Lecture 13: Chinese Remainder Theorem

The Chinese remainder theorem is about solutions to congruences. To start, suppose we have the following linear congruence:

$$ \begin{align*} ax \equiv b \pmod{m} \end{align*} $$

This is solvable if and only if $b$ is divisible by $(a,m)$. Euclid’s algorithm can show that this is sufficient. For example suppose we have

$$ \begin{align*} 6x \equiv 7 \pmod{45} \end{align*} $$

Then, this congruence has no solutions since $(6,45) = 3$ and $3 \not\mid 7$. On the other hand the congruence

$$ \begin{align*} 6x \equiv 3 \pmod{45} \end{align*} $$

has a solution since $(6,45) \mid 3$. How do we find the solution in general? well, $6x \equiv 3 \pmod{45}$ implies that

$$ \begin{align*} 6x &= 3 + 45y \\ 2x &= 1 + 15y \quad \text{(divide by 3)} \end{align*} $$

We can now use Euclid’s algorithm to see that

$$ \begin{align*} x \equiv 8 \pmod{15} \end{align*} $$

So $8$ is a solution to the original equation but so are $8+15$ and $8+30$. This is because the original congruence was module $45$ and we have $8+15 = 23 \pmod{45}$ and $8+30 = 38 \pmod{45}$ but $8 + 45 = 8 \pmod{45}$. Only when $(a,m) = 1$, the solution is unique and always exists. If $(a,m) > 1$, the solution might not exist or we might have many solutions.

Polynomial Congruences

Suppose we want to solve a polynomial congruence such as

$$ \begin{align*} f(x) \equiv 0 \pmod{m} \end{align*} $$

There are a few cases:

$m$ is prime. This is easier since since if $(a,m) = 1$, then $a$ has an inverse module $m$.
$m=p^n$ is a prime power. This can be reduced to the first case (we will see this in a later lecture (Hansel's Lemma)).
$m=p_1^{n_1}p_2^{n_2}\cdots$. We will reduce this to the case $m = p^n$ using the Chinese Remainder Theorem (CRT).

In this lecture, we will study the reduction from case 3 to case 2.

System of Two Linear Congruences

Suppose we want to solve the following system of linear congruences

$$ \begin{align*} x \equiv a_1 \pmod{m_1} \\ x \equiv a_2 \pmod{m_2} \end{align*} $$

In general, to have a solution to this system we want $m_1$ and $m_2$ to be coprime. This solution is even unique when $m_1$ and $m_2$ are coprime. If they were not co-prime, then it’s not guaranteed. We could or could not have a solution.

Example

As an example, suppose we want to solve the following system of linear congruences

$$ \begin{align*} x \equiv 1 \pmod{17} \\ x \equiv 3 \pmod{21} \end{align*} $$

Here, we see that $(17,21) = 1$. So then we have

$$ \begin{align*} x = 1 + 17y = 3 + 21z \end{align*} $$

which simplifes to

$$ \begin{align*} -21z + 17y = 2 \end{align*} $$

By Euclid’s algorithm, $-21z + 17y = 1$ has the solution $z = 4$ and $y = 5$. So now we can just double it to get

$$ \begin{align*} z = 8, y = 10 \end{align*} $$

Chinese Remainder Theorem

Suppose now that we have more than two linear congruences. Then by CRT:

The following system of congruences $$ \begin{align*} x &\equiv a_1 \pmod{m_1} \\ x &\equiv a_2 \pmod{m_2} \\ \cdots \\ x &\equiv a_k \pmod{m_k} \end{align*} $$ has a unique solution module $M = m_1m_2\cdots m_k$ if $m_1, m_2, \cdots m_k$ are pairwise coprime

Proof

So let’s focus on the first two equations and instead of using Euclid’s algorithm, let’s define a map from the set of all numbers from $0$ up to $m_1m_2 - 1$ to the product set of the numbers from $0$ to $m_1$ and $0$ to $m_2$.

$$ \begin{align*} \{0,1,2,\cdots,m_1m_2 - 1\} &\longrightarrow \{0,1,2,\cdots,m_1\} \times \{0,1,2,\cdots,m_2\} \\ \end{align*} $$

Given by

$$ \begin{align*} f(x) &= (x \bmod m_1, x \bmod m_2) \end{align*} $$

We claim that this is is a bijection. First we will show that $f$ is injective. So suppose that $f(x) = f(y)$, then we want to show that $x = y$. Since $f(x) = f(y)$, then

$$ \begin{align*} (x \bmod m_1, \bmod m_2) = (y \bmod m_1, y \bmod m_2) \end{align*} $$

Therefore

$$ \begin{align*} x \equiv y &\pmod{m_1} \\ x \equiv y &\pmod{m_2} \end{align*} $$

The first equation implies $x - y$ is divisible by $m_1$. The second equation implies that $x-y$ is by $m_2$. But $m_1$ and $m_2$ are coprime so $x-y$ must also be divisible by the product $m_1m_2$. This means that

$$ \begin{align*} x \equiv y \pmod{m_1m_2} \end{align*} $$

This implies that $f$ is injective. Now, since we have an injective map between two sets of equal size, then this map must be surjective as well. Therefore, $f$ is a bijection.

