0 ratings0% found this document useful (0 votes)

361 views8 pagesProceedings - NCUR IX. (1995), Vol. II, pp. 708-712
Jeffrey F. Gold
Department of Mathematics, Department of Physics
University of Utah
Salt Lake City, Utah 84112
Don H. Tucker
Department of Mathematics
University of Utah
Salt Lake City, Utah 84112
Introduction
Although the solutions of linear congruences have been of interest for a very long time, they still remain somewhat pedagogically di cult. Because of the importance of linear congruences in fields such as public-key cryptosystems, new and innovative approaches are needed both to attract interest and to make them more accessible. While the potential for new ideas used in future research
is difficult to assess, some use may be found here. In this paper, the authors make use of the remodulization method developed in [1] as a vehicle to characterize the conditions under which solutions exist and then determine the solution space. The method is more efficient than those cited in the standard references. This novel approach relates the solution space of cx = a mod b to the Euler totient function for c rather than that of b, which allows one to develop an alternative and somewhat more efficient
approach to the problem of creating enciphering and deciphering keys in public-key cryptosystems.

Jan 25, 2010

© Attribution Non-Commercial (BY-NC)

PDF or read online from Scribd

Proceedings - NCUR IX. (1995), Vol. II, pp. 708-712
Jeffrey F. Gold
Department of Mathematics, Department of Physics
University of Utah
Salt Lake City, Utah 84112
Don H. Tucker
Department of Mathematics
University of Utah
Salt Lake City, Utah 84112
Introduction
Although the solutions of linear congruences have been of interest for a very long time, they still remain somewhat pedagogically di cult. Because of the importance of linear congruences in fields such as public-key cryptosystems, new and innovative approaches are needed both to attract interest and to make them more accessible. While the potential for new ideas used in future research
is difficult to assess, some use may be found here. In this paper, the authors make use of the remodulization method developed in [1] as a vehicle to characterize the conditions under which solutions exist and then determine the solution space. The method is more efficient than those cited in the standard references. This novel approach relates the solution space of cx = a mod b to the Euler totient function for c rather than that of b, which allows one to develop an alternative and somewhat more efficient
approach to the problem of creating enciphering and deciphering keys in public-key cryptosystems.

Attribution Non-Commercial (BY-NC)

0 ratings0% found this document useful (0 votes)

361 views8 pagesProceedings - NCUR IX. (1995), Vol. II, pp. 708-712
Jeffrey F. Gold
Department of Mathematics, Department of Physics
University of Utah
Salt Lake City, Utah 84112
Don H. Tucker
Department of Mathematics
University of Utah
Salt Lake City, Utah 84112
Introduction
Although the solutions of linear congruences have been of interest for a very long time, they still remain somewhat pedagogically di cult. Because of the importance of linear congruences in fields such as public-key cryptosystems, new and innovative approaches are needed both to attract interest and to make them more accessible. While the potential for new ideas used in future research
is difficult to assess, some use may be found here. In this paper, the authors make use of the remodulization method developed in [1] as a vehicle to characterize the conditions under which solutions exist and then determine the solution space. The method is more efficient than those cited in the standard references. This novel approach relates the solution space of cx = a mod b to the Euler totient function for c rather than that of b, which allows one to develop an alternative and somewhat more efficient
approach to the problem of creating enciphering and deciphering keys in public-key cryptosystems.

Attribution Non-Commercial (BY-NC)

You are on page 1of 8

Congruences

Proceedings|NCUR IX. (1995), Vol. II, pp. 708{712

Jerey F. Gold

Department of Mathematics, Department of Physics

University of Utah

Don H. Tucker

Department of Mathematics

University of Utah

Introduction

Although the solutions of linear congruences have been of interest for a very

long time, they still remain somewhat pedagogically dicult. Because of the

importance of linear congruences in elds such as public-key cryptosystems,

new and innovative approaches are needed both to attract interest and to make

them more accessible. While the potential for new ideas used in future research

is dicult to assess, some use may be found here.

In this paper, the authors make use of the remodulization method developed

in [1] as a vehicle to characterize the conditions under which solutions exist

and then determine the solution space. The method is more ecient than

those cited in the standard references. This novel approach relates the solution

space of mod to the Euler totient function for rather than that

cx a b c

1

CHAPTER 6. A NOVEL SOLUTION OF LINEAR CONGRUENCES 2

b

key cryptosystems.

