Linear Diophantine Equations and Linear Congruences
4.2 LINEAR CONGRUENCES
There is an applet called TestDiophantineApplet on the book’s website you can use to solve linear diophantine equations. A screen shot of the applet solving a sample equation is shown in Figure 4.1.
4.2 LINEAR CONGRUENCES
Now we can begin the study of congruences, which are a special type of relation greatly influ-enced by and related to diophantine equations. They are used heavily in many cryptosys-tems. The definition of congruence follows.
4.2 Linear Congruences 93
Definition
Letmbe a positive integer, and aandbintegers. If m|(a⫺b), we say that ais congru-ent to bmodulom, and write a⬅b(modm). If mⱉ(a⫺b), we say that aandbare incongruent modulo m(or not congruent modulo m), and write a⬅b(modm).
E
XAMPLES.
Note the following:• 23 ⬅2 (mod 7), since 7 divides 23 ⫺2 = 21.
• 45 ⬅⫺7 (mod 13), since 13|(45 ⫺(⫺7) = 52).
• 10 ⬅100 modulo 4, since 4 ⱉ(10⫺100) = ⫺90.
The following will help us solve linear congruences by allowing us to express them as equations.
PROPOSITION 17. Integersaandbare congruent modulo miff ∃an integer ksuch that a=b+km.
Proof. a⬅b(modm) iff m|(a⫺b) iff ∃an integer kwitha⫺b=km, or a=b+km. I
E
XAMPLE.
75⬅3 (mod 8) iff 8|(75 ⫺3)
iff 8k= 75 ⫺3 for some integer k iff 75 = 8k+ 3 for some integer k iff k= 7.
Congruences have many properties similar to equations. Some of these follow in the next proposition, and you should easily be able to prove all of them.
PROPOSITION 18. Leta,bandcbe integers, and let mbe a positive integer. Then a. a⬅a(modm).
b. a⬅b(modm) implies b⬅a(modm).
c. a⬅b(modm) and b⬅c(modm) implies a⬅c(modm).
E
XAMPLES.
a. 7 ⬅7 (mod 9) (Clearly, since 9|(7 ⫺7) = 0).
b. 8 ⬅2 (mod 6) and so 2 ⬅8 (mod 6) (Since 6|(8 ⫺2) = 6 iff 6|(2 ⫺8) = ⫺6).
c. 7 ⬅⫺3 (mod 5) and ⫺3⬅2 (mod 5) implies 7 ⬅2 (mod 5).
Proposition 18 tells us that congruences modulo mpartition the integers into mdistinct subsets modulo m, and each subset contains integers that are all congruent to each other modulom. For example, congruences modulo 3 partition the integers into 3 subsets:
a. {. . . , ⫺9,⫺6,⫺3, 0, 3, 6, 9, . . .}
b. {. . . , ⫺8,⫺5,⫺2, 1, 4, 7, 10, . . .}
c. {. . . , ⫺7,⫺4,⫺1, 2, 5, 8, 11, . . .}
All of the integers in set (a) are congruent to each other modulo 3. Likewise for sets (b) and (c). (Verify.) Also, there are no integers that do not belong to exactly one of these sets.
Now, consider the subsets consisting of only the nonnegative members of sets (a), (b), and (c). Note that no such subset is empty, and so each will have a minimal element. For the set of nonnegative elements of set (a), this minimal element is 0. For set (b), the minimal pos-itive element is 1, and 2 is the minimal pospos-itive element of set (c). These particular ele-ments are often used as representatives of the congruence classes in which they reside, and a definition for them follows.
Definition
Letbbe an integer, and let mbe a positive integer. All integers congruent to bmodulo mare called residues of bmodulom. The least nonnegative residue, or lnr, of b mod-ulomis the least nonnegative integer congruent to bmodulom.
Again, note that such a least nonnegative residue always exists, just by noting that the least nonnegative residue rofcmodulom> 0 is the very same robtained from the division algorithm
c=dq+r 0≤r<d which we already know always exists.
E
XAMPLES.
a. The lnr of 29 modulo 13 is 3. That is, 3 ⬅29 (mod 13), and 3 is the smallest nonnega-tive integer congruent to 29 modulo 13.
b. 44⬅2 (mod 6), and 2 is the smallest nonnegative number congruent to 44 modulo 6, hence it is the lnr of 44 modulo 6.
c. ⫺17⬅⫺2⬅3 (mod 5), and 3 is the lnr of ⫺17 modulo 5.
