Homomorphisms and Chinese Remainder Algorithms (cont.) L. Yohanes - - PowerPoint PPT Presentation

homomorphisms and chinese remainder algorithms cont
SMART_READER_LITE
LIVE PREVIEW

Homomorphisms and Chinese Remainder Algorithms (cont.) L. Yohanes - - PowerPoint PPT Presentation

Mar 29, 2024 44 likes •359 views

Homomorphisms and Chinese Remainder Algorithms(cont.) Homomorphisms and Chinese Remainder Algorithms (cont.) L. Yohanes Stefanus L. Yohanes Stefanus Slide 07.1 Homomorphisms and Chinese Remainder Algorithms(cont.) The Chinese Remainder

slide-1
SLIDE 1

Homomorphisms and Chinese Remainder Algorithms(cont.)

Homomorphisms and Chinese Remainder Algorithms (cont.)

  • L. Yohanes Stefanus
  • L. Yohanes Stefanus

Slide 07.1

slide-2
SLIDE 2

Homomorphisms and Chinese Remainder Algorithms(cont.)

The Chinese Remainder Problem

We will study algorithms for inverting homomorphisms. The Chinese Remainder Problem Given moduli m0, m1, . . . , mn ∈ Z and given corresponding residues ui ∈ Zmi, 0 ≤ i ≤ n, find an integer u ∈ Z such that u ≡ ui (mod mi), 0 ≤ i ≤ n. The following theorem specifies conditions under which there exists a unique solution to the Chinese remainder problem.

  • L. Yohanes Stefanus

Slide 07.2

slide-3
SLIDE 3

Homomorphisms and Chinese Remainder Algorithms(cont.)

Theorem (5.7: Chinese Remainder Theorem) Let m0, m1, . . . , mn ∈ Z be integers which are pairwise relatively prime, that is, gcd(mi, mj) = 1 for i = j, and let ui ∈ Zmi, i = 0, 1, . . . , n be n + 1 specified residues. For any fixed integer a ∈ Z there exists a unique integer u ∈ Z which satisfies the following conditions: a ≤ u < a + m, where m =

n

  • i=0

mi (1) u ≡ ui (mod mi), 0 ≤ i ≤ n (2)

  • L. Yohanes Stefanus

Slide 07.3

slide-4
SLIDE 4

Homomorphisms and Chinese Remainder Algorithms(cont.)

Proof: Uniqueness

Let u, v ∈ Z be two integers satisfying conditions (1) and (2). Then using the fact that ≡ is an equivalence relation, it follows from condition (2) that u ≡ v (mod mi), for i = 0, 1, . . . , n ⇒ u − v ∈ mi, for i = 0, 1, . . . , n ⇒ u − v ∈ m, where m = n

i=0 mi

where we have used the fact that since the moduli m0, m1, . . . , mn are pairwise relatively prime, an integer which is a multiple of each mi must also be a multiple of the product m. Furthermore, from condition (1) it follows that |u − v| < m and hence u − v = 0 because 0 is the only element of the ideal m which has absolute value less than m. Thus u = v.

  • L. Yohanes Stefanus

Slide 07.4

slide-5
SLIDE 5

Homomorphisms and Chinese Remainder Algorithms(cont.)

Proof (cont.): Existence

Let u run through the m distinct integer values in the range specified by condition (1) and consider the corresponding (n + 1)-tuples (φm0(u), φm1(u), . . . , φmn(u)), where φmi is the modular homomorphism defined by φmi(a) = rem(a, mi) for all a ∈ Z. By the uniqueness proof, no two of these (n + 1)-tuples can be identical and hence the (n + 1)-tuples also take on m distinct values. But since the finite ring Zmi contains precisely mi elements there are exactly m = n

i=0 mi distinct (n + 1)-tuples (v0, v1, . . . , vn) such that

vi ∈ Zmi. Hence each possible (n + 1)-tuple occurs exactly

  • nce and therefore there must be one value of u in the given

range such that (φm0(u), φm1(u), . . . , φmn(u)) = (u0, u1, . . . , un).

  • L. Yohanes Stefanus

Slide 07.5

slide-6
SLIDE 6

Homomorphisms and Chinese Remainder Algorithms(cont.)

Different choices of values for the arbitrary integer a in Theorem 5.7 correspond to different representations for the ring Zm. The choice a = 0 corresponds to the familiar positive representation of Zm as Zm = {0, 1, . . . , m − 1} where m is positive. The choice a = −m−1

2

corresponds to the symmetric representation of Zm as Zm = {−m − 1 2 , . . . , −1, 0, 1, . . . , m − 1 2 } where m is odd positive. In practical applications, usually all of the moduli m0, m1, . . . , mn and m are odd positive integers.

