Homomorphisms and Chinese Remainder …Homomorphisms and Chinese Remainder Algorithms(cont.) Different choices of values for the arbitrary integer a in Theorem 5.7 correspond to different

Homomorphisms and Chinese Remainder Algorithms(cont.)

Homomorphisms and Chinese RemainderAlgorithms (cont.)

L. Yohanes Stefanus

L. Yohanes Stefanus Slide 07.1


The Chinese Remainder Problem

We will study algorithms for inverting homomorphisms.

The Chinese Remainder ProblemGiven moduli m0, m1, . . . , mn ∈ Z and given correspondingresidues ui ∈ Zmi , 0 ≤ i ≤ n, find an integer u ∈ Z such that

u ≡ ui (mod mi), 0 ≤ i ≤ n.

The following theorem specifies conditions under which thereexists a unique solution to the Chinese remainder problem.



Theorem (5.7: Chinese Remainder Theorem)

Let m0, m1, . . . , mn ∈ Z be integers which are pairwise relativelyprime, that is,

gcd(mi , mj) = 1 for i 6= j ,

and let ui ∈ Zmi , i = 0, 1, . . . , n be n + 1 specified residues. Forany fixed integer a ∈ Z there exists a unique integer u ∈ Zwhich satisfies the following conditions:

a ≤ u < a + m, where m =n∏

i=0

mi (1)

u ≡ ui (mod mi), 0 ≤ i ≤ n (2)



Proof: Uniqueness

Let u, v ∈ Z be two integers satisfying conditions (1) and (2).Then using the fact that ≡ is an equivalence relation, it followsfrom condition (2) that

u ≡ v (mod mi), for i = 0, 1, . . . , n⇒ u − v ∈ 〈mi〉, for i = 0, 1, . . . , n⇒ u − v ∈ 〈m〉, where m =

∏ni=0 mi

where we have used the fact that since the modulim0, m1, . . . , mn are pairwise relatively prime, an integer which isa multiple of each mi must also be a multiple of the product m.Furthermore, from condition (1) it follows that |u − v | < m andhence u − v = 0 because 0 is the only element of the ideal 〈m〉which has absolute value less than m. Thus u = v .



Proof (cont.): Existence

Let u run through the m distinct integer values in the rangespecified by condition (1) and consider the corresponding(n + 1)-tuples

(φm0(u), φm1(u), . . . , φmn(u)),

where φmi is the modular homomorphism defined byφmi (a) = rem(a, mi) for all a ∈ Z . By the uniqueness proof, notwo of these (n + 1)-tuples can be identical and hence the(n + 1)-tuples also take on m distinct values. But since the finitering Zmi contains precisely mi elements there are exactlym =

∏ni=0 mi distinct (n + 1)-tuples (v0, v1, . . . , vn) such that

vi ∈ Zmi . Hence each possible (n + 1)-tuple occurs exactlyonce and therefore there must be one value of u in the givenrange such that

(φm0(u), φm1(u), . . . , φmn(u)) = (u0, u1, . . . , un).



Different choices of values for the arbitrary integer a inTheorem 5.7 correspond to different representations forthe ring Zm.

The choice a = 0 corresponds to the familiar positiverepresentation of Zm as

Zm = {0, 1, . . . , m − 1}

where m is positive.

The choice a = −m−12 corresponds to the symmetric

representation of Zm as

Zm = {−m − 12

, . . . ,−1, 0, 1, . . . ,m − 1

2}

where m is odd positive.

In practical applications, usually all of the modulim0, m1, . . . , mn and m are odd positive integers.



Garner’s Chinese Remainder Algorithm

The key to Garner’s algorithm is to express the solutionu ∈ Zm in the mixed radix representation:

u = v0 + v1(m0) + v2(m0m1) + · · ·+ vn(n−1∏i=0

mi) (3)

where vk ∈ Zmk for k = 0, 1, . . . , n.



Example

Let m0 = 3, m1 = 5, m2 = 7, m3 = 11, andm = m0m1m2m3 = 1155.

Using the positive representation, the integeru = 868 ∈ Z1155 has the unique mixed radix representation

868 = v0 + v1(3) + v2(15) + v3(105)

with v0 = 1 ∈ Z3, v1 = 4 ∈ Z5, v2 = 1 ∈ Z7, andv3 = 8 ∈ Z11.



Expressing the solution u of the system of congruences (2)in the mixed radix representation (3), it is straightforward todetermine the coefficients vk (0 ≤ k ≤ n) appearing in (3).

