 This lecture is part of an online course on the theory of numbers, and will be about the Chinese remainder theorem. So as motivation for this, suppose we look at the following problem. Let's try and solve some polynomial f of x is congruent to 0 modulo n. So for example, we might want to try and solve say x cubed is congruent to 5 modulo 60. And we can sort of solve this in three steps. First of all, it's easier if m is prime. The reason for this is that the integers modulo m form a field. So in other words, the non-zero integers modulo m have inverses, which makes life a lot easier. Secondly, the case when m is a prime power can be reduced. Well, it can quite often be reduced to the case where m is a prime. I might talk about this a bit in a later lecture. Thirdly, the Chinese remainder theorem reduces the case of any m to the case when m is a prime power. So the general technique for solving a congruence modulo sum number is we first going to use the Chinese remainder theorem to reduce the case of prime powers. Then we reduce the case of prime powers to primes using things like Hensel's lemma. And then we solve for the case when m is prime by using the fact that the integers modulo prime are particularly well behaved. So before going on, I just want to introduce some standard notation. So we generally write z modulo mz for the integers modulo m. So it would be the integers represented by 0, 1, up to m minus 1. And this is a ring, meaning you can do addition and multiplication on these and it satisfies many of the usual properties. We're also going to use the notation z over mz times to be the group of integers modulo m that are co-prime to m and we're thinking of them as being a group under multiplication. So you remember we checked that the integers co-prime to m were closed under multiplication and have inverses and so on. And it turns out to be one thing you need to use a lot is how does this group behave like? And one major application of the Chinese remainder theorem will be to try and understand the structure of this group. We'll see later. Anyway, suppose we want to solve the equation f of x is cognitive 0 modulo mn. Well, suppose we found a solution. Then we can certainly solve the equation f of x is cognitive 0 modulo m because we can just use the same value of x. And we can also solve the equation f of x is cognitive 0 modulo n. And the question is can we go back the other way? So suppose we can solve this equation for some x and this equation for some possibly different x. Can we then solve this equation? Let's put a question mark. And the answer is no, we can't generally go back. And it's very easy to see cases when you can't. We can just take m equals n equals 2 say and then we can solve x squared is cognitive 3 modulo 2. And we can solve x squared is cognitive 3 modulo 2. And it looks exactly like this equation. In fact, it is exactly this equation. Since m is equal to n, we can take the same equation. But if we try and solve x squared is cognitive 3 modulo 2 times 2, we're stuck. This equation has no solutions. So we can't always go back the other way. However, we can if m and n are co-prime. So you see the problem in this case is that 2 and 2 are not co-prime. And there are two ways of doing this or seeing this. So there's first of all a sort of abstract method and then there's a sort of computational method. So I'll first do the abstract method, which what we do is we look at z modulo mnz and we map it to z modulo mz times z modulo nz. So this is a product of two sets and we're just mapping an integer a modulo mn and we're mapping it to a modulo m and a modulo n. And we notice that if mn is equal to 1, this is injective. Meaning there's most one element here mapping to any element there. For example, suppose a maps to the element 00. Then this means that a is cognitive 0 modulo m and it's also cognitive 0 modulo n. So a is cognitive 0 modulo mn and here we use the fact that mn are co-prime. So it's injective. On the other hand, if you look at the size of these sets, this set of size mn and this set of size m and this set of size n. So this set here size m times n, which is just mn of course. So we have an injective map between sets of the same size so it is a bijection. If you want to write this in terms of ring theory, we actually get an isomorphism of rings between this ring here and the product of these two rings here. I'm not emphasizing abstract algebra too much, but you could probably figure out what the product of two rings is and check that