Solving Congruences

Section 4.4
Section Summary
Linear Congruences
The Chinese Remainder Theorem
Computer Arithmetic with Large Integers
(not currently included in slides, see text)
Fermat’s Little Theorem
Pseudoprimes
Primitive Roots and Discrete Logarithms
Linear Congruences
ax ≡ b( mod m),
Definition: A congruence of the form

where m is a positive integer, a and b are integers, and x is a

variable, is called a linear congruence.

 The solutions to a linear congruence ax≡ b( mod m) are all integers

x that satisfy the congruence.

Definition: An integer ā such that āa ≡ 1( mod m) is said to be an

Example: 5 is an inverse of 3 modulo 7 since 5∙3 = 15 ≡ 1(mod 7)

inverse of a modulo m.

 One method of solving linear congruences makes use of an inverse

ā, if it exists. Although we can not divide both sides of the
congruence by a, we can multiply by ā to solve for x.
Inverse of a modulo m
 The following theorem guarantees that an inverse of a modulo m

and b are relatively prime when gcd(a,b) = 1.

exists whenever a and m are relatively prime. Two integers a

Theorem 1: If a and m are relatively prime integers and m > 1,

then an inverse of a modulo m exists. Furthermore, this inverse
is unique modulo m. (This means that there is a unique positive
integer ā less than m that is an inverse of a modulo m and every

Proof: Since gcd(a,m) = 1, by Theorem 6 of Section 4.3, there

other inverse of a modulo m is congruent to ā modulo m.)

are integers s and t such that sa + tm = 1.

 Hence, sa + tm ≡ 1 ( mod m).
 Since tm ≡ 0 ( mod m), it follows that sa ≡ 1 ( mod m)

 The uniqueness of the inverse is Exercise 7.

 Consequently, s is an inverse of a modulo m.
Finding Inverses
The Euclidean algorithm and Bézout coefficients
gives us a systematic approaches to finding

Example: Find an inverse of 3 modulo 7.

inverses.

Solution: Because gcd(3,7) = 1, by Theorem 1,

an inverse of 3 modulo 7 exists.
 Using the Euclidian algorithm: 7 = 2∙3 + 1.
 From this equation, we get −2∙3 + 1∙7 = 1, and
see that −2 and 1 are Bézout coefficients of 3 and
7.
 Hence, −2 is an inverse of 3 modulo 7.
 Also every integer congruent to −2 modulo 7 is an
inverse of 3 modulo 7, i.e., 5, −9, 12, etc.
Finding Inverses
Example: Find an inverse of 101 modulo 4620.

= 1.Backwards:
Solution: First use the Euclidian algorithm to
show that gcd(101,4620)
42620 = 45∙101 + 1 = 3 − 1∙2
Working

75 1 = 3 − 1∙(23 − 7∙3) = − 1 ∙23 +

101 = 1∙75 + 26 8∙3
75 = 2∙26 + 23 1 = −1∙23 + 8∙(26 − 1∙23) = 8∙26 −
26 = 1∙23 + 3 9 ∙23
23 = 7∙3 + 2 1 = 8∙26 − 9 ∙(75 − 2∙26 )= 26∙26 −
3 = 1∙2 + 1 9 ∙75
2 =the
2∙1last nonzero 1 = 26∙(101 − 1∙75) − 9 ∙75
remainder is 1, = 26∙101 − 35 1601
: − 35 and ∙75 is an
Since

gcd(101,4260) = 1 1601 1 = 26∙101 − 35 ∙(42620 − 45∙101)

inverse of 101
Bézout coefficients

modulo 42620
Using Inverses to Solve Congruences
 We can solve the congruence ax≡ b( mod m) by

Example: What are the solutions of the congruence 3x≡

multiplying both sides by ā.

