I'm reading through a proof of the Chinese Remainder theorem and I am confused on why they decided to:
1) Set $u = n(n^{-1} \pmod m)$
2) Set $v = m(m^{-1} \pmod n)$
3) Set $x = au + bv$, as in how do we know the equality is true?
$ $
Asked
Active
Viewed 2,170 times
3
Bill Dubuque
- 282,220
Kevin Liu
- 71
-
Are you asking about how they came up with the proof on their own? Or why the proof works? If you are only asking why the proof works it doesn't really matter how they came up with it. – fleablood Aug 19 '19 at 00:50
3 Answers
2
This may be more advanced than you want, but it's a common enough proof strategy that you'll eventually want to know it. In particular, in the context given here, the proof of the CRT is somewhat obvious.
It's a common trick in mathematics that if we want to solve a finite number of linear functions $$F_1(x) = y_1, F_2(x) = y_2, \ldots, F_N(x) = y_N$$ simultaneously, we should first look for elements $u_1, u_2, \ldots, u_n$ such that $F_i(u_j) = \begin{cases} 1, & i=j \\ 0, & i\neq j\end{cases}.$ Then the answer is given by $$x = u_1y_1 + u_2y_2 + \ldots + u_Ny_N$$
(in addition to the CRT, this is also the principle used in defining the Lagrange interpolation polynomial, among many others)
In the context of the CRT, we have two linear functions $F_1(x) = x\pmod{m}$ and $F_2(x) = x\pmod{n},$ and we want to solve $F_1(x) = a, F_2(x) = b$ simultaneously. Therefore, we are interested in finding two elements $u, v$ such that $$F_1(u) = 1 \iff u \equiv 1 \pmod{m} \\ F_2(u) = 0 \iff u \equiv 0 \pmod{n} \\ F_1(v) = 0 \iff v \equiv 0 \pmod{m} \\ F_2(v) = 1 \iff v\equiv 1 \pmod{n}$$
If you think about what the two congruences for, e.g. $u$, mean, then you'll know that we want a multiple of $n$ which is equal to $1 \pmod{m}$. Since $n$ has an inverse mod $m,$ we multiply $u = n \cdot (n^{-1} \pmod{m})$
The general method above (since $F_1, F_2$ are linear) now gives an answer for $x$ as $$x = au + bv$$
Brian Moehring
- 24,014
-
Regarding your statement, "It's a common trick in mathematics that if we want to solve a finite number of linear functions...", I can't understand it, could you please provide a link to a numerical example so that I could try to grasp this trick. Thanks. – NoChance Aug 19 '19 at 09:07
-
1@NoChance This is the Linearity principle highlighted in my answer, i.e. to solve $\bmod (m,n)!:,\ x\equiv (a,b),$ it suffices to solve $,x_{1,0}\equiv (1,0)\ $ & $,x_{0,1}\equiv (0,1)$ since then $, (a,b) \equiv a(1,0) + b(0,1)\equiv a, x_{1,0} + b, x_{0,1}.,$ This will become clearer when one studies linear algebra (and modules) and product rings, but it can be understood even without such knowledge. – Bill Dubuque Aug 19 '19 at 13:09
-
-
1@NoChance As I mentioned, the Lagrange interpolation polynomial is another example (e.g. see here ). Another example: suppose we are studying a sequence given by $$x_0 = \pi, x_1 = \sqrt{3}+\sqrt{5} \ n \geq 2 \implies x_n = x_{n-1} + x_{n-2}$$ We could do it from the ground-up, or we could use this general principle along with the fact the fibonacci numbers $F_n$ satisfy $$F_n = F_{n-1} + F_{n-2}$$ with $F_{-1} = F_1 = 1, F_0 = 0$ to immediately write $$x_n = \pi \cdot F_{n-1} + (\sqrt{3}+\sqrt{5})F_n$$ – Brian Moehring Aug 19 '19 at 18:42
-
1
For $u$, it's set to $n$ times the value of $n^{-1} \pmod m$ (here $n^{-1}$ means the multiplicative inverse of $n$ modulo $m$, i.e., the modulus value such that $n \times n^{-1} \equiv 1 \pmod m$, and since $\gcd(m,n) = 1$, this value always exists). Thus, you have $u \equiv 0 \pmod n$ as it's a multiple of $n$, while $u \equiv 1 \pmod m$ since $n(n^{-1}) \equiv 1 \pmod m$. It similarly sets up $v$ so $v \equiv 1 \pmod n$ and $v \equiv 0 \pmod m$. They did this so $u$ and $v$ would have the appropriate properties to give a solution, in particular, with $u$ having $(0,1)$, and $v$ having $(1,0)$, as the values modulo $n$ and $m$ is roughly analogous to the $\vec i$ and $\vec j$ basis vectors in $2$-dimensional Cartesian coordinate systems. Then linearity is used, as described in detail in Brian Moehring's and Bill Dubuque's answers.
