UNIT – 4

Number Theoretic Algorithms

Elementary notions:

Number Theory is a branch if pure mathematics devoted primarily to the study of integers.
Number-theoretic algorithms are widely used - often in cryptographic schemes based on large
prime numbers.

"Large input" usually means "large integers" rather than "many integers". Thus we measure the
size of an input in terms of the number of bits needed to represent it (possibly in addition to the
number of input items). An algorithm with integer inputs a_1, a_2, ..., a_k is a polynomial-time
algorithm if it runs in time polynomial in lg(a_1),lg(a_2), ..., lg(a_k). We have assumed that
elementary arithmetic operations (addition, multiplication, division, remainder/mod) take one
unit of time. But they can take much more time for large integers, so it then becomes useful to
count how many bit operations an algorithm requires.
For example, to multiply two beta-bit integers by the ordinary method uses Theta(beta^2) bit
operations; division and mod can also be done in Theta(beta^2). Two b-bit integers can be
multiplied by a divide-and-conquer algorithm in Theta(beta^lg(3)) time, and the best known
algorithm has a running time of Theta(beta lg(beta) lg(lg(beta)) ). However, for practical
purposes the Theta(beta^2)algorithm is often best, so we use this bound in our analysis of more
complex algorithms.

Most algorithms in this chapter are analysed in terms of both the number of arithmetic
operations and the number of bit operations they require.

Elementary number-theoretic notions

Brief review of notions from elementary number theory concerning the set

Z = {..., -2, -1, 0, 1, 2...} of integers and

N = {0, 1, 2 , ...} of natural numbers.
Zn= {0, 1, 2… n-1}
Zn+= {1, 2… n-1.}

Divisibility and Divisors

 d|a means that a=k.d for some integer k.

 every integer divides zero
 if d|a , then we also say that a is a multiple of d
 if d|a and d>=0 we say that d is divisor of a.
 every positive integer a is divisible by trivial divisors 1 and a.
 the non trivial divisors of a are factors of a.
 An integer a>1 whose only divisors are trivial divisors 1 and a is a prime number
 An integer a>1 that is not prime is composite number.
 0,1 and negative integers are neither prime nor composite.

The division theorem, remainders and modular equivalence.

Division theorem:

Let b>0 and ‘a’ a arbitrary integers. Then there exist unique integer q(quotient) and r(remainder)
such that

a = q * b + r where 0<= r < b

We let [a]_n = {a + kn : k in Z} denote the equivalence class modulo n containing a. The

set of all such equivalence classes is

Z_n = {[a]_n : 0 <= a <= n - 1}

which is often abbreviated:

Z_n = {0, 1, ..., n-1}

where 0 represents [0]_n, 1 represents [1]_n, etc., so each class is represented by its smallest
nonnegative element.

Common divisors and greatest common divisors

Let a, b ∈ Z

d ∈ Z Λ d | a Λ d | b ⇒ d | ax + by [ x, y ∈ Z]
Let d = gcd (a, b)

d' | a Λ d' | b ⇒ d' | d [ d′is common divisor of a and b ]

The following are elementary properties of the gcd function:

gcd( a , b ) = gcd( b , a )

gcd( a , b ) = gcd(- a , b )

gcd( a , b ) = gcd(| a |, | b |)

gcd( a , 0) = | a |

gcd( a , ka ) = | a | for any k ∈ Z .

Theorem 1

∈Z}
If a and b are any integers then gcd(a,b) is the smallest positive element of the set {ax + by : x, y

Proof:

Let s be the smallest positive element of the set:{ ax + by : x , y ∈Z}

Let q = ⌊ a / s ⌋ and s = ax + by

a mod s = a – qs = a - q ( ax + by ) = a (1 - qx ) + b (- qy )

a mod s < s and a mod s is a linear combination of a and b . Thus a mod s = 0 ⇒ s | a

Using analogous reasoning we can show s | b. Thus s ≤ gcd (a,b ).