Note that in all of the examples, the lnr is just rfrom the division algorithm, for a. 29 = 13 ⭈2 + 3,
4.2 Linear Congruences 95
b. 44 = 7 ⭈6 + 2, and c. ⫺17 = 5 ⭈ ⫺4 + 3.
Java Algorithm. Since we now have the concept of the least nonnegative residue, we should write a Java method (in the BigIntegerMath class) to compute it. The BigInteger class provides a mod() method, but the Java documentation says it can return a negative remainder if the dividend is negative. We correct this by just adding the value of the mod-ulus to the residue if it is negative. Also, recall that we do not allow negative moduli.
//Computes the least nonnegative residue of b mod m, where m>0.
public static BigInteger lnr(BigInteger b, BigInteger m) { if (m.compareTo(ZERO)<=0)
throw new IllegalArgumentException(“Modulus must be positive.”);
BigInteger answer=b.mod(m);
return (answer.compareTo(ZERO)<0)?answer.add(m):answer;
}
We would like to be able to form some rules of algebra for congruences. Many rules that hold for equations also hold for congruences.
PROPOSITION 19. Leta,b, and cbe integers, and let mbe a positive integer. Suppose a⬅b(modm). Then
a. a+c⬅b+c(modm) b. a⫺c⬅b⫺c(modm) c. ac⬅bc(modm).
Proof.
a. We prove the first here. We have a⬅b(modm), so m|(a⫺b). But a⫺b= (a+c)⫺ (b+c), and this is divisible by m, hence a+c⬅b+c(modm).
b. (For you to prove.)
c. (For you to prove.) I
We can do even better than the properties of proposition 19 when dealing with congru-ences. That is, we do not have to add, subtract, or multiply by the same element on both sides of a congruence to preserve it, but only by elements that are congruent modulo m. These properties are easily established, and are left to you to prove.
PROPOSITION 20. Leta,b,c, and dbe integers, and let mbe a positive integer. Sup-posea⬅b(modm), and c⬅d(modm). Then
a. a+c⬅b+d(modm) b. a⫺c⬅b⫺d(modm) c. ac⬅bd(modm).
E
XAMPLES.
Note that 9 ⬅2 (mod 7). Then all of the following are true:• (7 + 9) ⬅(⫺7 + 2) (mod 7)
Check: (7 + 9) ⬅16⬅2 (mod 7) and (⫺7 + 2) ⬅⫺5⬅2 (mod 7)
• (3 ⫺9)⬅(⫺4⫺2) (mod 7)
Check: (3 ⫺9)⬅⫺6⬅1 (mod 7) and (⫺4⫺2)⬅⫺6⬅1 (mod 7)
• (3 ⭈9)⬅(⫺4⭈9) (mod 7)
Check: (3 ⭈9)⬅27⬅6 (mod 7) and (⫺4⭈2)⬅⫺8⬅6 (mod 7)
Note that a similar property for division does not appear in proposition 19 or proposition 20. This is because it isn’t true in general. For example, note that 16 ⬅4 (mod 12), but that 16/2 = 8 is not congruent modulo 12 to 4/2 = 2. However, if we take the gcd of 12 and 2, note that 8 and 2 are congruent modulo 6 = 12/(12, 2). This is true in general, and we prove it thus:
PROPOSITION 21. Leta,b, and cbe integers, and let mbe a positive integer. Let d= (c,m), and suppose ac⬅bc(modm). Then a⬅b(modm/d).
Proof. Sinceac⬅bc(modm),m|(ac⫺bc) = c(a⫺b). Thus, there is an integer ksuch thatc(a⫺b) = km. Divide both sides by dto get (c/d)(a⫺b) = k(m/d). Proposition 7 says c/dandm/dare relatively prime, so (m/d)|(a⫺ b) by proposition 13. Thus, a⬅ b(mod
m/d). I
A special case occurs in the previous theorem when candmare relatively prime, for then division by the integer cpreserves the congruence modulo m. For example, note that 50⬅15 (mod 7), and that 50 = 10 ⭈5, and 15 = 3 ⭈5. Since 5 is relatively prime to the mod-ulus 7, we can factor it out on both sides of the congruence and still preserve it; that is, 10
⬅3 (mod 7).
E
XAMPLES.
• 10 ⬅4 (mod 3), so 10/2⬅4/2 (mod 3), or 5⬅2 (mod 3)
• 30 ⬅12 (mod 18), so 30/3⬅12/3 (mod 18/3), or 10⬅4 (mod 6).