As for how to know that $x = au + bv$ solves $x \equiv a \pmod m$ and $x \equiv b \pmod n$, as they show, when you check modulo $m$ and $n$, you get the required results of $a$ and $b$, respectively. For example, with mod $m$, since $v \equiv 0 \pmod m$, then $bv \equiv 0 \pmod m$. Also, as $u \equiv 1 \pmod m$, then $au \equiv a \pmod m$. Summing the $2$, you get that $x = au + bv \equiv 0 + a \equiv a \pmod m$. It then likewise shows checking mod $n$ to confirm $x \equiv b \pmod n$.
John Omielan
- 52,653
-
Thank you for interpreting $n(n^{-1}\pmod{m})$, I couldn't make any sense of it. That's why I wish the notation were $\equiv_m$ -- there are just too many newbies thinking mod is an operator. – Aug 19 '19 at 00:21
-
1@MatthewDaly You're welcome for the interpretation. To be honest, when I first saw that expression, it took me a short while to realize what they were doing. It would've been more clear if they had something like have set $k \equiv n^{-1} \pmod m$ and then set $u \equiv nk \pmod m$, i.e., broken this procedure into $2$ separate steps instead of trying to combine them into $1$ as they did. – John Omielan Aug 19 '19 at 00:25
-
@Matthew What's essential here is not the particular formula $, u = n(n^{-1}\bmod m),$ but rather that $,u\equiv 1\pmod{! m},,$ $,u\equiv 0\pmod{!n},,$ i.e. that $, u\equiv (1,0),$ and $,v\equiv (0,1),$ form a basis of $,\Bbb Z_m\times \Bbb Z_n,,$ hence we can get any $,(a,b),$ from a $,\Bbb Z!-!$ linear combination of them $, (a,b) = au+bv\ \ $ – Bill Dubuque Aug 19 '19 at 13:25
1
To grok this it helps to highlight $\rm\color{darkorange}{linearity}$ at the heart of the Chinese Remainder Theorem [CRT] formula. Let's consider an example for three moduli $\,3,5,7,\,$ where the CRT formula is
$$\begin{eqnarray} x\, =\ &a&\!\color{#0a0}{\overbrace{(-5\cdot 7)}^{\large \equiv\, 1\ ({\rm mod}\ \color{#c00}3)}} \,+\, &b& \overbrace{(\color{#c00}3\cdot 7)}^{\large \equiv\, 1\ ({\rm mod}\ 5)}\, +\, &c&\overbrace{(\color{#c00}3\cdot 5)}^{\large \equiv\, 1\ ({\rm mod}\ 7)}\quad {\bf [CRT]}\\[.5em] \Rightarrow\ \ x\,\equiv\ &a&\ ({\rm mod}\ \color{#c00}3),\ \ x\equiv &b&\ ({\rm mod}\ 4),\ \ x\equiv &c&\ ({\rm mod}\ 5)\\ \end{eqnarray}\qquad$$
since, e.g. reduced $ $ mod $\ \color{#c00}3,\,$ the $\rm 2nd$ and $\rm 3rd$ summands are $\equiv 0,\,$ both having factors of $\,\color{#c00}3.\,$
The key idea is that the braced terms are $\equiv 1$ mod one modulus, and $\equiv 0 $ mod all others. More clearly, if we write the system in vector form $\ x\equiv (a,b,c)\,$ mod $\,(3,5,7)$ then [CRT] becomes
$\qquad x\, :=\, a\,\color{#0a0}{(1,0,0)} + b\,(0,1,0) + c\,(0,0,1)\equiv (a,b,c)\ $ as desired. $\quad\ \ [\rm\color{darkorange}{Linearity}]$
by the green term $\,\color{#0a0}{g \equiv 1}\ ({\rm mod}\ 3),\ \color{#0a0}{g\equiv 0}\ ({\rm mod}\ 5),\ \color{#0a0}{g\equiv 0}\ ({\rm mod}\ 7),\ $ i.e. $\ \color{#0a0}{g\equiv (1,0,0)}\ {\rm mod}\ (3,5,7),\, $ and similarly for $\,(0,1,0)\,$ and $\,(0,0,1).$
Thus once we compute the solutions for the "basis" vectors $(1,0,0),\ (0,1,0),\ (0,0,1)$ we can exploit $\rm\color{darkorange}{[Linearity]}$ to generate the general solution as a linear combination of these basic solutions.
Solving the base cases is easy: $\,{\color{#0a0}{5,7\mid g}\,\Rightarrow\, 35\mid g},\, $ so $\bmod 3\!:\ \color{#0a0}{1\equiv g} \equiv 35n\equiv -n\,\Rightarrow\, n\equiv -1,\,$ i.e. $\,n\,$ is the inverse of the product $36= 5\cdot 7$ of all other moduli. Hence the common CRT formula.
In your Thm we have $\!\bmod (m,n)\!:\,\ u \equiv (0,1),\ v \equiv (1,0)\ $ thus
$$ x := au+bv = a(1,0)+b(0,1) \equiv (a,b) $$
The innate algebraic structure will be clarified if you later study abstract algebra, where you will learn the ring theoretic view of CRT, and vector spaces and modules.
Bill Dubuque
- 282,220