4( mod 7).
Solution: We found that −2 is an inverse of 3 modulo 7

by −2 giving
(two slides back). We multiply both sides of the congruence

−2 ∙ 3x ≡ −2 ∙ 4(mod 7).
Because −6 ≡ 1 (mod 7) and −8 ≡ 6 (mod 7), it follows
that if x is a solution, then x ≡ −8 ≡ 6 (mod 7)
We need to determine if every x with x ≡ 6 (mod 7) is a
solution. Assume that x ≡ 6 (mod 7). By Theorem 5 of
Section 4.1, it follows that 3x ≡ 3 ∙ 6 = 18 ≡ 4( mod 7)

The solutions are the integers x such that x ≡ 6 (mod 7),

which shows that all such x satisfy the congruence.
The Chinese Remainder Theorem
 In the first century, the Chinese mathematician Sun-Tsu
asked:

divided by 3, the remainder is 2; when divided by 5, the

There are certain things whose number is unknown. When

remainder is 3; when divided by 7, the remainder is 2. What

will be the number of things?
 This puzzle can be translated into the solution of the
system of congruences:
x ≡ 2 ( mod 3),
x ≡ 3 ( mod 5),
x ≡ 2 ( mod 7)?
 We’ll see how the theorem that is known as the Chinese
Remainder Theorem can be used to solve Sun-Tsu’s
problem.
The Chinese Remainder Theorem
Theorem 2: (The Chinese Remainder Theorem) Let m1,m2,…,mn be
pairwise relatively prime positive integers greater than one and a1,a2,…,an
arbitrary integers. Then the system
x ≡ a1 ( mod m1)
x ≡ a2 ( mod m2)
∙
∙
∙
x ≡ an ( mod mn)
has a unique solution modulo m = m1m2 ∙ ∙ ∙ mn.
(That is, there is a solution x with 0 ≤ x <m and all other solutions are
congruent modulo m to this solution.)

 Proof: We’ll show that a solution exists by describing a way to construct

30. continued →
the solution. Showing that the solution is unique modulo m is Exercise
The Chinese Remainder Theorem
To construct a solution first let Mk=m/mk for k = 1,2,…,n and m = m1m2 ∙ ∙ ∙ mn.

Since gcd(mk ,Mk ) = 1, by Theorem 1, there is an integer yk , an inverse of Mk

modulo mk, such that
Mk yk ≡ 1 ( mod mk ).

x = a1 M1 y1 + a2 M2 y2 + ∙ ∙ ∙ + an Mn yn .
Form the sum

Note that because Mj ≡ 0 ( mod mk) whenever j ≠k , all terms except the kth term in this
sum are congruent to 0 modulo mk .
Because Mk yk ≡ 1 ( mod mk ), we see that x ≡ ak Mk yk ≡ ak( mod mk), for k = 1,2,…,n.

x ≡ a1 ( mod m1)
Hence, x is a simultaneous solution to the n congruences.

x ≡ a2 ( mod m2)
∙
∙
∙
x ≡ an ( mod mn)
The Chinese Remainder Theorem
Example: Consider the 3 congruences from Sun-Tsu’s problem:
x ≡ 2 ( mod 3), x ≡ 3 ( mod 5), x ≡ 2 ( mod 7).
 Let m = 3∙ 5 ∙ 7 = 105, M1 = m/3 = 35, M3 = m/5 = 21,
M3 = m/7 = 15.
 We see that
 2 is an inverse of M
1 = 35 modulo 3 since 35 ∙ 2 ≡ 2 ∙ 2 ≡ 1 (mod 3)

1 is an inverse of M2 = 21 modulo 5 since 21 ≡ 1 (mod 5)

1 is an inverse of M3 = 15 modulo 7 since 15 ≡ 1 (mod 7)


 Hence,


x = a1M1y1 + a2M2y2 + a3M3y3

= 2 ∙ 35 ∙ 2 + 3 ∙ 21 ∙ 1 + 2 ∙ 15 ∙ 1 = 233 ≡ 23 (mod 105)

 We have shown that 23 is the smallest positive integer that is a

simultaneous solution. Check it!
Back Substitution
 We can also solve systems of linear congruences with pairwise relatively prime
moduli by rewriting a congruences as an equality using Theorem 4 in Section
4.1, substituting the value for the variable into another congruence, and
continuing the process until we have worked through all the congruences. This
method is known as back substitution.

≡ 1 (mod 5), x ≡ 2 (mod 6), and x ≡ 3 (mod 7).