Remodulization

Denition 1 If a and b are integers, then

a mod = f b a; a 6 b; a 62 b; : : : g :

a mod b x . a mod b

sets are also frequently called residue classes since they consist of those integers

which, upon division by , leave a remainder (residue) of . It is customary to

b a

a

[ 1 2

a ; a ; : : : ; an ] mod = f 1 mod g[f 2 mod g[1 1 1[f n mod g =

b a b a b a b

[f

n

ai mod gb :

i=1

a mod = [b a; a + b; : : : ; a + ( 0 1)] mod

b c cb :

Proof. Write

a mod = f

b ::: a 0 cb; a 0 ( 0 1)

c b; ::: a 0 b;

a; a + b; ::: a + ( 0 1)c b;

+ a cb; a + ( + 1)

c b; ::: a + (2 0 1) c b; ::: g

and upon rewriting the columns,

mod = f

a b 0 + 0

::: a + ( 0 1) 0

cb; a b cb; ::: a c b cb;

+ a; + ( 0 1)a b; ::: a c b;

+ + + a + ( 0 1) +

cb; a b cb; ::: a c b cb; ::: g

and forming unions on the extended columns, the result follows.

This process is called remodulization by the factor c.

CHAPTER 6. A NOVEL SOLUTION OF LINEAR CONGRUENCES 3

Linear Congruences

Theorem 2 A linear congruence cx a mod b, where ( ) = 1,

gcd c; b has as

unique solution x a 0 mod b , where a0 2 f a+cbk gck0=01 .

Proof. Suppose one has the linear congruence,

cx mod

a b ;

where ( ) = 1 and 0

gcd c; b . (If does not satisfy this requirement, then

< c < b c

condition 0 .)

< c < b

cx [ a; a + b; : : : ; a + ( 0 1)] mod

b c cb :

b; : : : ; a b c

Since

[ +

cx a; a + ( 0 1)] mod

b; : : : ; d; : : : ; a b c cb ;

cx mod

d cb :

cx [ a; a + b; : : : ; d 0 b; d + b; : : : ; a + ( 0 1)] mod

b c cb

are not solvable, since in each case the factor c is pairwise relatively prime with

the residues f +a; a 0 +

b; : : : ; d + ( 0 1)g, and thus does not divide

b; d b; : : : ; a b c

them.

For the solution cx mod , however, dividing through by the factor ,

d cb c

cx

c

mod

d

c

cb

or,

x mod

d

c

b :

Note that the Euclidean algorithm has not been invoked; all that was nec-

essary to solve this problem was the fact that ( ) = 1. The theorem is gcd c; b

CHAPTER 6. A NOVEL SOLUTION OF LINEAR CONGRUENCES 4

linear congruence is solvable since 3 is divisible by (5 7) = 1.

gcd ; Remodulizing

3 mod 7 by the factor 5 gives

5 [3 10 17 24 31] mod 5 1 7

x ; ; ; ;

so that

5 10 mod 35

x

is the only possible solution and, upon dividing all three terms by 5,

x 2 mod 7 :

Note that the remaining linear congruences 5x [3; 17; 24; 31] mod 35 do not

admit any solutions, since in this example gcd(5; 35) = 5 does not divide any

element in the set f3; 17; 24; 31g.

Theorem 3 If gcd(c; b) = d and dja, then the linear congruence cx a mod b,

has d distinct (incongruent) solutions modulo b .

Proof. In the event ( ) = , then must be divisible by , otherwise,

gcd c; b d a d

the linear congruence will not admit integer solutions. With that in mind, write

c = 0 , = 0 , and = 0 . If all three terms of the original linear congruence

c d a a d b b d

are divided by , d

0 0 mod 0 c x a b :

gcd c ; b 0. x x mod b

x mod b d

Hence there are distinct (incongruent) solutions

d to the linear congru- modulo b

a mod b gcd c; b d d a

by the following:

3, 2x 3 mod 5. This new linear congruence is solvable because 3 is divisible

by gcd(2; 5) = 1. Using the remodulization method, 2 x [3; 8] mod 10 , where

the solution, by inspection, is x 4 mod 5. Then, remodulizing 4 mod 5 by

the factor 3, the solutions of the original linear congruence 6x 9 mod 15 are

x [4; 9; 14] mod 15.

however, after the solution is found, it is unnecessary to carry on any further

computations. Another trial-and-error method consists of trying all residues of

CHAPTER 6. A NOVEL SOLUTION OF LINEAR CONGRUENCES 5

; ;::: ;b b cx

a mod until the solution is found. In the case , there are at most

b c b c

tion method requires at most 3 steps, compared to 37 possible steps trying solu-

tions of the complete residue system modulo 37. Remodulizing by the factor 3,

3x [5; 42; : : : ] mod 111. By inspection, and requiring only 2 steps, the solu-

tion is x 14 mod 37. Performing the other calculation would have required 14

steps. Of course, simply guessing the solution may sometimes be just as fruitful.