Let d = gcd (a,b) ⇒ d | a and d | b. Thus d | s and s >0 ⇒ d ≤ s. We have shown before d ≥ s and
thus we have established that d=s

Corollary 1:

For any integers a and b, if d | a and d | b then d | gcd(a, b).

Relatively prime integers

Two integers a, b are said to be relatively prime if their only common divisor is 1, that is, if
gcd(a, b) = 1.

Theorem 2
For any integers a, b, and p, if both gcd(a, p) = 1 and gcd(b, p) = 1, then gcd(ab, p) = 1.
gcd(a, p) = 1 ⇒ ∃ x, y ∈ Z such that ax + py = 1
Proof :

gcd(b, p) = 1 ⇒ ∃ x′ y′ ∈ Z such that bx′ + py′ = 1

Multiplying these equations and rearranging, we have

ab(x x') + p(ybx' + y'ax + pyy') = 1.

Thus linear combination of a, b and p is equal to 1

Thus we have gcd (ab, p ) = 1

For all primes p and all integers a, b if p | ab ⇒ p | a or p | b .

Theorem 3

Proof:

Therefore gcd(a, p) =1 and gcd(b, p) =1 then gcd (ab, p)=1 ⇒ p | ab.

Assume otherwise, i.e., p | a and p | b. Since p is prime only 2 factors are there for p i.e. 1 & p.

Unique factorization

A composite integer a can be written in exactly one way as a product of the form:

a=

Where pi’s are primes ∀i ∈ (1..k) such that p1 < p2 < p3 -----< pk

and ei ∈ Z+ ( i=1,2,-----k )

In number theory, the fundamental theorem of arithmetic, also called the unique
factorization theorem or the unique-prime-factorization theorem, states that every integer
greater than 1 either is prime itself or is the product of prime numbers, and that this product is
unique, up to the order of the factors. For example,

1200 = 24 × 31 × 52 = 3 × 2 × 2 × 2 × 2 × 5 × 5 = 5 × 2 × 3 × 2 × 5 × 2 × 2 = etc

31.2 Greatest Common divisor

The greatest common divisor (gcd) of two positive integers a and b, gcd (a,b) ,
is the largest integer that divides both a and b.

w.l.o.g., assume a>b≥1.

ex. gcd(30,21) = 3

If a and b are any positive integers, then gcd (a,b) is the smallest positive element of the set
{ ax+by:x,y∈Z } of linear combinations of a and b.
Recursion Theorem:

gcd(a,b) =gcd(b,a mod b)

Euclidian algorithm:
It is based on recursion algorithm. If a and b are arbitrary nonnegative integers then:

int euclid_gcd(int a, int b)

{
int dividend = a>=b?a:b;
int divisor = a<=b?a:b;
while(divisor!=0) {
int remainder = dividend % divisor;
dividend = divisor;
divisor = remainder;
}
}

Recursive code:
EUCLID(a,b)
if(b==0) return a;
else return EUCLID(b,a mod b)

Ex: gcd(12,30)

12)30(2
24
_________
6 ) 12 ( 2
12
____
0 Therefore gcd = 6.

Gcd(216,594)

216) 594 ( 2
432
_______
162 ) 216 (1
162
______
54 ) 162 ( 3
162
_______
0 Therefore gcd = 54
i.e Euclid (216,594) = Euclid(594,162)
Euclid(162,54)
Euclid(54,0)

Lemma: If a > b ≥ 1 and the invocation EUCLID(a, b) performs k ≥ 1 calls

then a ≥ Fk+2 and b ≥ Fk+1

Proof: (By induction)

⇒ b ≥ F2 = 1 (here k+1=2)
Basis: Let k=1, we know a > b ≥ 1

Since a > b ⇒ a ≥ 2 ⇒ a ≥ F3 (here k+2=3)

If a > b initially then this property a > b is maintained at each recursive invocation in EUCLID (
a , b ) algorithm, since b > a mod b always.

NOTE: Since a mod b < b ⇒ The invariant 1st argument > 2nd argument of EUCLID's algorithm
is maintained during each iteration.

