S. Erfani, ECE Dept.

, University of Windsor

06-88-557 Network Security

More on Chinese Remainder Theorem (CRT)

Before we examine the Diffie-Hellman scheme for symmetric encryption key
exchange, let us revisit the number theory. A number of concepts from number
theory are essential in the design of this cryptographic algorithm.

1.1 Eulers function

Def. 1- Eulers Function The Eulers totient function is defined for all natural
numbers, and is given by
( ) |*
(
)
+|
Theorem 1 Eulers Theorem: If
Example 1 Since (
theorem

)
(

( )

and

, then
)
)

, then according to Eulers

(
)
Note 1 - Eulers theorem provides another way to solve linear congruence
(
)
. If
, then
( )
(
)
Lemma 1- If
are relatively prime positive numbers, then (
( ) ( ) For example, (63)=(7)(9)=66=36.

Corollary to Lemma 1 More generally, if p and q are any pair of distinct prime
numbers, then
(pq)=(p)(q)=(p-1)(q-1).
Example 2 Solve
Exercise 1 Solve
Note 2- To solve
(
) (since

(
(

).
)(

).

(
), if
(
)
has an inverse). Then

, we multiply both sides by

(
) is the solution.

(
).
Example 3 - Solve
(
)
Since
and | , there are two solutions. We reduce the given
(
)
(
)
congruence to the following by dividing through by the
(
The other solution is

(
(

June 02, 2011

S. Erfani, ECE Dept., University of Windsor

06-88-557 Network Security

(
) has exactly
Note 3 The linear congruence
solutions if | , and no solutions if does not divide . If if
solution, then the distinct solutions
are:
(

(
and

)
is a

Example 4 If
is the inverse of (
(
) what is the inverse of
(
Solution: Let ( )
then
( )

)?

) and

is the inverse of

1.2 The Chinese Remainder Theorem

Example 5 Determine the smallest positive integer that gives a remainder of 2
upon division by 3, a remainder of 1 upon division by 5, and a remainder of 6
upon division by 7.
Solution: Let be a solution, then
(
)
(
)
{
(
)
That is, we have a linear system of congruencies on . From the first
congruence we get:
Using this information in the second congruence a condition on k is obtained as:
(
(
)
That is, there is an integer

(
)
such that

So,

(
)
Using this result in the third given congruence, we have
(
)
(
)
(
)
(
)
(
)
(
)
Plugging this result into the expression
, we get:
(
)
Every of this form is a solution. The smallest positive integer is obtained for
as
where
.
Chinese Remainder Theorem (CRT) - Let
prime integers. Then the simultaneous congruence:

June 02, 2011

be pairwise relatively

S. Erfani, ECE Dept., University of Windsor

06-88-557 Network Security

(
(

)
)

(
has exactly the following unique solution

)
:
(

where

)
(
(
(

Example 6 Solve Example 5 using the result of the CRT:

)
)
)

Solution:
{
We need now to find the inverse of
algorithm or by inspection as:
(
) ( )
(
{
(
{

either by the Euclidean

(

)
)
(
(

)
)

To verify, note that

. Since the solution is
unique modulo the product, all other solutions are of the form
Exercise 2 Find the smallest positive integer satisfying the following
congruencies:
(
)
(
)
{
(
)

Note 4 If
is the
prime factorization of , the CRT states that any positive integer
is
completely determined by knowing the remainders upon division by
. In
other words, is a unique solution to the set of congruencies
(
).
This is a useful feature of the CRT.

June 02, 2011

S. Erfani, ECE Dept., University of Windsor

06-88-557 Network Security

(
)
.
(
)
Solution: Note that 12 is not a prime power, we need to break the second
congruence into a prime factor. Thus, we need to solve three congruences:
(
)
{
(
)
(
)
Note that the first congruence implies the second, thus, the second congruence
is not necessary:
(
)
{
(
)
Since
( )
, we get
(
), or in general
for
some integer .
(
)
Exercise 4 Solve {
.
(
)
Example 7 Solve {

Theorem 2 Generalization of the CRT Let

be integers; then the
(
)
system of congruencies
has a solution if and only if
(
)|
for all
. The solution is unique modulo
.
(
)
(
)
Example 8 - Solve {
(
)
) and
), thus the system has a
Solution:
(
)|(
(
)|(
solution. To solve it, we reduce it to a system with prime powers as moduli:
(
)
(
)
{
(
)
(
)
{
(
)
It seems that the 2nd and 5th congruencies are redundant; thus we have the
following system of three congruencies with relatively prime moduli:
(
)
(
)
{
(
)
nd
From the 2 congruence we get
Therefore:
(
)
{
(
)
From this system of congruencies we obtain:
{
These last equations imply that

June 02, 2011

S. Erfani, ECE Dept., University of Windsor

Since

June 02, 2011

06-88-557 Network Security

, then the general form of solution is