Algorithm for finding an equidistributed solution to a linear congruence system

Question

I face the following problem in a cryptographical application: I have given a set of linear congruences

a[1]*x[1]+a[2]*x[2]+a[3]*x[3] == d[1] (mod p)
b[1]*x[1]+b[2]*x[2]+b[3]*x[3] == d[2] (mod p)
c[1]*x[1]+c[2]*x[2]+c[3]*x[3] == d[3] (mod p)

Here, x is unknown an a,b,c,d are given

The system is most likely underdetermined, so I have a large solution space. I need an algorithm that finds an equidistributed solution (that means equidistributed in the solution space) to that problem using a pseudo-random number generator (or fails).

Most standard algorithms for linear equation systems that I know from my linear algebra courses are not directly applicable to congruences as far as I can see...

My current, "safe" algorithm works as follows: Find all variable that appear in only one equation, and assign a random value. Now if in each row, only one variable is unassigned, assign the value according to the congruence. Otherwise fail.

Can anyone give me a clue how to solve this problem in general?

Answer 1

You can use gaussian elimination and similar algorithms just like you learned in your linear algebra courses, but all arithmetic is performed mod p (p is a prime). The one important difference is in the definition of "division": to compute a / b you instead compute a * (1/b) (in words, "a times b inverse"). Consider the following changes to the math operations normally used

• addition: a+b becomes a+b mod p
• subtraction: a-b becomes a-b mod p
• multiplication: a*b becomes a*b mod p
• division: a/b becomes: if p divides b, then "error: divide by zero", else a * (1/b) mod p

To compute the inverse of b mod p you can use the extended euclidean algorithm or alternatively compute b**(p-2) mod p.

Rather than trying to roll this yourself, look for an existing library or package. I think maybe Sage can do this, and certainly Mathematica, and Maple, and similar commercial math tools can.