Inductive Hypothesis: Assume the result holds for # of invocations ≤ k -1

Inductive proof: Let EUCLID ( a , b ) makes k invocations

⇒ EUCLID ( b , a mod b ) makes ( k -1) invocation

From our inductive hypothesis:

b ≥ F ( k -1)+2 , a mod b ≥ F ( k -1)+1

Therefore b ≥ F k +1 , a mod b ≥ F k

We know, a = * b + a mod b (where = Floor ( a ))

≥ 1 ⇒ a ≥ b + a mod b .

Since a mod b ≥ F k we have a ≥ F k +1 + Fk ⇒ a ≥ F k +2 .

Lame’s Theorem: For any integer k ≥ 1 if a > b ≥ 1 and if b < Fk +1 then EUCLID (a, b) makes
fewer than k recursive calls gcd ( Fk +1, Fk ) = gcd (Fk, Fk -1) = … = gcd (1,0) = 1
Therefore # of recursive invocation = k-1

This shows that the bound k-1 is tight.

Fk / Fk -1 Φ[Golden Ratio Φ = ]

To represent Fk, # of bits required = k

Therefore for two β bit numbers running time complexity of EUCLID is O (β)

Running Time:

 The overall running time of EUCLID is proportional to the number of recursive calls it
makes.
The algorithm above has 3 kinds of operations
1. Assignment
2. Comparison and
3. Modulo
All the variables are int (32 bits). Instructions are : mov, cmp, idiv – O(1)

= O(digits of b) = O(log10 b) = O(logb)

Lame's Theorem: If the Euclidean algorithm applied to a > b >=1 requires k steps then b >=
Fk+1 and a >=Fk+2

Worst-case

If the Euclidean algorithm requires N steps for a pair of natural numbers a > b > 0, the smallest
values of a and b for which this is true are the Fibonacci numbers FN+2 and FN+1, respectively.
This can be shown by induction.

If N = 1, b divides a with no remainder; the smallest natural numbers for which this is true is
b = 1 and a = 2, which are F2 and F3, respectively. Now assume that the result holds for all
values of N up to M − 1. The first step of the M-step algorithm is a = q0b + r0, and the second
step is b = q1r0 + r1. Since the algorithm is recursive, it required M − 1 steps to find gcd(b, r0) and
their smallest values are FM+1 and FM. The smallest value of a is therefore when q0 = 1, which
gives a = b + r0 = FM+1 + FM = FM+2. This proof, published by Gabriel Lamé in 1844, represents
the beginning of computational complexity theory,and also the first practical application of the
Fibonacci numbers.

This result suffices to show that the number of steps in Euclid's algorithm can never be more
than five times the number of its digits (base 10). For if the algorithm requires N steps, then b is
greater than or equal to FN+1 which in turn is greater than or equal to φN−1, where φ is the golden
ratio. Since b ≥ φN−1, then N − 1 ≤ logφb. Since log10φ > 1/5, (N − 1)/5 < log10φ logφb = log10b.
Thus, N ≤ 5 log10b. Thus, the Euclidean algorithm always needs less than O(h) divisions, where h
is the number of digits in the smaller number b

Extended Euclidian algorithm:

Extend the algorithm to compute the integer co-efficients x and y such that

D=gcd(a,b) = ax+by

extended_euclid(a,b)
if b==0
return(a,1,0)
else (d’,x’,y’) = extended_euclid(b,amodb)
(d,x,y) = (d’,y’,x’ – [a/b] y’)
return(d,x,y)

Ex:
Gcd (888,54)

EUCLID ALGORITHM This can also be written Eqn 2 can be written as

as
54) 888 ( 16 6=54 – 24(2)
54 888= 54(16)+24 -----(1) 6= 54 + 24(-2)
_______ 54=24(2)+6 ----(2) 6 = 54 + (888 – 54(16)) (-2) (by substituting
348 eqn1)
324 24=6(4)+0
_____ 6 = 54 + (888 + 54(-16))(-2)
24)54(2 6 = 54 + 888(-2) + 54(32)
48 6= 54(33) + 888(-2)
____
6)24(4
24 Therefore x = 33 and y = -2
___ (Linear combination of numbers)
0
 First find the GCD using Euclidean
algorithm
 Then apply Extended Euclidean
algorithm to write the gcd as a
combination of linear two numbers.

