2

I have a set of congruences

x = a1 (mod n)
...
x = ak (mod nk)

And I want to find x, this can be solved by the Chinese remainder theorem and related algorithms: https://en.wikipedia.org/wiki/Chinese_remainder_theorem

Some examples: https://rosettacode.org/wiki/Chinese_remainder_theorem

For this particular example:

x = 1031 (mod 1473)
x = 1141 (mod 1234)
x = 50   (mod 1827)

All the algorithms that I have tried won't work, since the moduli are not pairwise coprime. However, 1024360583 is a valid solution:

1024360583 % 1473 == 1031
1024360583 % 1234 == 1141
1024360583 % 1827 == 50

What algorithm could find such a solution ?

I have also implemented Garner's Algorithm from the Handbook of Cryptography: it didn't solve that example.

JoseKilo
  • 2,343
  • 1
  • 16
  • 28

1 Answers1

3

As you say, the moduli are not pairwise prime. You can check each pair (three pairs for your three moduli) and the only pair with a GCD (greatest common divisor) greater than 1 is 1473 and 1827, with a GCD of 3. We then seek for all prime numbers that divide more than one of the given moduli. (There are several ways to do that.) We find that 3 is the only prime that divides more than one modulus, and the highest power of that prime that divides more than one modulus is 3**1 = 3 (I use the notation for exponentiation used in Python and Fortran for clarity, since the caret also has other uses in computers.)

That could prevent your system of equations from having any solution at all. We can check this by replacing those moduli with their GCD in their equations and see if we get a contradiction.

x = 1031 = 2 (mod 3)
x =   50 = 2 (mod 3)

The resulting equations are consistent, so your original system may still have solutions. (If a higher power of 3 also divided more than one modulus we would need to check those higher powers as well.) For each prime that we discovered and each modulus, we find the highest power of that prime that divides the modulus. In our case we see that 3 divides 1473 but not 3**2 and that 3**2 divides 1827 but not 3**3. So our highest power is 3**2 = 9 and we saw that the equations for that power and lower are consistent.

We now replace the two relevant equations with new ones by replacing the moduli with those moduli after dividing by the highest power of the prime in the last paragraph. This means replacing 1473 with 1473 / 3 = 491 and 1827 with 1827 / 9 = 203. We also add the new equations we get for each power of the prime that divides more than one modulus. So now we have four simultaneous modular equations:

x = 1031 (mod  491)
x = 1141 (mod 1234)
x =   50 (mod  203)
x =   50 (mod    9)  [from your original equation #1, 3]

We can reduce the right-hand side of some of those equations, and we get

x =   49 (mod  491)
x = 1141 (mod 1234)
x =   50 (mod  203)
x =    5 (mod    9)

The solutions to that system will also work in your original system.

I'm sure you can translate that to an algorithm then convert that to computer code. Ask if you have more questions.

Rory Daulton
  • 21,934
  • 6
  • 42
  • 50
  • Thank you so much ! Very clear and very well explained. Question: I can apply CRT to the last system and I get `286381691`, which correctly verifies the last system, but it doesn't verify the original one, because `286381691 % 1827 = 1268 != 50`. – JoseKilo Apr 29 '18 at 09:11
  • I think I found the solution: instead of splitting 1827 into 203, 3 and 3, it needs to be 203 and 9 (3^2). And I think it's because x = y (mod 9) implies x = y (mod 3), but the converse is not true. Your reply really helped me, thanks again ! – JoseKilo Apr 29 '18 at 11:58
  • @JoseKilo: Sorry, I messed up in my original answer. I have made corrections so my answer should work now, and it seems to be completely general. I am not quite satisfied with how I explained what to do if a higher power of a prime divides multiple moduli, but I hope you understand. [Your last comment came while I was polishing up my answer, which took time due to multiple calls from my wife who is on a trip.] – Rory Daulton Apr 29 '18 at 12:21
  • The answer looks perfect to me. Thank you for taking the time to correct it. – JoseKilo Apr 29 '18 at 13:09