This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Leo Reyzin. Notes for BU CAS CS 538. 1 4 Working with composite moduli and the Blum-Blum-Shub generator 4.1 Chinese Remainder Theorem Let p = q be two primes. The Chinese Remainder Theorem (CRT) says that working modulo n = pq is essentially the same as working modulo p and modulo q at the same time: more formally (for those comfortable with abstract algebra), that the ring Z n is isomorphic to the product ring Z p Z q . (Actually, this is the light version of CRT, which is all we need for this course. The full-fledged version says that working modulo a 1 a 2 . . . a k , where a i are pairwise relatively prime, is the same as working simultaneously modulo a 1 , a 2 , . . . , a k .) Here is an example. Consider all the values modulo 35. They are in one-to-one correspondence with values modulo 5 and modulo 7. 1 2 3 4 5 6 15 30 10 25 5 20 1 21 1 16 31 11 26 6 2 7 22 2 17 32 12 27 3 28 8 23 3 18 33 13 4 14 29 9 24 4 19 34 Observe that if you want to add, say, 17 and 29 (underlined in the table), is the same as adding 3 (which is 17 mod 7) and 1 (which is 29 mod 7) modulo 7 to get 4; adding 2 (which is 17 mod 5) and 4 (which is 29 mod 5) modulo 5 to get 1; and then looking up the value corresponding to coordinates 4 and 1 in the table to get 11 (in a box in the table). Thus, we can do addition coordinatewise. Same for multiplication. We now formally state and prove the observations above, generalized to p and q instead of 5 and 7. Theorem 1. Let p = q be primes, n = pq . For each a Z p , b Z q , there is unique c , c < n such that c a (mod p ) and c b (mod q ) . Proof. Let r = p- 1 mod q and s = q- 1 mod p . Let c = rpb + sqa . Then c rpb + sqa r b + 1 a a (mod p ), and c rpb + sqa 1 b + s a b (mod q ). Let c = c mod pq . Then pq | ( c- c ), so p | ( c- c ), so c c (mod p ). Similarly, c c (mod q ). Hence, c satisfies all the conditions: 0 c < n , and c a (mod p ) (because c c a (mod p )), and c b (mod q ) (because c c b (mod q )). Thus, for every pair ( a, b ) there is a c . There are pq...
View Full Document
This document was uploaded on 02/27/2012.
- Spring '09