From (3) we have u ≡ v0 (mod m0) and therefore the casei = 0 of the system of congruences (2) will be satisfied ifv0 ∈ Zm0 is chosen such that

v0 ≡ u0 (mod m0). (4)



In general for k ≥ 1, we have from (3) that

u ≡ v0 + v1(m0) + · · ·+ vk (k−1∏i=0

mi) (mod mk ).

If coefficients v0, v1, . . . , vk−1 have been determined then wecan satisfy the case i = k of the system of congruences (2) bychoosing vk such that

v0 + v1(m0) + · · ·+ vk (k−1∏i=0

mi) ≡ uk (mod mk ).

This congruence equation can be solved for vk ∈ Zmk , k ≥ 1:

vk ≡ (uk − [v0 +v1(m0)+ · · ·+vk−1(k−2∏i=0

mi)])M (mod mk ) (5)

where the inverse M = (∏k−1

i=0 mi)−1 appearing here is valid

because∏k−1

i=0 mi is relatively prime to mk .L. Yohanes Stefanus Slide 07.10


Algorithm 5.1: Garner’s Chinese Remainder Algorithm

Garner’s Chinese Remainder Algorithm

procedure IntegerCRA((m0, . . . , mn), (u0, . . . , un))

# Given moduli mi ∈ Z (0 ≤ i ≤ n) which are pairwise# relatively prime and corresponding residues ui ∈ Zmi ,# compute the unique integer u ∈ Zm (where m =

∏ni=0 mi )

# such that u ≡ ui (mod mi), i = 0, 1, . . . , n.# Step 1 : Compute the required inverses using a# procedure reciprocal(a,q) which gives a−1 (mod q).for k from 1 to n do {

product ← φmk (m0)for i from 1 to k − 1 do

product ← φmk (product ·mi)γk ← reciprocal(product , mk )

}



Algorithm 5.1 (cont.)

# Step 2 : Compute the mixed radix coeffs vk .v0 ← u0for k from 1 to n do {

temp← vk−1

for j from k − 2 to 0 by −1 dotemp← φmk (temp ·mj + vj)

vk ← φmk ((uk − temp) · γk )

}




# Step 3 : Convert from mixed radix representation# to standard representationu ← vn

for k from n − 1 to 0 by −1 dou ← u ·mk + vk

return (u)

end procedure



Remarks on Garner’s algorithm

Step 3 performs the evaluation of (3) using the method ofnested multiplication:

u = v0 +m0(v1 +m1(v2 + · · ·+mn−2(vn−1 +mn−1(vn)) · · · )).



Example

Take as moduli the three (single-precision) integers whichare odd and pairwise relatively prime: m0 = 99, m1 = 97,m2 = 95. Then m = m0m1m2 = 912285. Using thesymmetric representation, the range of integers in Z912285

is −456142 ≤ u ≤ 456142.

Consider the problem of determining u given that:

u ≡ 49 (mod 99);

u ≡ −21 (mod 97);

u ≡ −30 (mod 95).



Example (cont.)

Applying Algorithm 5.1, in step 1 we compute the followinginverses:

γ1 = m−10 (mod m1) = 2−1 (mod 97) = −48,

γ2 = (m0m1)−1 (mod m2) = 8−1 (mod 95) = 12.

In step 2 we obtain the following mixed radix coefficientsfor u:

v0 = 49, v1 = −35, v2 = −28.

Finally, in step 3 we get the (multiprecision) solution:

u = −272300.



Example

Back to the system of linear equations on Slide 06.02. Nowwe look at the system over the domains Zp for variousprimes p. By Cramer’s rule, each component of thesolution is a ratio of two determinants. If we let

x1 = det

1 44 74−2 14 −1034 −28 20

, y1 = det

22 1 7415 −2 −10−25 34 20

z1 = det

22 44 115 14 −2−25 −28 34

, d = det

22 44 7415 14 −10−25 −28 20

then x1, y1, z1 and d will be integers and the solution isx = x1

d , y = y1d , z = z1

d .



Example (cont.)

Fortunately, for a given domain Zp we need not calculatethe determinants. Instead, we find the modular solution

x(mod p), y(mod p), z(mod p), d(mod p)

using the usual efficient Gaussian elimination method, anduse

x1 ≡ x d(mod p), y1 ≡ y d(mod p), z1 ≡ z d(mod p)

to obtain modular representations for x1, y1, z1, and d .

Application of Garner’s algorithm gives integerrepresentations for these four quantities and hence rationalnumber answers for x , y , and z.



Example (cont.)

