution is x 14 mod 37. Performing the other calculation would have required 14 steps. Of course, simply guessing the solution may sometimes be just as fruitful. Picking an easy example is also helpful. A standard method of solving linear congruences involves Euler's phi function [2,3], or totient, denoted by 8. The totient 8( ) enumerates the positive b integers less than which are relatively prime to . Euler's extension of Fermat's b b theorem states that 8(b) 1 mod c b ; if ( ) = 1. Therefore, multiplying the linear congruence mod gcd c; b cx a b through by the factor (8(b)01) gives c c 8(b) x a 1 c(8(b)01) mod b ; or x 1 a c (8(b)01) mod b : Thus,

10. nding the solution of the linear congruence cx mod requires know- a b ing 8( ), or equivalently, the factorization of . b b The remodulization method predicts

11. nding solutions of linear congruences based on the factor , speci

12. cally 8( ), rather than the modulus . In cases c c b dealing with very large integers, and where is much less than , or those cases c b in which the factorization of is known, it may be more convenient to calculate c the totient of , rather than that of . c b Theorem 4 The linear congruence cx a mod b, where gcd(c; b) = 1, has as solution 8(c) ) x (1 0 a c b mod b : Proof. Note that the linear congruence mod , where and are rel- cx a b c b atively prime and 0 , implies the existence of integers and such c b x y that 0 = . Solving this equation instead for , which is equivalent to cx by a y

13. CHAPTER 6. A NOVEL SOLUTION OF LINEAR CONGRUENCES 6 the linear congruence 0 mod , shows that the solution, using Euler's by a c theorem, is 0 1 (8(c)01) y . Substituting this result into 0 = , a b mod c cx by a cx = + = + [ 0 1 (8(c)01) a by a b ]. Solving for , a b mod c x (8(c)01) mod c ] x a + [0 1 b a b mod b ; c where 0 1 (8(c)01) is augmented by the proper multiple of to obtain the least a b c non-negative residue . modulo c In the remodulization method, the elements f + + ( 0 1)g are a; a b; : : : ; a b c generated by + , for 2 f0 1 2 a by 0 1g. The + 1st residue in the re- y ; ; ;::: ;c y modulized form [ + + ( 0 1)] mod is the solution, upon division a; a b; : : : ; a b c bc by . c If one is not interested in

14. nding the least non-negative residue, the solution reduces to (1 0 8(c) ) mod x a b b : c Theorem 3 gives the obvious corollary to Theorem 4 in case ( )= . gcd c; b d Corollary 1 If gcd(c; b) = d and dja, then the linear congruence cx a mod b has d distinct solutions x [x0 ; x0 + b0 ; : : : ; x0 + b0 (d 0 1)] mod b, where a = a0 d, b = b0 d, c = c0 d, and 8(c0 ) ) # a0 (1 0 b0 x0 mod b0 : c0 Remark 1 If one solves the diophantine equation cx + by = a; i.e., cx = a 0 by = mod a formally, then the answer is x = a 0 b y , but the integer character b c c and information is lost and not easily recovered. In the modular arithmetic format, however, the formula of Theorem 4 (or its corollary by Theorem 3) characterizes the countably in

15. nitely many solutions. Applications In public-key cryptosystems [2,4,5], an enciphering modulus is created by m multiplying two very large primes and , say = ; then one chooses anp q m pq enciphering exponent and a deciphering exponent that satisfy the congruence e d relation 1 1 mod 8( ) e d m ;

16. CHAPTER 6. A NOVEL SOLUTION OF LINEAR CONGRUENCES 7 where ( 8( )) = ( 8( )) = 1, and 8( ) = ( 0 1)( 0 1). By large, gcd e; m gcd d; m m p q it is meant that the primes and should have 100 or more digits each. If one p q chooses the enciphering exponent to be a prime such that ( 8( )) = 1, e gcd e; m then it is unnecessary to calculate 8(8( )) for the usual or standard solution m (8(8(m))01) mod 8( ) d e m : Instead, one only needs to calculate the solution 8(e) 1 0 8( ) d mod 8( ) e m m ; where 8( ) = 0 1. e e It is much easier (and more computationally ecient) to satisfy the condition ( 8( )) = 1 than it is to calculate the prime decomposition of 8( ) gcd e; m m and its totient 8(8( )), even in those cases in which is not prime but its m e factorization is known. Example 4 Suppose m = 7 1 11 = 77, then 8(77) = 60. The problem is to

17. nd an enciphering exponent e and a deciphering exponent d which satisfy e 1 1 mod 60 d : If one chooses = 13, then is found by e d 1 0 608(13) mod 60 1 0 6012 mod 60 37 mod 60 d 13 13 ; whereas 8(8(77)) = 8(60) = 8(22 1 3 1 5) = 16. Additionally, for = 7, = 43; e d e = 11 gives = 11; = 17 gives = 53; and so on. d e d This method may not supplant the Euclidean algorithm method. In order to extract a solution from the linear congruence 1 mod , the Euclidean algo- nx m rithm requires at most log2( ) iterations, or in the case , only 1+log2 ( ) m n m n iterations. According to Bressoud [6], the method described here requires ap- proximately the same number of iterations (perhaps one or two fewer), but since one is dealing with very large integers, i.e., 10100 and 10200 , the n m dierence is negligible. Therefore, those who have incorporated the Euclidean algorithm in their computer programs will not likely change to this method. Those just starting may well

18. nd this method preferable. References [1] Jerey F. Gold and Don H. Tucker, Remodulization of Congruences, Proceed- ings | National Conference on Undergraduate Research, University of North

19. CHAPTER 6. A NOVEL SOLUTION OF LINEAR CONGRUENCES 8 Carolina Press, Asheville, North Carolina, 1992, Vol. II, 1036{41. [2] David M. Burton, Elementary Number Theory, Second Edition, Wm. C. Brown Publishers, Iowa, 1989, 156{160, 175{179. [3] Oystein Ore, Number Theory and Its History, Dover Publications, Inc., New York, 1988, 109{115. [4] David M. Bressoud, Factorization and Primality Testing, Springer-Verlag New York, Inc., New York, 1989, 43{46. [5] Kenneth H. Rosen, Elementary Number Theory and Its Applications, Third Edition, Addison-Wesley Publishing Company, Massachusetts, 1993, 253{264. [6] David M. Bressoud. Personal communication.

A Novel Solution Of Linear Congruences

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (18)

Ähnlich wie A Novel Solution Of Linear Congruences

Ähnlich wie A Novel Solution Of Linear Congruences (20)

Mehr von Jeffrey Gold

Mehr von Jeffrey Gold (14)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

A Novel Solution Of Linear Congruences