So now since this map is a bijection, then given a pair $(a_1, a_2) \in \mathbb{Z}/m_1, \mathbb{Z}/m_2$, this pair must correspond to exactly one $x$ in $\mathbb{Z}/(m_1m_2)$ such that

$$ \begin{align*} x &\equiv a_1 \pmod{m_1} \\ x &\equiv a_2 \pmod{m_2} \end{align*} $$

which is what we wanted to show. Note that this argument actually fails when $m_1$ and $m_2$ are not coprime. The map will not be injective.

Example

Suppose we want to solve the following

$$ \begin{align*} x^2 \equiv x \pmod{10^n} \end{align*} $$

What does this equation mean? We want to find a number such that they have the same last digit if you square it. For example, $6^2 = 36$ and

$$ \begin{align*} 6^2 \pmod{10^1} = 6 \end{align*} $$

Similarly,

$$ \begin{align*} 76^2 = 5776 \pmod{10^3} = 6 \end{align*} $$

Observe now that

$$ \begin{align*} 10^n = 5^n \cdot 2^n \\ \end{align*} $$

$5^n$ and $2^n$ are coprime. Therefore, By CRT if we solve

$$ \begin{align*} x^2 &\equiv x \pmod{5^n} \\ x^2 &\equiv x \pmod{2^n} \end{align*} $$

Then, we are guaranteed that there there exists a unique solution module $10^n$

$$ \begin{align*} x^2 &\equiv x \pmod{10^n} \end{align*} $$

Which is what we want. To solve the first congruence, observe that

$$ \begin{align*} x^2 &\equiv x \pmod{5^n} \\ x^2 -x &\equiv 0 \pmod{5^n} \\ x(x-1) &\equiv 0 \pmod{5^n} \\ \end{align*} $$

There are at least two solutions

$$ \begin{align*} x \equiv 0 \pmod{5^n} \ \text{ or } \ x \equiv 1 \pmod{5^n} \end{align*} $$

Similarly, for $x^5 \equiv x \pmod{2^n}$, we also get the same two solutions.

$$ \begin{align*} x \equiv 0 \pmod{2^n} \ \text{ or } \ x \equiv 1 \pmod{2^n} \end{align*} $$

So now by CRT, for each pair of solutions, we are guaranteed a solution modulo $10^n$. For example, consider the pair

$$ \begin{align*} x \equiv 1 \pmod{2^n} \\ x \equiv 1 \pmod{5^n} \end{align*} $$

By CRT,

$$ \begin{align*} x \equiv 1 \pmod{10^n} \end{align*} $$

However, this isn’t an interesting solution. Let’s try another pair. Consider

$$ \begin{align*} x \equiv 0 \pmod{2^n} \\ x \equiv 1 \pmod{5^n} \end{align*} $$

Using the first congruence, this implies that $x = 2^n \cdot t$. Plugging this in into the second congruence, we get

$$ \begin{align*} 2^nt &\equiv 1 \pmod{5^n} \end{align*} $$

Suppose $n = 1$, then

$$ \begin{align*} 2t &\equiv 1 \pmod{5} \end{align*} $$

The smallest $t$ satisfying this is $t = 3$. We can plug this back into

$$ \begin{align*} x = 2^n \cdot t = 2^1 \cdot 3 = 6 \end{align*} $$

Notice that $6 \equiv 0 \pmod{2^1}$ and $6 \equiv 1 \pmod{5^1}$ satisfying both congruences and satisfying

$$ \begin{align*} 6 \equiv 6^2 \pmod{10^1} \end{align*} $$

Now, let’s consider trying $n = 2$ for the same same pair of solutions. Recall that $x = 2^n \cdot t = 4t$ (using the first congruence). If we plug this into the second congruence, then we get

$$ \begin{align*} 4t &\equiv 1 \pmod{5^n = 5^2} \\ 4t &\equiv 1 \pmod{25} \\ \end{align*} $$

The smallest $t$ satisfying this is $t = 19$. Thus

$$ \begin{align*} x = 2^n \cdot t = 2^2 \cdot 19 = 76 \end{align*} $$

Therefore, we get the solution

$$ \begin{align*} 76 \equiv (76)^2 \pmod{10^2} \end{align*} $$

Verifying manually, $76^2 = 5776$ and $5776 \pmod{100} = 76$ as we expect!

References

Math115a by Richard E Borcherds