For instance, working over Z7 (in the symmetricrepresentation) the system of linear equations on Slide06.02 becomes

x +2y −3z = 1,x −3z = −2,

3x −z = −1.

Gaussian elimination gives: x ≡ −1 (mod 7),y ≡ −2 (mod 7), z ≡ −2 (mod 7) and d ≡ −2 (mod 7).Thus,x1 ≡ 2 (mod 7), y1 ≡ −3 (mod 7), z1 ≡ −3 (mod 7).

Similarly, working over the domains Z11, Z13, Z17 and Z19

givesx1 ≡ −5 (mod 11), y1 ≡ 0 (mod 11), z1 ≡ −4 (mod 11),d ≡ 1 (mod 11),



Example (cont.)

x1 ≡ −2 (mod 13), y1 ≡ 4 (mod 13), z1 ≡ 6 (mod 13),d ≡ 4 (mod 13),x1 ≡ 5 (mod 17), y1 ≡ −6 (mod 17), z1 ≡ −3 (mod 17),d ≡ −2 (mod 17),x1 ≡ 9 (mod 19), y1 ≡ 6 (mod 19), z1 ≡ 7 (mod 19),d ≡ −8 (mod 19).

Thus, with respect to the moduli 7, 11, 13, 17 and 19, themodular representations are x1 = (2,−5,−2, 5, 9),y1 = (−3, 0, 4,−6, 6), z1 = (−3,−4, 6,−3, 7) andd = (−2, 1, 4,−2,−8).

Using Garner’s algorithm, we obtain x1 = −44280,y1 = 40590, z1 = −11070 and d = −7380. Therefore,x = x1

d = 6, y = y1d = −11

2 , z = z1d = 3

2 .



Newton’s Interpolation

We are interested in the composite homomorphismφ〈I,p〉 = φIφp which projects the multivariate polynomialdomain Z [x1, . . . , xν ] onto the Euclidean domain Zp[x1] (orperhaps onto the field Zp), where p denotes a primeinteger and I denotes the kernel of a multivariateevaluation homomorphism.

φp : Z [x1, . . . , xν ]→ Zp[x1, . . . , xν ] (6)

φI : Zp[x1, . . . , xν ]→ Zp[x1] (7)

The inversion process for (6) is the Chinese remainderalgorithm. The inversion process for (7) is the polynomialinterpolation algorithm.



The inversion of multivariate evaluation homomorphisms ofthe form (7) will be accomplished one indeterminate at atime, viewing φI in the natural way as a composition ofunivariate evaluation homomorphisms.

Therefore it is sufficient to consider the inversion ofunivariate evaluation homomorphisms of the form

φx−αi : D[x ]→ D

where D is in general a multivariate polynomial domainover a field Zp and αi ∈ Zp.

The development of an algorithm for polynomialinterpolation is directly in parallel with the development ofGarner’s algorithm. Indeed the two processes are identicalif one takes an appropriate point of view of algebraicstructures.



The statement of the integer Chinese remainder problemcan be paraphrased to get the following statement of thepolynomial interpolation problem:

Let D be a domain of polynomials (in zero or moreindeterminates other than x) over a coefficient field Zp.Given moduli x − α0, x − α1, . . . , x − αn where αi ∈ Zp,0 ≤ i ≤ n, and given corresponding residues ui ∈ D,0 ≤ i ≤ n, find a polynomial u(x) ∈ D[x ] such that

u(x) ≡ ui (mod x − αi), 0 ≤ i ≤ n. (8)

The congruences (8) are usually stated in the followingequivalent form:

u(αi) = ui , 0 ≤ i ≤ n (9)

and the elements αi are called evaluation points orinterpolation points.



As in the case of the integer Chinese remainder problem,in order to guarantee that a solution exists we must imposethe condition that the moduli {x − α0, x − α1, . . . , x − αn}be pairwise relatively prime.

Obviously gcd(x − αi , x − αj) = 1 iff αi 6= αj , so thecondition is that the moduli {x − αi} must be distinct (i.e.the evaluation points {αi} must be distinct).

Also as in the integer Chinese remainder problem, thesolution is only unique modulo

∏ni=0(x − αi), which means

the solution is unique if we restrict it to be of degree <n + 1.



