10/21/24, 10:14 PM Number Theory - The Chinese Remainder Theorem

◀ Division Contents Polynomial Roots ▶

The Chinese Remainder Theorem

Suppose we wish to solve

x = 2 (mod 5)

x = 3 (mod 7)

for x. If we have a solution y, then y + 35 is also a solution. So we only need to look

for solutions modulo 35. By brute force, we find the only solution is
x = 17 (mod 35).

For any system of equations like this, the Chinese Remainder Theorem tells us there
is always a unique solution up to a certain modulus, and describes how to find the
solution efficiently.

Theorem: Let p, q be coprime. Then the system of equations

x = a (mod p)

x = b (mod q)

has a unique solution for x modulo pq.

The reverse direction is trivial: given x ∈ Z pq , we can reduce x modulo p and x

modulo q to obtain two equations of the above form.

Proof: Let p 1 = p and q 1 = q −1 (mod p). These must exist since p, q

−1
(mod q)

are coprime. Then we claim that if y is an integer such that

y = aqq 1 + bpp 1 (mod pq)

then y satisfies both equations:

Modulo p, we have y = aqq 1 = a (mod p) since qq 1 = 1 (mod p) . Similarly

y = b (mod q). Thus y is a solution for x.

It remains to show no other solutions exist modulo pq. If z = a (mod p) then z − y

is a multiple of p. If z = b (mod q) as well, then z − y is also a multiple of q. Since p
and q are coprime, this implies z − y is a multiple of pq, hence z = y (mod pq). ∎

This theorem implies we can represent an element of Z pq by one element of Z p and

one element of Z q , and vice versa. In other words, we have a bijection between Z pq
and Z p × Z q .

Examples: We can write 17 ∈ Z as (2, 3) ∈ Z 35 5 × Z7 . We can write 1 ∈ Z pq as

(1, 1) ∈ Z p × Z q .
https://crypto.stanford.edu/pbc/notes/numbertheory/crt.html 1/3
10/21/24, 10:14 PM Number Theory - The Chinese Remainder Theorem

In fact, this correspondence goes further than a simple relabelling. Suppose

x, y ∈ Z pq correspond to (a, b), (c, d) ∈ Z p × Z q respectively. Then a little thought

shows x + y corresponds to (a + c, b + d), and similarly xy corresponds to (ac, bd).

A practical application: if we have many computations to perform on x ∈ Z pq (e.g.

RSA signing and decryption), we can convert x to (a, b) ∈ Z p × Z q and do all the
computations on a and b instead before converting back. This is often cheaper
because for many algorithms, doubling the size of the input more than doubles the
running time.

Example: To compute 17 × 17 , we can compute (2 × 2, 3 × 3) = (4, 2) in

(mod 35)

Z 5 × Z 7 , and then apply the Chinese Remainder Theorem to find that (4, 2) is

9 (mod 35).

Let us restate the Chinese Remainder Theorem in the form it is usually presented.
For Several Equations
Theorem: Let m 1, be pairwise coprime (that is gcd(m i , m j )
. . . , mn = 1 whenever
i ≠ j). Then the system of n equations

x = a1 (mod m 1 )

...

x = an (mod m n )

has a unique solution for x modulo M where M = m1 . . . mn .

Proof: This is an easy induction from the previous form of the theorem, or we can
write down the solution directly.

Define b i = M /m i (the product of all the moduli except for m i ) and

m i ). Then by a similar argument to before,
′ −1
b = b (mod
i i

n
′
x = ∑ ai bi bi (mod M )

i=1

is the unique solution.∎

Prime Powers First

An important consequence of the theorem is that when studying modular arithmetic
in general, we can first study modular arithmetic a prime power and then appeal to
the Chinese Remainder Theorem to generalize any results. For any integer n, we
factorize n into primes n = p 1 . . . p km and then use the Chinese Remainder Theorem
k 1 m

to get

Zn = Z k
1 ×. . . ×Z km
p pm
1

https://crypto.stanford.edu/pbc/notes/numbertheory/crt.html 2/3
10/21/24, 10:14 PM Number Theory - The Chinese Remainder Theorem

To prove statements in Z p , one starts from Z p , and inductively works up to Z p . Thus

k k

the most important case to study is Z p .

◀ Division Contents Polynomial Roots ▶

Contents
Number Theory
Modular Arithmetic
Euclid’s Algorithm
Division
Chinese Remainder
Polynomial Roots
Units & Totients
Exponentiation
Order of a Unit
Miller-Rabin Test
Generators
Cyclic Groups
Quadratic Residues
Gauss' Lemma
Quadratic Recip.
Carmichael
Multiplicative
Möbius Inversion
Generators II
Cyclotomic
Heptadecagon
Eisenstein
Gaussian Periods
Roots of Unity
Quadratic Forms

Notes
Ben Lynn
[back to top]

Ben Lynn blynn@cs.stanford.edu 💡

https://crypto.stanford.edu/pbc/notes/numbertheory/crt.html 3/3