Picking an easy example is also helpful.

A standard method of solving linear congruences involves Euler's phi func-

tion [2,3], or totient, denoted by 8. The totient 8( ) enumerates the positive b

integers less than which are relatively prime to . Euler's extension of Fermat's

b b

8(b) 1 mod c b ;

gcd c; b cx a b

c

8(b) x a 1 c(8(b)01) mod b ;

or

x 1

a c

(8(b)01) mod b :

Thus, nding the solution of the linear congruence cx mod requires know-

a b

b b

based on the factor , specically 8( ), rather than the modulus . In cases

c c b

dealing with very large integers, and where is much less than , or those cases

c b

c

c b

solution 8(c) )

x (1 0

a

c

b

mod b :

Proof. Note that the linear congruence mod , where and are rel- cx a b c b

< c < b x y

cx by a y

CHAPTER 6. A NOVEL SOLUTION OF LINEAR CONGRUENCES 6

the linear congruence 0 mod , shows that the solution, using Euler's

by a c

theorem, is 0 1 (8(c)01)

y . Substituting this result into 0 = ,

a b mod c cx by a

cx = + = + [ 0 1 (8(c)01)

a by a b ]. Solving for ,

a b mod c x

(8(c)01) mod c ]

x a + [0 1

b a b

mod b ;

c

a b c

generated by + , for 2 f0 1 2

a by 0 1g. The + 1st residue in the re-

y ; ; ;::: ;c y

a; a b; : : : ; a b c bc

by . c

If one is not interested in nding the least non-negative residue, the solution

reduces to 8(c) )

(1 0 x mod a b

b :

c

gcd c; b d

has d distinct solutions x [x0 ; x0 + b0 ; : : : ; x0 + b0 (d 0 1)] mod b, where a = a0 d,

b = b0 d, c = c0 d, and

" 8(c0 ) ) #

a0 (1 0 b0

x0 mod b0 :

c0

by = mod

a formally, then the answer is x = ac 0 bc y , but the integer character

b

and information is lost and not easily recovered. In the modular arithmetic

format, however, the formula of Theorem 4 (or its corollary by Theorem 3)

characterizes the countably innitely many solutions.

Applications

In public-key cryptosystems [2,4,5], an enciphering modulus is created by m

multiplying two very large primes and , say = ; then one chooses anp q m pq

e d

relation

1 1 mod 8( ) e d m ;

CHAPTER 6. A NOVEL SOLUTION OF LINEAR CONGRUENCES 7

gcd e; m gcd d; m m p q

it is meant that the primes and should have 100 or more digits each. If one

p q

e gcd e; m

m

(8(8(m))01) mod 8( )

d e m :

8(e)

1 0 8( )

d mod 8( ) e

m

m ;

where 8( ) = 0 1.

e e

tion ( 8( )) = 1 than it is to calculate the prime decomposition of 8( )

gcd e; m m

and its totient 8(8( )), even in those cases in which is not prime but its

m e

factorization is known.

an enciphering exponent e and a deciphering exponent d which satisfy

e 1 1 mod 60

d :

e d

8(13) 12

1 0 60 mod 60 1 0 60 mod 60 37 mod 60

d

13 13 ;

d e d

This method may not supplant the Euclidean algorithm method. In order to

extract a solution from the linear congruence 1 mod , the Euclidean algo-

nx m

m n m n

iterations. According to Bressoud [6], the method described here requires ap-

proximately the same number of iterations (perhaps one or two fewer), but

since one is dealing with very large integers, i.e., 10100 and 10200 , the

n m

algorithm in their computer programs will not likely change to this method.

Those just starting may well nd this method preferable.

References

[1] Jerey F. Gold and Don H. Tucker, Remodulization of Congruences, Proceed-

ings | National Conference on Undergraduate Research, University of North

CHAPTER 6. A NOVEL SOLUTION OF LINEAR CONGRUENCES 8

[2] David M. Burton, Elementary Number Theory, Second Edition, Wm. C. Brown

Publishers, Iowa, 1989, 156{160, 175{179.

[3] Oystein Ore, Number Theory and Its History, Dover Publications, Inc., New

York, 1988, 109{115.

[4] David M. Bressoud, Factorization and Primality Testing, Springer-Verlag

New York, Inc., New York, 1989, 43{46.

[5] Kenneth H. Rosen, Elementary Number Theory and Its Applications, Third

Edition, Addison-Wesley Publishing Company, Massachusetts, 1993, 253{264.

[6] David M. Bressoud. Personal communication.

## Much more than documents.

Discover everything Scribd has to offer, including books and audiobooks from major publishers.

Cancel anytime.