Example: Use the method of back substitution to find all integers x such that x

Solution: By Theorem 4 in Section 4.1, the first congruence can be rewritten as x

= 5t +1, where t is an integer.
 Substituting into the second congruence yields 5t +1 ≡ 2 (mod 6).
 Solving this tells us that t ≡ 5 (mod 6).
 Using Theorem 4 again gives t = 6u + 5 where u is an integer.
 Substituting this back into x = 5t +1, gives x = 5(6u + 5) +1 = 30u + 26.
 Inserting this into the third equation gives 30u + 26 ≡ 3 (mod 7).
 Solving this congruence tells us that u ≡ 6 (mod 7).
 By Theorem 4, u = 7v + 6, where v is an integer.
 Substituting this expression for u into x = 30u + 26, tells us that x = 30(7v + 6) +
26 = 210u + 206.
Translating this back into a congruence we find the solution x ≡ 206 (mod 210).
Fermat’s Little Theorem Pierre de
Fermat
Theorem 3: (Fermat’s Little Theorem) If p is prime and a(1601-1665)
not divisible by p, then ap-1 ≡ 1 (mod p)
is an integer

Furthermore, for every integer a we have ap ≡ a (mod p)

(proof outlined in Exercise 19)

Fermat’s little theorem is useful in computing the remainders modulo p

Example: Find 7222 mod 11.

of large powers of integers.

By Fermat’s little theorem, we know that 710 ≡ 1 (mod 11), and so (710 )k ≡
1 (mod 11), for every positive integer k. Therefore,

7222 = 722∙10 + 2 = (710)2272 ≡ (1)22 ∙49 ≡ 5 (mod 11).

Hence, 7222 mod 11 = 5.

Pseudoprimes
By Fermat’s little theorem n > 2 is prime, where
2n-1 ≡ 1 (mod n).

Composite integers n such that 2n-1 ≡ 1 (mod n) are called

But if this congruence holds, n may not be prime.

pseudoprimes to the base 2.

Example: The integer 341 is a pseudoprime to the base
2.
341 = 11 ∙ 31
2340 ≡ 1 (mod 341) (see in Exercise 37)
We can replace 2 by any integer b ≥ 2.

composite integer, and bn-1 ≡ 1 (mod n), then n is called a

Definition: Let b be a positive integer. If n is a

pseudoprime to the base b.

Pseudoprimes
Given a positive integer n, such that 2n-1 ≡ 1 (mod n):
 If n does not satisfy the congruence, it is composite.

pseudoprime to the base 2.

 If n does satisfy the congruence, it is either prime or a

Doing similar tests with additional bases b, provides

more evidence as to whether n is prime.
Among the positive integers not exceeding a positive
real number x, compared to primes, there are
relatively few pseudoprimes to the base b.
 For example, among the positive integers less than 1010
there are 455,052,512 primes, but only 14,884
pseudoprimes to the base 2.
Carmichael Numbers
(optional) Robert Carmichael
(1879-1967)

gcd(b,n) = 1.
 There are composite integers n that pass all tests with bases b such that

Definition: A composite integer n that satisfies the congruence bn-1 ≡ 1 (mod

n) for all positive integers b with gcd(b,n) = 1 is called a Carmichael number.
Example: The integer 561 is a Carmichael number. To see this:
 561 is composite, since 561 = 3 ∙ 11 ∙ 13.
 If gcd(b, 561) = 1, then gcd(b, 3) = 1, then
gcd(b, 11) = gcd(b, 17) =1.
 Using Fermat’s Little Theorem: b2 ≡ 1 (mod 3), b10 ≡ 1 (mod 11), b16 ≡ 1 (mod
17).
 Then
b560 = (b2) 280 ≡ 1 (mod 3),
b560 = (b10) 56 ≡ 1 (mod 11),
b560 = (b16) 35 ≡ 1 (mod 17).
 It follows (see Exercise 29) that b560 ≡ 1 (mod 561) for all positive integers b
with gcd(b,561) = 1. Hence, 561 is a Carmichael number.
 Even though there are infinitely many Carmichael numbers, there are other
tests (described in the exercises) that form the basis for efficient probabilistic
primality testing. (see Chapter 7)
Primitive Roots
Definition: A primitive root modulo a prime p is an
integer r in Zp such that every nonzero element of Zp is

Example: Since every element of Z11 is a power of 2,

a power of r.