4.2 Linear Congruences 97
We now have enough artillery in our arsenal to solve linear congruences. A linear con-gruence in one variable is of the form ax⬅b(modm) where xis unknown. The following are examples of such congruences:
a. 9x⬅1 (mod 45) b. 21z⬅9 (mod 30)
Some of these congruences have solutions, while others do not. For example, the con-gruence (b) has all of the following solutions for z:
z⬅9 (mod 30), since 21 ⭈9 = 189 ⬅9 (mod 30) z⬅19 (mod 30), since 21 ⭈19 = 399 ⬅9 (mod 30) z⬅29 (mod 30), since 21 ⭈29 = 609 ⬅9 (mod 30)
However, the congruence (a) has no solutions for x. Why? The following tells us when solutions exist, and how to find them.
PROPOSITION 22. Supposeax⬅b(modm), where bis an integer, and aandmare nonzero integers. Let d= (a,m). If dⱉb, the congruence has no solution for x. If d|b, then there are exactly dincongruent solutions modulo m, given by x=x0+tm/d, where x0is a particular solution to the linear diophantine equation ax+my=b, and t= 0, 1, . . . , d⫺1.
Proof. Proposition 7 says that the linear congruence ax⬅b(modm) is equivalent to the linear diophantine equation ax⫺mz=b, or ax+my=bwherey=⫺z. The integer xis a solution of ax⬅b(modm) iff ∃an integer ysuch that ax+my=b. By proposition 16 we have no integer solutions to this equation if dⱉb, but when d|b, we have infinitely many solutions given by
x=x0+mt/d,y=y0+at/d, where x=x0,y=y0is a particular solution.
These values for xare then solutions to ax⬅b(modm). To determine which solutions are congruent modulo m, suppose
x0+mr/d⬅x0+ms/dwhererandsare integers.
Subtractx0from both sides to get
(m/d)r⬅(m/d)s(modm)
and note that (m,m/d) = m/dsince (m/d)|m. We then use proposition 21 to see that r⬅s(modd).
This says that two solutions x0+mr/dandx0+ms/dare congruent modulo mexactly when randsare congruent modulo d. Thus, the complete set of incongruent solutions x=x0+mt/d is obtained as tspans the integers 0, 1, . . . , d⫺1. I Just stating proposition 22 sounds like a mouthful, but using it to solve linear congruences is actually easy, as we’ll see in the following examples. Note that for linear congruences, as with linear diophantine equations, we concern ourselves only with congruences where all
the constants are positive. Congruences not in this form can easily be put so by replacing the values for aandbwith their least nonnegative residues modulo m. For example, the congruence 143x⬅⫺11 (mod 121) yields exactly the same set of incongruent solutions as 22x⬅110 (mod 121).
E
XAMPLES.
• Find all incongruent solutions to 9x⬅7 (mod 12). Note that (9, 12) = 3, and that 3 ⱉ7.
Therefore, there are no solutions.
• Find all incongruent solutions to 16x⬅12(mod 20). We compute (16, 20) = 4, and note that 4|12. Thus, 4 incongruent solutions modulo 12 exist. We first find a particular solu-tion by noting that solving 16x⬅12 (mod 20) for xis the same as solving the linear dio-phantine equation 16x⫺20y= 12. Note that we may just as well solve the equation 16x+ 20y= 12 because we will discard the value obtained for yanyway. We find a par-ticular solution to be x=x0=⫺3,y=y0= 3. The set of all incongruent solutions can be computed as
x=⫺3 + 0 ⭈(20/4) = ⫺3⬅17 (mod 20) x=⫺3 + 1 ⭈5⬅2 (mod 20)
x=⫺3 + 2 ⭈5⬅7 (mod 20) x=⫺3 + 3 ⭈5⬅12 (mod 20).
The validity of each of these solutions is easily checked, and you are invited to do so.
Java Algorithm. Surely you have noticed that solving a linear congruence simply means solving the appropriate linear diophantine equation. Therefore, writing a solveLin-earCongruence() method in the BigIntegerMath class should be a snap.
public static BigInteger[] solveLinearCongruence(BigInteger a, BigInteger b, BigInteger m) {
BigInteger[] answers=solveLinearDiophantine(lnr(a,m),m,lnr(b,m));
return answers;
}
I have written an applet called TestLinearCongruenceApplet which you can run from the book’s website. Some screen shots are shown in Figures 4.2, 4.3, and 4.4.
Note that if there are multiple solutions, you can repeatedly press the “Next Solution” but-ton to see the others.