  • L. Yohanes Stefanus

Slide 07.6

slide-7
SLIDE 7

Homomorphisms and Chinese Remainder Algorithms(cont.)

Garner’s Chinese Remainder Algorithm

The key to Garner’s algorithm is to express the solution u ∈ Zm in the mixed radix representation: u = v0 + v1(m0) + v2(m0m1) + · · · + vn(

n−1

  • i=0

mi) (3) where vk ∈ Zmk for k = 0, 1, . . . , n.

  • L. Yohanes Stefanus

Slide 07.7

slide-8
SLIDE 8

Homomorphisms and Chinese Remainder Algorithms(cont.)

Example Let m0 = 3, m1 = 5, m2 = 7, m3 = 11, and m = m0m1m2m3 = 1155. Using the positive representation, the integer u = 868 ∈ Z1155 has the unique mixed radix representation 868 = v0 + v1(3) + v2(15) + v3(105) with v0 = 1 ∈ Z3, v1 = 4 ∈ Z5, v2 = 1 ∈ Z7, and v3 = 8 ∈ Z11.

  • L. Yohanes Stefanus

Slide 07.8

slide-9
SLIDE 9

Homomorphisms and Chinese Remainder Algorithms(cont.)

Expressing the solution u of the system of congruences (2) in the mixed radix representation (3), it is straightforward to determine the coefficients vk (0 ≤ k ≤ n) appearing in (3). From (3) we have u ≡ v0 (mod m0) and therefore the case i = 0 of the system of congruences (2) will be satisfied if v0 ∈ Zm0 is chosen such that v0 ≡ u0 (mod m0). (4)

  • L. Yohanes Stefanus

Slide 07.9

slide-10
SLIDE 10

Homomorphisms and Chinese Remainder Algorithms(cont.)

In general for k ≥ 1, we have from (3) that u ≡ v0 + v1(m0) + · · · + vk(

k−1

  • i=0

mi) (mod mk). If coefficients v0, v1, . . . , vk−1 have been determined then we can satisfy the case i = k of the system of congruences (2) by choosing vk such that v0 + v1(m0) + · · · + vk(

k−1

  • i=0

mi) ≡ uk (mod mk). This congruence equation can be solved for vk ∈ Zmk, k ≥ 1: vk ≡ (uk −[v0 +v1(m0)+· · ·+vk−1(

k−2

  • i=0

mi)])M (mod mk) (5) where the inverse M = (k−1

i=0 mi)−1 appearing here is valid

because k−1

i=0 mi is relatively prime to mk.

  • L. Yohanes Stefanus

Slide 07.10

slide-11
SLIDE 11

Homomorphisms and Chinese Remainder Algorithms(cont.)

Algorithm 5.1: Garner’s Chinese Remainder Algorithm

Garner’s Chinese Remainder Algorithm procedure IntegerCRA((m0, . . . , mn), (u0, . . . , un)) # Given moduli mi ∈ Z(0 ≤ i ≤ n) which are pairwise # relatively prime and corresponding residues ui ∈ Zmi, # compute the unique integer u ∈ Zm (where m = n

i=0 mi)

# such that u ≡ ui (mod mi), i = 0, 1, . . . , n. # Step 1: Compute the required inverses using a # procedure reciprocal(a,q) which gives a−1 (mod q). for k from 1 to n do {

product ← φmk (m0) for i from 1 to k − 1 do product ← φmk (product · mi) γk ← reciprocal(product, mk)

}

  • L. Yohanes Stefanus

Slide 07.11

slide-12
SLIDE 12

Homomorphisms and Chinese Remainder Algorithms(cont.)

Algorithm 5.1 (cont.)

# Step 2: Compute the mixed radix coeffs vk. v0 ← u0 for k from 1 to n do {

temp ← vk−1 for j from k − 2 to 0 by −1 do temp ← φmk (temp · mj + vj) vk ← φmk ((uk − temp) · γk)

}

  • L. Yohanes Stefanus

Slide 07.12

slide-13
SLIDE 13

Homomorphisms and Chinese Remainder Algorithms(cont.)

Algorithm 5.1 (cont.)

# Step 3: Convert from mixed radix representation # to standard representation u ← vn for k from n − 1 to 0 by −1 do u ← u · mk + vk return(u)

end procedure

  • L. Yohanes Stefanus

Slide 07.13

slide-14
SLIDE 14

Homomorphisms and Chinese Remainder Algorithms(cont.)