GCD(1180,482)

EUCLID ALGORITHM This can also be written Solve the last eqn (always skip the eqn with
as remainder 0)
482) 1180 (2
964 1180 = 482(2)+216 2 = 50 – 16(3)
____ 482 = 216(2)+50 2 = 50 + 16(-3)
 216)482(2 216=50(4)+16 2= 50 + (216 + 50(-4))(-3)
432 50=16(3)+2 2= 216 (-3) +50(13)
_____ 2= 216(-3) + (482+216(-2))(13)
50)216(4 16 = 8(2)+0 2 = 216(-29)+482(13)
200 2 = (1180+482(-2))(-29) + 482(13)
_____ 2= 1180(-29)+482(71)
16)50(3
48
___ X=-29
2)16(8 Y=71
16
_____
0
The complexity is equal to number of recursive calls made i.e. for a>b>0 the number of recursive calls is
O(lg b).

13.3 Modular Arithmetic

A group ( S , ⊕ ) is a set S together with a binary operation ⊕ defined on S for which the
following properties hold.

1. Closure: For all a , b ∈ S , we have a ⊕ b ∈ S.

2. Identity: There is an element e ∈ S , called the identity of the group, such that e ⊕ a = a
⊕ e = a, for all a ∈ S.
3. Associativity: For all a , b , c ∈ S, we have ( a ⊕ b) ⊕ c = a ⊕ ( b ⊕c).
4. Inverses: For each a ∈ S , there exists a unique element b ∈ S , called the inverse of a ,
such that a ⊕ b = b ⊕ a = e .

As an example, consider the familiar group ( Z , +) of the integers Z under the operation of
addition: 0 is the identity, and the inverse of a is - a .

Abelian group :

If a group ( S , ⊕ ) satisfies the commutative law a ⊕ b = b ⊕ a, for all a , b ∈ S , then it is an

abelian group .

The groups defined by modular addition and multiplication

First we define the congruence notation ≡ as follows:

If a , b ∈ Z then we say a ≡b modulo n if ∃ p , q , r ∈ Z such that a = pn + r and b = qn + r .

We will denote a mod n as [a]n

We can form two finite abelian groups by using addition and multiplication modulo n , where n
is a positive integer. These groups are based on the equivalence classes of the integers modulo n

a ≡ a ' (mod n ) and b ≡b ' (mod n ), then

a + b ≡ a ' + b ' (mod n ) ,

ab ≡ a ' b ' (mod n ) .

Thus, we define addition and multiplication modulo n , denoted +n and *n , as follows:

[a] n + n [b] n = [a + b] n (addition modulo n)

[a] n * n [b] n = [a *b] n (multiplicative modulo n)

Using this definition of addition modulo n , we define the additive group modulo n as ( Z n , + n ).
The size of the additive group modulo n is | Z n | = n . Modular addition over the group ( Z 6 , + 6 )
is defined as follows:

Closure: If a ∈ Zn and b ∈ Zn then from the definition of addition modulo n a +n b = [a + b]n ∈ Z

n.

Identity: 0 is the identity element of Zn

Inverse: Inverse of [a] n is [-a] n ≡ [n-a] n

Using this definition of multiplication modulo n , we define the multiplicative group modulo n
as ( Z*n , *n ) where Z*n={[ a ] n ε Z n | gcd( a , n )=1} . For e.g. when n =15,

Z*15= {1, 2, 4, 7, 8, 11, 13, 14}. Modular multiplication over the group ( Z*15 , * 15 ) is defined as
follows:
Identity: [1] n

Inverse: Since gcd( a , n )=1 for every a ∈ Z*n from Extended-Euclid ( a , n ) we obtain x and y
such that ax + ny =1 ⇒ ax ≡ 1 mod n ⇒ x is the inverse of a .