2 is a primitive root of 11.

Powers of 2 modulo 11: 21 = 2, 22 = 4, 23 = 8, 24 = 5, 25 = 10, 26 = 9, 27
= 7, 28 = 3, 210 = 2.
Example: Since not all elements of Z11 are powers of
3, 3 is not a primitive root of 11.
Powers of 3 modulo 11: 31 = 3, 32 = 9, 33 = 5, 34 = 4, 35 = 1, and the
pattern repeats for higher powers.
Important Fact: There is a primitive root modulo p
for every prime number p.
Discrete Logarithms
between 1 and p −1, that is an element of Zp, there is a unique
Suppose p is prime and r is a primitive root modulo p. If a is an integer

exponent e such that re = a in Zp, that is, re mod p = a.

a is an integer between 1 and p −1, inclusive. If re mod p = a and

Definition: Suppose that p is prime, r is a primitive root modulo p, and

1 ≤ e ≤ p − 1, we say that e is the discrete logarithm of a modulo p to

the base r and we write logr a = e (where the prime p is understood).
Example 1: We write log2 3 = 8 since the discrete logarithm of 3
modulo 11 to the base 2 is 8 as 28 = 3 modulo 11.
Example 2: We write log2 5 = 4 since the discrete logarithm of 5
modulo 11 to the base 2 is 4 as 24 = 5 modulo 11.
There is no known polynomial time algorithm for computing the
discrete logarithm of a modulo p to the base r (when given the

problem plays a role in cryptography as will be discussed in Section 4.6.

prime p, a root r modulo p, and a positive integer a ∊Zp). The
Applications of
Congruences
Section 4.5
Section Summary
Hashing Functions
Pseudorandom Numbers
Check Digits
Hashing Functions
Definition: A hashing function h assigns memory location h(k) to the record that has k
as its key.
 A common hashing function is h(k) = k mod m, where m is the number of memory
locations.

Example: Let h(k) = k mod 111. This hashing function assigns the records of
 Because this hashing function is onto, all memory locations are possible.

customers with social security numbers as keys to memory locations in the following
manner:
h(064212848) = 064212848 mod 111 = 14
h(037149212) = 037149212 mod 111 = 65
h(107405723) = 107405723 mod 111 = 14, but since location 14 is already occupied, the record is
assigned to the next available position, which is 15.
 The hashing function is not one-to-one as there are many more possible keys than
memory locations. When more than one record is assigned to the same location, we say
a collision occurs. Here a collision has been resolved by assigning the record to the
first free location.
 For collision resolution, we can use a linear probing function:
h(k,i) = (h(k) + i) mod m, where i runs from 0 to m − 1.
 There are many other methods of handling with collisions. You may cover these in a
later CS course.
Pseudorandom Numbers
 Randomly chosen numbers are needed for many purposes, including
computer simulations.
 Pseudorandom numbers are not truly random since they are
generated by systematic methods.
 The linear congruential method is one commonly used procedure for
generating pseudorandom numbers.

2 ≤ a < m, 0 ≤ c < m, 0 ≤ x0 < m.

 Four integers are needed: the modulus m, the multiplier a, the
increment c, and seed x0, with
 We generate a sequence of pseudorandom numbers {xn}, with
0 ≤ xn < m for all n, by successively using the recursively defined
function
xn+1 = (axn + c) mod m.

(an example of a recursive definition, discussed in Section 5.3)

 If psudorandom numbers between 0 and 1 are needed, then the
generated numbers are divided by the modulus, xn /m.
Pseudorandom Numbers
congruential method with modulus m = 9, multiplier a = 7, increment c = 4, and
 Example: Find the sequence of pseudorandom numbers generated by the linear

seed x0 = 3.

xn+1 = (7xn + 4) mod 9, with x0 = 3.