Remarks on Garner’s algorithm Step 3 performs the evaluation of (3) using the method of nested multiplication: u = v0 +m0(v1 +m1(v2 +· · ·+mn−2(vn−1 +mn−1(vn)) · · · )).

  • L. Yohanes Stefanus

Slide 07.14

slide-15
SLIDE 15

Homomorphisms and Chinese Remainder Algorithms(cont.)

Example Take as moduli the three (single-precision) integers which are odd and pairwise relatively prime: m0 = 99, m1 = 97, m2 = 95. Then m = m0m1m2 = 912285. Using the symmetric representation, the range of integers in Z912285 is −456142 ≤ u ≤ 456142. Consider the problem of determining u given that: u ≡ 49 (mod 99); u ≡ −21 (mod 97); u ≡ −30 (mod 95).

  • L. Yohanes Stefanus

Slide 07.15

slide-16
SLIDE 16

Homomorphisms and Chinese Remainder Algorithms(cont.)

Example (cont.) Applying Algorithm 5.1, in step 1 we compute the following inverses:

γ1 = m−1 (mod m1) = 2−1 (mod 97) = −48, γ2 = (m0m1)−1 (mod m2) = 8−1 (mod 95) = 12.

In step 2 we obtain the following mixed radix coefficients for u: v0 = 49, v1 = −35, v2 = −28. Finally, in step 3 we get the (multiprecision) solution: u = −272300.

  • L. Yohanes Stefanus

Slide 07.16

slide-17
SLIDE 17

Homomorphisms and Chinese Remainder Algorithms(cont.)

Example Back to the system of linear equations on Slide 06.02. Now we look at the system over the domains Zp for various primes p. By Cramer’s rule, each component of the solution is a ratio of two determinants. If we let x1 = det   1 44 74 −2 14 −10 34 −28 20   , y1 = det   22 1 74 15 −2 −10 −25 34 20   z1 = det   22 44 1 15 14 −2 −25 −28 34   , d = det   22 44 74 15 14 −10 −25 −28 20   then x1, y1, z1 and d will be integers and the solution is x = x1

d , y = y1 d , z = z1 d .

  • L. Yohanes Stefanus

Slide 07.17

slide-18
SLIDE 18

Homomorphisms and Chinese Remainder Algorithms(cont.)

Example (cont.) Fortunately, for a given domain Zp we need not calculate the determinants. Instead, we find the modular solution x(mod p), y(mod p), z(mod p), d(mod p) using the usual efficient Gaussian elimination method, and use x1 ≡ x d(mod p), y1 ≡ y d(mod p), z1 ≡ z d(mod p) to obtain modular representations for x1, y1, z1, and d. Application of Garner’s algorithm gives integer representations for these four quantities and hence rational number answers for x, y, and z.

  • L. Yohanes Stefanus

Slide 07.18

slide-19
SLIDE 19

Homomorphisms and Chinese Remainder Algorithms(cont.)

Example (cont.) For instance, working over Z7 (in the symmetric representation) the system of linear equations on Slide 06.02 becomes x +2y −3z = 1, x −3z = −2, 3x −z = −1. Gaussian elimination gives: x ≡ −1 (mod 7), y ≡ −2 (mod 7), z ≡ −2 (mod 7) and d ≡ −2 (mod 7). Thus, x1 ≡ 2 (mod 7), y1 ≡ −3 (mod 7), z1 ≡ −3 (mod 7). Similarly, working over the domains Z11, Z13, Z17 and Z19 gives x1 ≡ −5 (mod 11), y1 ≡ 0 (mod 11), z1 ≡ −4 (mod 11), d ≡ 1 (mod 11),

  • L. Yohanes Stefanus

Slide 07.19

slide-20
SLIDE 20

Homomorphisms and Chinese Remainder Algorithms(cont.)

Example (cont.) x1 ≡ −2 (mod 13), y1 ≡ 4 (mod 13), z1 ≡ 6 (mod 13), d ≡ 4 (mod 13), x1 ≡ 5 (mod 17), y1 ≡ −6 (mod 17), z1 ≡ −3 (mod 17), d ≡ −2 (mod 17), x1 ≡ 9 (mod 19), y1 ≡ 6 (mod 19), z1 ≡ 7 (mod 19), d ≡ −8 (mod 19). Thus, with respect to the moduli 7, 11, 13, 17 and 19, the modular representations are x1 = (2, −5, −2, 5, 9), y1 = (−3, 0, 4, −6, 6), z1 = (−3, −4, 6, −3, 7) and d = (−2, 1, 4, −2, −8). Using Garner’s algorithm, we obtain x1 = −44280, y1 = 40590, z1 = −11070 and d = −7380. Therefore, x = x1

d = 6, y = y1 d = −11 2 , z = z1 d = 3 2.