this is an isomorphism. Well, there's a bit of a problem with this because suppose you've got an element of z modulo m and an element of z modulo n, how do you find the corresponding element of z modulo mn? Well, there's a stupid algorithm to do this. You could just check every element of this ring here until you find one that works. But if mn save 100 digits, this is going to be ridiculously slow. Fortunately, there's a much faster algorithm. So what I'm going to do now is to show that z modulo mz... Sorry, mz maps to z over mz times z modulo mz is surjective. And I'm going to prove this in a way that actually gives you a fast algorithm. I mean, we've shown it's surjective by this rather abstract thing. So what we want to do is to solve x is congruent to a modulo m, and x is congruent to b modulo n. So we might choose an element a here and an element b there, and we want to find an element x here which maps to a b. Well, let's think what this means. This means x is equal to a plus my. It's actually equal. And this also has to be equal to b plus nz. And now, if you look at this bit here, we can see this is just a linear di-fantine equation, and mn are one, mn are co-prime. So we can solve fast using Euclid's algorithm. So this proof that it's surjective looks a bit more complicated than the previous proof we gave because you've got to use Euclid's algorithm. But on the other hand, it gives us a fast algorithm. And now this is useful because if we want to solve f of a is congruent to 0 mod mn, we might solve f of a is congruent to 0 mod m, and f of b is congruent to 0 mod n. And then if we find an x satisfying these conditions here, then we will get f of x is congruent to 0 mod mn. So by using this isomorphism, we can reduce solving an equation mod mod mn to solving an equation mod mod m and mod mod n. Again, as usual, m and n have to be co-prime. So let's write out an example of this explicitly just to see what's going on and then do a few examples of this. Let's take m equals 3 and n equals 5. So we're looking at z modulo 15z, and let's just write out its elements. 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14. And we can look at z modulo 3z, 0, 1, 2, 0, 1, 2, 0, 1, 2, 0, 1, 2, 0, 1, 2, 0, 1, 2, and z modulo 5z. So we get 0, 1, 2, 3, 4, 0, 1, 2, 3, 4, 0, 1, 2, 3, 4. So you see that for every pair of elements here, so if we take the element 0 here and 1 here, there's a unique column containing that pair. So x equals 0 mod 3 and 1 mod 5. We look at the solution. It would be x is 6 mod 15. So let's solve, say, x squared is equivalent to x mod 15. So what we do is we break this into two problems. We solve x squared is equivalent to x mod 3, and x squared is equivalent to x mod 5. And then we see that x has to be congruent to 0 or 1 mod 3 and x is congruent to 0 or 1 mod 5. However, the 0 or 1 here doesn't have to be the same as the 0 or 1 there. All this says is that x must be 0 or 1 mod 3 and it must also be 0 or 1 mod 5. And if we look in this column, we see that there are four solutions to that. They're the two obvious solutions, but there are two slightly less obvious solutions. So there we find the columns where we get 0 or 1 in this row and 0 or 1 in this row. And so we see that gives us x is congruent to 0, 1, 6 or 10 mod 15. Notice, by the way, that here we've got a quadratic equation which has four roots. So if you're used to equations of degree 2 having only two roots, that actually fails if you're working modulo sum numbers. We'll discuss that in more detail a bit later. So another similar example. Let's have the following recreational mathematics problem. Find a 10-digit number, number x, so that x squared has the same last 10 digits. Here we're working to base 10. And, you know, this problem depends on working in base 10. And most problems that depend on working in base 10 are kind of a bit silly. You know, you get these problems like find a number that's the sum of the cubes of its digits or something. And most of these problems are of no mathematical interest whatsoever, because as soon as you change base, the problem becomes completely different. But this one, it actually leads to some slightly interesting mathematics. So instead of making the last 10 digits the same, let's just try and make the last digit the same. Well, here we can get 6 squared equals 36. The last digit's the same, 5 squared equals 25. Well, we can cheat, of course. We could take x to be 0 or 1, so let's just say x is not equal to 0 or 1. And then 76 squared is 5776. Last two digits the same. 25 squared is 625. Last two digits the same. And we can go on like this. And we find, for example, at 1787109376. Squared is something or other. 