Clearly both +n and *n are associative and commutative. Thus we have established the following
theorem:

Theorem 1: Both ( Z n , + n ) and (Z*n , *n ) form finite Abelian groups.

|Z*n ,| = Φ( n ) where Φ( n ) is the Euler phi function .

From unique factorization theorem n can be expressed in terms of prime factors as follows:

n = p1e1 p2e2... pkek

In our example n =15

15 =3*5

Φ(15)=15(1-1/3)(1-1/5) =8

For n = 45 = 32 *5 we have Φ(45) = 45 (1-1/3)(1-1/5)=24. Thus the group ( Z*45 , *45 ) contains |
Z*45 | =24 elements.
Subgroups and its Properties:

Let (G, ⊕) be a group and H ⊆ G is a subgroup if

1. H is closed.

2. ∀ a ∈ H , a -1 ∈ H.

Proof: To show H is a group ∃

1. Closure [Follows from 1st condition]

2. Associativity [Follows from associativity of G]

3. Inverse a ∈ H , a -1 ∈ H [2 nd condition]

a ⊕ a -1 ∈ H [1st condition]

⇒e∈H

Theorem 1 : A non empty closed subset of a finite group is always a subgroup.

Proof : Let (G, ⊕ ) be a finite group & H be a non empty closed subset of G. Pick an element a
∈ H & generate the sequence a , a 2 , a 3 , ... where a 2 = a ⊕ a , a 3 = a 2 ⊕ a and so on.

This is an infinite sequence all whose members belong to finite subset H and hence all elements
in the sequence cannot be distinct. Thus there must be at least 2 elements that are identical.

a r = a s ( r ≠s )

⇒ a r-s = e

⇒ a -1 = a r - s -1 ∈ H

Thus H is a subgroup from our definition.

Definition 1: Let (G, ⊕ ) be a group and H is a subgroup of G. Between two elements a , b ∈ G

we define a congruence relation as follows:

a ≡ b mod H if a ⊕ b -1 ∈ H

Lemma 1: Congruence relation is an equivalence relation.

Proof:
Reflexive:

We have to show a ≡ a mod H for all a ∈ G

From the definition of congruence relation a ⊕ a -1 = e ∈ H ⇒ a ≡ a mod H.

Symmetric:

Let a , b ∈ G. Since a ≡ b mod H

a ⊕ b -1 ∈ H

⇒ ( a ⊕ b -1 ) -1∈ H [Since H is a subgroup]

⇒ ( b -1 ) -1 ⊕ a -1 ∈ H

⇒ b ≡ a mod H

Transitive:

Let a , b , c ∈ G Λ a = b mod H Λ b ≡ c mod H

a ⊕ b -1 ∈ H Λ b ⊕ c -1∈ H

So a ⊕ b -1 ⊕ b ⊕ c -1∈ H

⇒ a ⊕ c -1 ∈ H

⇒ a ≡ c mod H

13.4 Solving modular Linear Equations

Solve for the unknown x in the following equation:

ax ≡ b mod n
given a , b and n .

above equation has a solution if and only if b ∈< a >.

Consider the subgroup of ( Zn, +n ), i.e., { a x : x > 0 } = { ax mod n : x > 0 } = < a >. Thus the

Theorem 1 :

For any positive integers a and n , if d = gcd( a , n ), then < a > = < d > = {0, d , 2 d , 3 d , …., ((
n / d )-1)/ d } in Znand thus |< a >| = n / d .
We have to show that < a > = < d >. First we show < d > ⊆ < a > . Since d = gcd ( a , b ) we
Proof :

have x , y ∈ Zn+ such that d = ax + ny . If either x or y returned by EXTENDED-EUCLID is

negative we consider them as [ n + x ] n or [ n + y ] n respectively. Thus ax ≡ d mod n ⇒ d ∈ < a
> ⇒ d is some multiple of a . All others members of < d > belongs to < a > since they are
multiple of d ⇒ multiple of multiple of a .

Now we show < a > ⊆ < d >. Pick an arbitrary element m ≡ ax mod n ∈ < a > ⇒ m = ax + ny ⇒
d | m (since d | a and d | n ) ⇒ m ∈ < d >. Combining these result < a > = < d >

Corollary 1:

The equation ax ≡ b (mod n ) is solvable for the unknown x if and only if gcd( a , n ) | b .