 Solution: Compute the terms of the sequence by successively using the
congruence
x1 = 7x0 + 4 mod 9 = 7∙3 + 4 mod 9 = 25 mod 9 = 7,
x2 = 7x1 + 4 mod 9 = 7∙7 + 4 mod 9 = 53 mod 9 = 8,
x3 = 7x2 + 4 mod 9 = 7∙8 + 4 mod 9 = 60 mod 9 = 6,
x4 = 7x3 + 4 mod 9 = 7∙6 + 4 mod 9 = 46 mod 9 = 1,
x5 = 7x4 + 4 mod 9 = 7∙1 + 4 mod 9 = 11 mod 9 = 2,
x6 = 7x5 + 4 mod 9 = 7∙2 + 4 mod 9 = 18 mod 9 = 0,
x7 = 7x6 + 4 mod 9 = 7∙0 + 4 mod 9 = 4 mod 9 = 4,
x8 = 7x7 + 4 mod 9 = 7∙4 + 4 mod 9 = 32 mod 9 = 5,
x9 = 7x8 + 4 mod 9 = 7∙5 + 4 mod 9 = 39 mod 9 = 3.
The sequence generated is 3,7,8,6,1,2,0,4,5,3,7,8,6,1,2,0,4,5,3,…
It repeats after generating 9 terms.
 Commonly, computers use a linear congruential generator with increment c = 0.
This is called a pure multiplicative generator. Such a generator with modulus 231 −
1 and multiplier 75 = 16,807 generates 2 31 − 2 numbers before repeating.
Check Digits: UPCs
 A common method of detecting errors in strings of digits is to add an extra
digit at the end, which is evaluated using a function. If the final digit is not
correct, then the string is assumed not to be correct.

(UPCs). Usually these have 12 decimal digits, the last one being the check
Example: Retail products are identified by their Universal Product Codes

digit. The check digit is determined by the congruence:

3x1 + x2 + 3x3 + x4 + 3x5 + x6 + 3x7 + x8 + 3x9 + x10 + 3x11 + x12 ≡ 0 (mod 10).
a. Suppose that the first 11 digits of the UPC are 79357343104. What is the check digit?
b. Is 041331021641 a valid UPC?
Solution:
c. 3∙7 + 9 + 3∙3 + 5 + 3∙7 + 3 + 3∙4 + 3 + 3∙1 + 0 + 3∙4 + x12 ≡ 0 (mod 10)
21 + 9 + 9 + 5 + 21 + 3 + 12+ 3 + 3 + 0 + 12 + x12 ≡ 0 (mod 10)
98 + x12 ≡ 0 (mod 10)
x12 ≡ 2 (mod 10) So, the check digit is 2.
b. 3∙0 + 4 + 3∙1 + 3 + 3∙3 + 1 + 3∙0 + 2 + 3∙1 + 6 + 3∙4 + 1 ≡ 0 (mod 10)
0 + 4 + 3 + 3 + 9 + 1 + 0+ 2 + 3 + 6 + 12 + 1 = 44 ≡ 4 ≢ 0 (mod 10)
Hence, 041331021641 is not a valid UPC.
Check Digits:ISBNs
Books are identified by an International Standard Book Number (ISBN-10), a 10 digit code. The first
9 digits identify the language, the publisher, and the book. The tenth digit is a check digit, which is
determined by the following congruence

The validity of an ISBN-10 number can be evaluated with the equivalent

a. Suppose that the first 9 digits of the ISBN-10 are 007288008. What is the check digit?

b. Is 084930149X a valid ISBN10?

X is used

digit 10.
Solution:
X10 ≡ 1∙0 + 2∙0 + 3∙7 + 4∙2 + 5∙8 + 6∙8 + 7∙ 0 + 8∙0 + 9∙8 (mod 11).
for the
a.
X10 ≡ 0 + 0 + 21 + 8 + 40 + 48 + 0 + 0 + 72 (mod 11).
X10 ≡ 189 ≡ 2 (mod 11). Hence, X10 = 2.
b. 1∙0 + 2∙8 + 3∙4 + 4∙9 + 5∙3 + 6∙0 + 7∙ 1 + 8∙4 + 9∙9 + 10∙10 =
0 + 16 + 12 + 36 + 15 + 0 + 7 + 32 + 81 + 100 = 299 ≡ 2 ≢ 0 (mod 11)
Hence, 084930149X is not a valid ISBN-10.

 A single error is an error in one digit of an identification number and a transposition error is the
accidental interchanging of two digits. Both of these kinds of errors can be detected by the check
digit for ISBN-10. (see text for more details)