1787109376. And similarly, if we take 8212890625 squared, this has the same last digits that I'm not going to bother writing out. So the problem is, how do we find these numbers? Obviously trial and error is going to be a... Well, these days computers can do billions of operations a second. So trial and error is probably the fastest way to do it, but never mind. Anyway, if we do x squared is congruent to x. What we want to do is to solve x squared is congruent to x modulo 10 to the 10. That just says x squared and x have the same last 10 digits. Now we notice the Chinese remainder theorem applies to this. This is the same as solving x squared is congruent to x modulo 2 to the 10. And x squared is congruent to x modulo 5 to the 10. So we've reduced it to two equations, each modulo of prime power. And each of these, we can think of some solution. So x is congruent to 0 or 1 modulo 2 to the 10. And this has solutions, x is congruent to 0 or 1 modulo 5 to the 10. And now we could take x 0 in both of these, and that would give us the uninteresting solution 0. And we could take 1, and that would give us the uninteresting solution 1. However, we can sort of take cross terms. So I can take x congruent to 0 mod 5 to the 10 and 1 mod 2 to the 10. And that gives us this solution, which we can work out using Euclid's algorithm if we want. And actually that's another way that I'll mention in a moment. Alternatively, we can take these cross terms, we take x congruent to 0 mod 2 to the 10 and 1 mod 5 to the 10. And that gives us this solution here. Incidentally, if you add these up, you'll suddenly notice that you get something which ends in a lot of 0s followed by 1. And that follows because if you add these up, it would be something that's 1 modulo 10 to the 10. Anyway, I mentioned there was actually a different way of finding these solutions. What you can do is you can take 5, and then you can square it, and then you can square it again. And each time you square 5, you'll get an extra digit of this solution. So we can just carry on like this. And I'm going to leave it as a little exercise. Why does this work? And if you figure out why that works, I'll now have another exercise. Why does it fail if you start at 6 rather than 5? So if we start at 6, we start at 6 squared is 36, and that's not giving us something ending in 76. So you can try and figure out what the difference between 5 and 6 is, which makes this thing work for just one of them. So next example is going to be a historical example, which is sort of why this thing is called the Chinese remainder theorem. So this is a problem due to a Chinese mathematician, and I can't write Chinese, and his name is sometimes spelt as this. I'm not going to dare pronounce it because I've no idea what the tones are. And if I try and pronounce it, I'll probably say a bad word in Chinese and everybody who knows Chinese will start laughing at me. So anyway, he worked in about the third century and he had the following problem. Suppose we have a number of things. If we count by 3, there are 2 left over. And if we count by 5, there are 3 left over. And if we count by 7, there are 2 left over. And the problem is to find out how many things there are. Well obviously this is just solving the equation x is congruent to 2, modulo 3, x is congruent to 3, modulo 5, and x is congruent to modulo 7. So here instead of having 2 equations with coprime numbers, we have 3 equations. So what do we do? Well, obviously we first solve these 2 equations. Here 3 and 5 are coprime. And if we solve these, you could use Euclid's algorithm, but frankly for numbers as small as this, it's quickest just 2. Just a guess and you find this implies that x is congruent to 8, modulo 15. So next, we solve x congruent to 8, modulo 15, and x is congruent to 2, modulo 7. And again, we could use Euclid's algorithm, but we could just cheat and guess and you find that x is now congruent to 23, modulo 7 times 15, which is 105. So the general solution of this is the number of things is 23, modulo 105. Now earlier I showed that there was this identity for Euler's phi function, which says that phi of mn is equal to phi of m times phi of n, whenever m and n are coprime. And you can sort of prove this using the Chinese remainder theorem as follows. So here we're just counting the numbers with amn equals 1, and here we're counting