  • L. Yohanes Stefanus

Slide 07.20

slide-21
SLIDE 21

Homomorphisms and Chinese Remainder Algorithms(cont.)

Newton’s Interpolation

We are interested in the composite homomorphism φI,p = φIφp which projects the multivariate polynomial domain Z[x1, . . . , xν] onto the Euclidean domain Zp[x1] (or perhaps onto the field Zp), where p denotes a prime integer and I denotes the kernel of a multivariate evaluation homomorphism. φp : Z[x1, . . . , xν] → Zp[x1, . . . , xν] (6) φI : Zp[x1, . . . , xν] → Zp[x1] (7) The inversion process for (6) is the Chinese remainder

  • algorithm. The inversion process for (7) is the polynomial

interpolation algorithm.

  • L. Yohanes Stefanus

Slide 07.21

slide-22
SLIDE 22

Homomorphisms and Chinese Remainder Algorithms(cont.)

The inversion of multivariate evaluation homomorphisms of the form (7) will be accomplished one indeterminate at a time, viewing φI in the natural way as a composition of univariate evaluation homomorphisms. Therefore it is sufficient to consider the inversion of univariate evaluation homomorphisms of the form φx−αi : D[x] → D where D is in general a multivariate polynomial domain

  • ver a field Zp and αi ∈ Zp.

The development of an algorithm for polynomial interpolation is directly in parallel with the development of Garner’s algorithm. Indeed the two processes are identical if one takes an appropriate point of view of algebraic structures.

  • L. Yohanes Stefanus

Slide 07.22

slide-23
SLIDE 23

Homomorphisms and Chinese Remainder Algorithms(cont.)

The statement of the integer Chinese remainder problem can be paraphrased to get the following statement of the polynomial interpolation problem:

Let D be a domain of polynomials (in zero or more indeterminates other than x) over a coefficient field Zp. Given moduli x − α0, x − α1, . . . , x − αn where αi ∈ Zp, 0 ≤ i ≤ n, and given corresponding residues ui ∈ D, 0 ≤ i ≤ n, find a polynomial u(x) ∈ D[x] such that u(x) ≡ ui (mod x − αi), 0 ≤ i ≤ n. (8)

The congruences (8) are usually stated in the following equivalent form: u(αi) = ui, 0 ≤ i ≤ n (9) and the elements αi are called evaluation points or interpolation points.

  • L. Yohanes Stefanus

Slide 07.23

slide-24
SLIDE 24

Homomorphisms and Chinese Remainder Algorithms(cont.)

As in the case of the integer Chinese remainder problem, in order to guarantee that a solution exists we must impose the condition that the moduli {x − α0, x − α1, . . . , x − αn} be pairwise relatively prime. Obviously gcd(x − αi, x − αj) = 1 iff αi = αj, so the condition is that the moduli {x − αi} must be distinct (i.e. the evaluation points {αi} must be distinct). Also as in the integer Chinese remainder problem, the solution is only unique modulo n

i=0(x − αi), which means

the solution is unique if we restrict it to be of degree < n + 1.

  • L. Yohanes Stefanus

Slide 07.24

slide-25
SLIDE 25

Homomorphisms and Chinese Remainder Algorithms(cont.)

Algorithm 5.2: Newton’s Interpolation Algorithm procedure NewtonInterp((α0, . . . , αn), (u0, . . . , un)) # Let D = Zp[y1, . . . , yν] with ν ≥ 0 # (D = Zp in case ν = 0). Given distinct evaluation points # αi ∈ Zp (0 ≤ i ≤ n) and given corresponding values # ui ∈ D (0 ≤ i ≤ n), compute the unique polynomial # u(x) ∈ D[x] such that deg(u(x)) ≤ n and # u(αi) = ui, i = 0, 1, . . . , n. # Step 1: Compute the required inverses using a # procedure reciprocal(a,q) which gives a−1 (mod q). for k from 1 to n do {

product ← φp(αk − α0) for i from 1 to k − 1 do product ← φp(product · (αk − αi)) γk ← reciprocal(product, p)

}

  • L. Yohanes Stefanus

Slide 07.25

slide-26
SLIDE 26

Homomorphisms and Chinese Remainder Algorithms(cont.)

Algorithm 5.2 (cont.)