Theorem 2: Let d = gcd ( a , n ) and suppose that d = ax'+ ny' for some integers x' and y ' . If d |
b then the equation ax ≡ b mod n has one of its solutions x0 as:

x0 = x' ( b / d ) mod n

Proof: We have to show ax0 ≡ b mod n . From the given condition we know ax' ≡ d mod n . Thus
ax0 ≡ ax' ( b / d ) mod n ≡ d ( b / d ) mod n ≡ b mod n .

Theorem 3: Consider the modular linear equation ax ≡ b mod n . If d = gcd( a , n ) and d | b and
that x0 is any solution to this equation then this equation has d distinct solutions:

xi = x 0 + i ( n / d ) for i = 0, 1, …, d -1

Proof: We have to show axi ≡ b mod n ∀ i ∈ (0 .. d -1) . Since d = gcd( a , n ) , d | a . Hence ∃

an integer k = a / d . From the given condition the following must hold:

axi ≡ a ( x0 + i ( n / d )) mod n ≡ ( ax0+ ai ( n / d )) mod n ≡ ( ax0 + kin ) mod n ≡ ax0 mod n ≡ b

mod n.
So xi is a solution to the given equation. Thus we conclude there are d distinct solutions to the
given equation.

The following procedure computes all solutions of the modular linear equation ax ≡ b mod n .

MODULAR-LINEAR-EQUATION-SOLVER ( a , b , n )

1. ( d , x ' , y ' ) ← EXTENDED-EUCLID( a , n )

2. if d | b
3. then x0 ← x ' ( b / d ) mod n
4. for i = 0 to d -1
5. do print ( x0 + i ( n / d )) mod n
6. else print “No Solution.”

Exercise: Find all solutions to the equation 35 x ≡ 10 (mod 50)

Solution: Here a = 35, b = 10 and n = 50. We know gcd(35, 50) = 5. Thus there are 5 solutions
to the given equation.

Since 3 x 35 + (-2) x 50 = 5 we have x' = 3. Thus x0 = x' ( b / d ) mod n = 3 x (10/5) mod 50 =

6. Other solutions are xi = x0 + i ( n / d ) [ i = 1, 2, …, 4 ] i.e., x1 = 16, x2 = 26, x3 = 36, x4 = 46.

Corollary 2: For any n > 1 if gcd( a, n ) =1 then the equation ax ≡ b mod n has exactly one
solution.

solution, i.e., a -1 ∈ Z n*.

Corollary 3: For any n > 1 if gcd( a, n ) =1 then the equation ax ≡ 1 mod n has exactly an unique

CHINESE REMAINDER THEOREM

Around A.D. 100, the Chinese mathematician Sun-Tsu posed the following problem:

Problem 1: Determine the numbers that leave remainders 2, 3 and 2 when divided by 3, 5 and 7
respectively.

One solution to the above problem is 23. The general solution is 23+105k for arbitrary integer k.

A system of two or more linear congruence need not have solution. Consider the system of
congruence x ≡ 0 mod 2 and x ≡ 1 mod 4. This system is clearly unsolvable. Since the second
congruence implies x is of the form 4k + 1 which makes it indivisible by 2 and thereby making
the first congruence infeasible.

But the above argument doesn’t hold when the system of congruence have pair-wise relatively
prime moduli ( for example 3, 5 and 7 ). We will prove that the system of congruence that can be
solved individually can also be solved simultaneously provided they have pair-wise relatively
prime moduli.

We will first prove the result for a system of 2 congruence relations and then generalize for
arbitrary number of congruence relations.

Lemma 1: The system of congruence x ≡ a mod n1 and x ≡ b mod n2 has exactly one solution
modulo the product n1n2 provided gcd (n1, n2) =1.