the number of things with am, a coprime to m, and here we want a coprime to n. And if we think of mapping z modulo mnz, we think of the isomorphism between these. We see that a is coprime to mn, if and only if it's coprime to m, and also coprime to n. So what we have to do is we can get any a coprime to mn by choosing something coprime to m. So there are phi m ways of making it coprime, and there are phi n ways of making a n equals 1, and there are phi mn ways of making a coprime to mn. And as all these solutions just correspond to any pairs of these two solutions, this shows that phi mn is equal to 5m times phi of n. Next, I mentioned that Euler's theorem says that a to the phi of m is equal to 1 modulo m whenever am equals 1. And I mentioned earlier that this was not actually a very good theorem, and what I'm going to do now is to try and improve it. So let's find some number n with a to the n is congruent to 1 modulo m for all a coprime to m. And we can certainly take n equal phi of m, and we ask are there smaller values of n greater than 0, of course. Well, suppose m can be written as a product of prime, so it's p1 to the k1 times p2 to the k2 and so on. Then we want to solve a to the n is congruent to 1 modulo p1 to the k1, a to the n is congruent to 1 modulo p2 to the k2 and so on. And let's think about this. Well, we can solve this provided phi of p1 to the k1 divides n. And we can solve this provided phi of p2 to the k2, oops, sorry, that's a p, divides n. So we want pI to the kI minus 1 times pI minus 1 divides n. So this is, of course, phi of pI to the kI. And Euler, we just take phi of m, which is the product of these. If we don't have to take the product, we could take the least common multiple and this would also do, and it will in general be smaller than the product. Well, we can do even better than this because if we look at the prime 2, we know that a squared is congruent to 1 modulo 2 cubed, but Euler just says that a to the 4 is congruent to 1 modulo 2 cubed. And since a squared is congruent to 1 modulo 2 cubed, this easily implies a to the 4 is congruent to 1 modulo 2 to the 4, which implies a to the 8 is congruent to 1 modulo 2 to the 5 and so on. And you can see this just by repeatedly squaring. For instance, if a to the 4 is equal to 1 plus 2 to the 4 times something, then a to the 8 is going to be 1 plus 2 times 2 to the 4 times something, plus 2 to the 8 times something squared, which is the form 1 plus 2 to the 5 times something. So in fact, we can squeeze out an extra factor of 2. And we find that a to the 2 to the k minus 2 is congruent to 1 modulo 2 to the k whenever k is greater than 3. And Euler only gives 2 to the k minus 1 instead of 2 to the k minus 2. So we can squeeze out an extra factor when the prime is 2. So let's see an example of this. Let's find a number n such that a to the n is congruent to 1 modulo, say 27 million. And we first factor this into primes. So this is equal to 2 to the 6 times 3 cubed times 5 to the 6. And now we work out phi of all these numbers. So phi we get 2 to the 5 here. And here we get 3 squared times 2. And here we get 5 to the 5 times 4. And now we notice that Euler says you can take n to be 2 to the 5 times 3 squared times 2 times 5 to the 5 times 4, which is phi of this number here. But instead we can take the least common multiple of these numbers. So we're trying to take the least common multiple of 2 to the 5, 3 squared times 2 and 5 to the 5, which gives us 2 to the 5 times 3 squared times 5 to the 5. But we can do any even better. We can get an extra factor of 2 because instead of taking 2 to the 5, we can instead use 2 to the 4. And then of course we've still got the 3 squared times 5 to the 5. So we can take n to be this number here, which is considerably smaller than the number that Euler gives. Now we have the problem. Is the number n we get like this the best possible? In fact, we can ask this for primes. Let's just take m equals p to be prime. Then we know that a to the p minus 1 is congruent to 1 modulo p. And we ask, can we improve this? So we can ask, is this best possible? We can ask more generally, is there a fixed number a so that a to the k is not congruent to 1 modulo p for 1 less than or equal to k is less than p minus 1? If we can find a number like this, it would be called a primitive root. And primitive roots exist, but it's actually a bit tricky to prove they exist. In fact, Euler never quite managed to do this properly. So next lecture we'll be talking about primitive roots.