Exercise 2.4.21* (Modular product)

Question

Let $X$ be a large positive integer. Suppose that $m\leq X/2$, and that $0\leq a < m,\ 0 \leq b < m$. Explain why the number $c$ determined by the following algorithm satisfies $0 \leq c < m$, and $c \equiv ab \pmod m$. Verify that in executing the algorithm, all numbers encountered lie in the interval $[0,X)$.
\begin{enumerate}
\item Set $k = b, c = 0, g = [X/m]$.
\item As long as $a>0$, perform the following operations:
    \begin{enumerate}
    \item[(a)] Set $r = a - g[a/g]$.
    \item[(b)] Choose $s$ so that $s \equiv kr \pmod m$ and $0 \leq s < m$.
    \item[(c)] Replace $c$ by $c + s$.
    \item[(d)] If $c\geq m$, replace $c$ by $c-m$.
    \item[(e)] Replace $k$ by $gk - m [gk/m]$.
    \item[(f)] Replace $a$ by $(a-r)/g$.
    \end{enumerate}
\end{enumerate}

Richard Ganaye · Accepted Answer

ewcommand{\Z}{\mathbb{Z}} ewcommand{\N}{\mathbb{N}} ewcommand{\R}{\mathbb{R}} Notations: \begin{itemize} \item $n = \lfloor x floor\ (x \in \R)$ if $n\in \Z$ and $n \leq x < n+1$. \item $r = a\ \%\ b$ if $a = bq + r,\ 0 \leq r < b$ for some $q \in \Z$ ($r$ is the remainder of the Euclidean division of $a$ by $b$). Then $q = \lfloor a/b floor$. \item $a \leftarrow b$: Replace $a$ by $b$ (in the algorithm). \end{itemize} \begin{proof} We reformulate the algorithm: \begin{enumerate} \item Set $k \leftarrow b, c \leftarrow 0, g \leftarrow \lfloor X/m floor$. \item While $a>0$, \begin{enumerate} \item[(a)] $r = a \ \% \ g$. \item[(b)] $s = (k r)\ \%\ m$. \item[(c)] $c \leftarrow c + s$. \item[(d)] If $c\geq m$, $c\leftarrow c-m$. \item[(e)] $k \leftarrow (gk) \ \%\ m $. \item[(f)] $a \leftarrow \lfloor a/g floor$. \end{enumerate} With python: \begin{verbatim} def modular_product(a, b, m, X): k, c, g = b, 0, X // m while a>0: r = a % g s = (k * r) % m c = c + s if c >= m: c = c - m k = (g * k) % m a = a // g return c \end{verbatim} \end{enumerate} Now we explain the algorithm. Note that $g = \lfloor X/m floor \geq 2$ does not change during the execution of the algorithm. We interpret $g$ as the base of the system of numeration, so that $$a = \sum_{i = 0}^{M-1} r_i g^i = r_0 + r_1 g + r_2g^2 + \cdots + r_{M-1} g^{M-1},$$ where $M$ is the numbers of digits in base $g$, and $0 \leq r_i < g$. Then \begin{align*} a b &= \left(\sum_{j = 0}^{M-1} r_j g^j ight)\cdot b\ &= \sum_{i = 0}^{M-1} r_j (g^j b)\ &\equiv \sum_{i = 0}^{M-1} r_j k_j \pmod m, \end{align*} where $k_i \equiv g^i b \pmod m, \ 0 \leq k_i < m$ (that is $k_i = (g^i b) \ \% \ m$). Define $s_i = (k_i r_i) \ \% \ m$, and $a_i = \lfloor a/g^i floor = \sum_{j=i}^{M-1} r_j g^j$ for $i = 0,1,\ldots,M-1$. Now we verify that $r_i, a_i, k_i$ are the actual values the parameters $r,a, k$ at the $i$-th passing in the loop (the first passing has index $0$), if we test these values after the step (d). The rightmost digits of $a$ is $r_0 = a\ \%\ g$, the remainder of $a$ by $g$. To obtain the following digits, we replace $a$ by $\lfloor a/g floor, \lfloor a/g^2 floor,\ldots$. This gives the well known algorithm to decompose a positive integer in the base $g$: \begin{align*} ext{while } &a>0,\ &r \leftarrow a \ \%\ g\ &a \leftarrow \lfloor a/g floor \end{align*} This corresponds to the steps (a) and (f) in the loop, so $r_i$ and $a_i$ are the actual values of $r$ and $a$ in the loop. Moreover, step (e) gives $k_i = (g^i b)\ \%\ m$. At each passing of the loop, $c_i \equiv c_{i-1} + s_i \pmod m$, so that $c_i \equiv \sum_{j=0}^i r_j k_j \pmod m$, and when $a_M = 0$, $c = c_M \equiv \sum_{j=0}^{M-1} r_j k_j \equiv ab \pmod m$. \bigskip We prove by induction that $a_i,k_i,c_i$ are in the interval $[0,m[$. $0 \leq a_0 = a< m ,\ 0 = k_0 = b < m , c_0 = 0$, so the property is true for $i=0$. Assume that $0 \leq a_{i-1} < m, 0 \leq k_{i-1} < m, 0 \leq c_{i-1} < m$. Then $s_i = ( k_ir_i) \ \% \ m < m$, so $0 \leq c_{i-1} + s_i < 2m$. Therefore, after the instruction (d), $0 \leq c_i

Exercise 2.4.21* (Modular product)

Answers

Comments

Exercise 2.4.21* (Modular product)

Answers

Comments

Add answer