# Step 2: Compute the Newton coeffs vk. v0 ← u0 for k from 1 to n do {

temp ← vk−1 for j from k − 2 to 0 by −1 do temp ← φp(temp · (αk − αj) + vj) vk ← φp((uk − temp) · γk)

} # Step 3: Convert from Newton form to standard form u ← vn for k from n − 1 to 0 by −1 do u ← φp(u · (x − αk) + vk) return(u(x))

end procedure

  • L. Yohanes Stefanus

Slide 07.26

slide-27
SLIDE 27

Homomorphisms and Chinese Remainder Algorithms(cont.)

Example We want to find the polynomial u(x, y) ∈ Z97[x, y] of maximum degree 2 in x and maximum degree 1 in y specified by the following values in Z97: u(0, 0) = −21; u(0, 1) = −30; u(1, 0) = 20; u(1, 1) = 17; u(2, 0) = −36; u(2, 1) = −31. First we reconstruct the image of u(x, y) in Z97[x, y]/x − 0 (i.e. the case x = 0). In the notation of Algorithm 5.2 we have D = Z97, α0 = 0, α1 = 1, u0 = −21, u1 = −30, and we are computing a polynomial u(0, y) ∈ Z97[y] (i.e. the indeterminate x in Algorithm 5.2 is y for now). Step 1 is trivial in this case: γ1 = (α1 − α0)−1 (mod 97) = 1−1 (mod 97) = 1.

  • L. Yohanes Stefanus

Slide 07.27

slide-28
SLIDE 28

Homomorphisms and Chinese Remainder Algorithms(cont.)

Example Step 2 computes the Newton coefficients for u(0, y): v0 = −21, v1 = −9 and therefore step 3 gives u(0, y) = −21 − 9(y − 0) = −9y − 21. Similarly, we find the images of u(x, y) in Z97[x, y]/x − 1 and Z97[x, y]/x − 2: u(1, y) = −3y + 20; u(2, y) = 5y − 36.

  • L. Yohanes Stefanus

Slide 07.28

slide-29
SLIDE 29

Homomorphisms and Chinese Remainder Algorithms(cont.)

Example Next we apply Algorithm 5.2 with D = Z97[y], α0 = 0, α1 = 1, α2 = 2, u0 = u(0, y) = −9y − 21, u1 = u(1, y) = −3y + 20, u2 = u(2, y) = 5y − 36 to obtain the polynomial u(x, y) ∈ D[x] = Z97[y][x]. Step 1 gives the inverses: γ1 = (α1 − α0)−1 (mod 97) = 1−1 (mod 97) = 1; γ2 = [(α2 − α0)(α2 − α1)]−1 (mod 97) = 2−1 (mod 97) = −48. Step 2 gives the following Newton coefficients: v0 = −9y − 21, v1 = 6y + 41, v2 = y. Finally in step 3 we obtain the solution: u(x, y) = (−9y − 21) + (6y + 41)(x − 0) + y(x − 0)(x − 1) = x2y + 5xy + 41x − 9y − 21.

  • L. Yohanes Stefanus

Slide 07.29

slide-30
SLIDE 30

Homomorphisms and Chinese Remainder Algorithms(cont.)

Remarks on Algorithm 5.2

The polynomial u(x) ∈ D[x] is initially represented uniquely by its n + 1 residues (u0, u1, . . . , un) corresponding to the n + 1 distinct evaluation points (α0, α1, . . . , αn). At the end of step 2, the polynomial u(x) is represented uniquely in Newton form by its n + 1 Newton coefficients (v0, v1, . . . , vn) with respect to the basis polynomials 1, (x − α0), (x − α0)(x − α1), . . . ,

n−1

  • i=0

(x − αi). In step 3 the Newton form of u(x) is converted to standard polynomial form. So there are three different representations used for the same object.

  • L. Yohanes Stefanus

Slide 07.30

slide-31
SLIDE 31

Homomorphisms and Chinese Remainder Algorithms(cont.)

An issue which arises in the practical application of modular and evaluation homomorphisms and their corresponding inversion algorithms is to determine the number of moduli (evaluation points) needed to uniquely represent an unknown integer (polynomial). In the polynomial case, the information needed is an upper bound B for the degree of the result since B + 1 evaluation points are sufficient. In the integer case, if an upper bound M for the magnitude

  • f the integer result is known then by choosing enough

moduli mi such that m =

n

  • i=0

mi > 2M, we are guaranteed that the ring Zm is large enough to represent the integer result.

  • L. Yohanes Stefanus

Slide 07.31