Proof: Since gcd (n1, n2) = 1 there are integers p and q such that pn1 + qn2 = 1. Thus pn1≡ 1 (mod
n2) and qn2 ≡ 1 (mod n1). Let x' = bpn1 + apn2. Thus x' ≡ a mod n1 and x' ≡ b mod n2. Thus x' is a
solution to our given system of congruence. Let x" denote another solution to the system. Thus x'
≡ x" (mod n1) and x' ≡ x" ( mod n2 ). Since gcd (n1, n2 ) = 1 we have x' ≡ x"(mod n) where n =
n1n2.

Chinese Remainder Theorem (Generalized Version): Let n1, n2, …, nk be pair-wise relatively
prime integers with gcd (ni, nj) = 1 where i ≠ j. Let a1, a2, …, ak be arbitrary integers. Then there
exists exactly one solution x (mod n1x n2 x… x nk) to the system of congruence:

x ≡ a1 ( mod n1), x ≡ a2 (mod n2), …, x ≡ ak ( mod nk).

Proof: Let n = n1 x n2 x… x n k. Let us define mi = n/ni for i = 1, 2, …,k. Thus m i = n 1 x n 2 x… x

n i-1 xni+1 x… x n k . We now define ci = m i (mi-1 mod n i ) for i = 1, 2, …,k. We know mi-1 mod n i
exists since gcd(mi , ni ) = 1. Finally we define :

x ≡ (a 1 c 1 + a2 c2 + … + a k c k ) (mod n )

To prove that x satisfies every congruence we argue as follows. We know that

cj≡ mj ≡ 0 (mod ni) for j ≠ i and ci ≡ 1 (mod ni) otherwise. Thus

x≡aici (mod ni)

≡ a i m i (mi-1 mod ni) (mod ni)
≡ ai (mod ni)

For all i = 1, 2, …,k.

Problem 2: Find all solutions to the equations x ≡ 4 (mod 5) and x ≡ 5 (mod 11).

Solution: a1 = 4, n1= m2 = 5, a2 = 5 and n2 = m1= 11. n = 55.

We know 11-1 ≡ 1 (mod 5) and 5-1 ≡ 9 (mod 11). Thus we have:

c1 = 11 ( 1 mod 5 ) = 11 and c 2 = 5 ( 9 mod 11 ) = 45

Thus x = 4 x 11 + 5 x 45 (mod 55) = 44 + 225 (mod 55) = 269 (mod 55) = 49 (mod 55).

So the general solution to the given system of congruence is 49 + 55k where k is an arbitrary
integer.

Corollary 1: If n1, n2, …, nk are pair-wise relatively prime and n = n1 x n2 x ......x nk then for all
integer x and a
x ≡ a (mod ni)
for i = 1, 2, …, k if and only if
x ≡ a (mod n).
Proof: For the if part of the proof we assume x ≡ a (mod n) and hence (x-a) = kn for some
integer k. Thus ni | (x-a) since n = n1 x n2 x ......x nk.

To prove the only if part we assume x ≡ a (mod ni) for all i = 1, 2, …, k. We prove this part by
induction on k.

Basis: When k = 2 we have x ≡ a (mod n1) and x ≡ a ( mod n2 ). We have to prove x ≡ a (mod
n1n2). From the given congruence we can infer there exists integers k1 and k2 such that ( x-a ) =
k1n2 = k2n2. Since n1 and n2 are relatively prime we have integers l and m such that ln1 + mn2 = 1.
Multiplying both sides by (x-a ) we have lk 2n 2n 1 + m k 1n 1n2 = (x-a) and hence (x-a) = k3n1n 2
where k3 is an integer.

Inductive Hypothesis: Assume the hypothesis holds for pair-wise relatively prime integers n1,
n2, …, nk-1.

Induction step: We have to show the corollary holds for pair-wise relatively prime integers n1,
n2, …, nk. Let n'= n1 x n2 x… x nk-1. We know that n' and nk are relatively prime and x ≡ a (mod
n') and x ≡ a (mod nk). Following similar argument used for the proof of the basis we can show x
≡ a ( mod n'nk ). We also know that n = n1x n2 x… x nk and thus n = n' x nk. Hence we have
proved that x ≡ a (mod n)