Algorithm 5.2: Newton’s Interpolation Algorithm

procedure NewtonInterp((α0, . . . , αn), (u0, . . . , un))

# Let D = Zp[y1, . . . , yν ] with ν ≥ 0# (D = Zp in case ν = 0). Given distinct evaluation points# αi ∈ Zp (0 ≤ i ≤ n) and given corresponding values# ui ∈ D (0 ≤ i ≤ n), compute the unique polynomial# u(x) ∈ D[x ] such that deg(u(x)) ≤ n and# u(αi) = ui , i = 0, 1, . . . , n.# Step 1 : Compute the required inverses using a# procedure reciprocal(a,q) which gives a−1 (mod q).for k from 1 to n do {

product ← φp(αk − α0)for i from 1 to k − 1 do

product ← φp(product · (αk − αi))γk ← reciprocal(product , p)

}




# Step 2 : Compute the Newton coeffs vk .v0 ← u0for k from 1 to n do {

temp← vk−1

for j from k − 2 to 0 by −1 dotemp← φp(temp · (αk − αj) + vj)

vk ← φp((uk − temp) · γk )

}

# Step 3 : Convert from Newton form to standard formu ← vn

for k from n − 1 to 0 by −1 dou ← φp(u · (x − αk ) + vk )

return (u(x))

end procedure



Example

We want to find the polynomial u(x , y) ∈ Z97[x , y ] ofmaximum degree 2 in x and maximum degree 1 in yspecified by the following values in Z97:

u(0, 0) = −21; u(0, 1) = −30;u(1, 0) = 20; u(1, 1) = 17;u(2, 0) = −36; u(2, 1) = −31.

First we reconstruct the image of u(x , y) inZ97[x , y ]/〈x − 0〉 (i.e. the case x = 0). In the notation ofAlgorithm 5.2 we have D = Z97, α0 = 0, α1 = 1, u0 = −21,u1 = −30, and we are computing a polynomialu(0, y) ∈ Z97[y ] (i.e. the indeterminate x in Algorithm 5.2 isy for now).

Step 1 is trivial in this case:γ1 = (α1 − α0)

−1 (mod 97) = 1−1 (mod 97) = 1.



Example

Step 2 computes the Newton coefficients for u(0, y):

v0 = −21, v1 = −9

and therefore step 3 gives

u(0, y) = −21− 9(y − 0) = −9y − 21.

Similarly, we find the images of u(x , y) in Z97[x , y ]/〈x − 1〉and Z97[x , y ]/〈x − 2〉:

u(1, y) = −3y + 20;u(2, y) = 5y − 36.



Example

Next we apply Algorithm 5.2 with D = Z97[y ], α0 = 0,α1 = 1, α2 = 2, u0 = u(0, y) = −9y − 21,u1 = u(1, y) = −3y + 20, u2 = u(2, y) = 5y − 36 to obtainthe polynomial u(x , y) ∈ D[x ] = Z97[y ][x ].

Step 1 gives the inverses:γ1 = (α1 − α0)

−1 (mod 97) = 1−1 (mod 97) = 1;γ2 = [(α2 − α0)(α2 − α1)]

−1 (mod 97) = 2−1 (mod 97) =−48.

Step 2 gives the following Newton coefficients:v0 = −9y − 21, v1 = 6y + 41, v2 = y .

Finally in step 3 we obtain the solution:u(x , y) = (−9y − 21) + (6y + 41)(x − 0) + y(x − 0)(x − 1)

= x2y + 5xy + 41x − 9y − 21.



Remarks on Algorithm 5.2

The polynomial u(x) ∈ D[x ] is initially represented uniquelyby its n + 1 residues (u0, u1, . . . , un) corresponding to then + 1 distinct evaluation points (α0, α1, . . . , αn).

At the end of step 2, the polynomial u(x) is representeduniquely in Newton form by its n + 1 Newton coefficients(v0, v1, . . . , vn) with respect to the basis polynomials

1, (x − α0), (x − α0)(x − α1), . . . ,n−1∏i=0

(x − αi).

In step 3 the Newton form of u(x) is converted to standardpolynomial form.

So there are three different representations used for thesame object.



An issue which arises in the practical application ofmodular and evaluation homomorphisms and theircorresponding inversion algorithms is to determine thenumber of moduli (evaluation points) needed to uniquelyrepresent an unknown integer (polynomial).

In the polynomial case, the information needed is an upperbound B for the degree of the result since B + 1 evaluationpoints are sufficient.

In the integer case, if an upper bound M for the magnitudeof the integer result is known then by choosing enoughmoduli mi such that

m =n∏

i=0

mi > 2M,

we are guaranteed that the ring Zm is large enough torepresent the integer result.


Documents

Homomorphisms and Chinese Remainder …Homomorphisms and Chinese Remainder Algorithms(cont.) Different choices of values for the arbitrary integer a in Theorem 5.7 correspond to different