Solving Systems of Linear Congruen

es
 y
Andreas Dolzmann and Thomas Sturm

FMI, University of Passau, Germany

MIP-0101

February 2, 2001

Abstra t
Based on an extended quantier elimination pro edure for dis-
retely valued elds, we devise algorithms for solving multivariate sys-
tems of linear ongruen es over the integers. This in ludes determin-
ing integer solutions for sets of moduli whi h are all power of a xed
prime, uniform p-adi integer solutions for parametri prime power
moduli, lifting strategies for these uniform p-adi solutions for given
primes, and simultaneous lifting strategies for nite sets of primes.
The method is nally extended to arbitrary moduli.

 dolzmannuni-passau.de, http://www.fmi.uni-passau.de/~dolzmann/
y sturmuni-passau.de, http://www.fmi.uni-passau.de/~sturm/
1 Introdu tion
We devise methods for testing multivariate systems of linear ongruen es for
feasibility. In the positive ase we obtain at least one sample solution for
the system. Our methods allow to pres ribe for ea h onstraint a parti ular
modulus in ontrast to having only one modulus for the entire system:
a11 x1 +


+ a1 x n n  b mod
1 1
...
a 1 x1 +


+ a
m mn x n bm mod  ;
m

where a 2 . In the easiest ase,  , . . . ,  are various powers of a xed

ij Z 1 m

prime number p:
 = p ; :::;  = p :
1
k1
m
km

We then extended our approa h to a parametri p, whi h stands for an arbi-

trary prime. Finally, we an apply the methods derived for su h a parametri
p to the general situation where

1 ; :::;  m 2 f2; 3; 4; : : :g:

This is an important multivariate generalization of the problem solved
by one of the key algorithms in omputer algebra: The Chinese Remainder
Theorem, whi h states the feasibility and gives a solution pro edure for the
spe ial ase where the  , . . . ,  are pairwise relatively prime, and there is
1 m

only one variable with oeÆ ient 1, i.e.,

n = 1; a11 =


= a = 1: m1

See Theorem 12 for details.

Our method will redu e the problem of solving su h systems to one or
several extended quantier elimination problems over the rational numbers
with p-adi valuations. The obtained p-adi integer sample solutions are then
lifted to the integers. Similar extended quantier elimination pro edures have
been su essfully applied for onstraint solving over the reals [DSW98, Stu99℄.
The omplexity of our methods is dominated by the omplexity of the
extended quantier elimination pro edure. This is single exponential in the
number of variables but only polynomial in the number of ongruen es.
The plan of the paper is as follows: In Se tion 2 we re all some basi fa ts
about p-adi ally valued elds, in whi h we ompute our solutions before lift-
ing them to the integers. In Se tion 3 we des ribe the onne tion between
p-adi solving and integer solving. In Se tion 4 we give an overview on our

2
method for the p-adi solving step whi h is extended quantier elimination.
Quantier elimination pro edures operate on rst-order formulas. Se tion 5
explains how to obtain a suitable input formula for a system of linear ongru-
en es. One ru ial advantage of quantier elimination pro edures for solving
is that they an pro ess parametri input in a very natural way. Se tion 6
exhibits how to exploit this for linear ongruen e systems with parametri
moduli. We an then obtain p-adi , i.e. unlifted, solutions that are, up to a
nite ase distin tion, uniformly orre t for all possible hoi es of primes. We
also demonstrate the theoreti al limits for su h uniform solving. In Se tion 7,
we explain how and to what extent also the lifting step from our uniform p-
adi solutions to integer solutions an be performed uniformly. The methods
developed here for the simultaneous lifting for nite sets of primes allow us
to nally extend our method to ongruen e systems to arbitrary, i.e. not ne -
essarily prime, moduli. This is des ribed in Se tion 8. The on lusions in
Se tion 9 summarize and evaluate our results.
All methods and algorithms dis ussed here are eÆ iently implemented
within the widespread omputer algebra system redu e, based on the pa k-
age redlog [DS97b℄ by the authors. All our omputations have been per-
formed using 32 MB Lisp heap on an 800 MHz Athlon p running Linux.

2 P-adi Valuations
For a given prime p, the p-adi valuation on the rational numbers is a map
vp : ! [ f1g, where
Q Z

v (0) = 1
p

v (r=s) = maxf n 2 : p j r g maxf n 2 : p j s g:

p N
n
N
n

Su h valuations have the following properties: v(a) = 1 if and only if a = 0,

and
v (ab) = v (a) + v (b); v (a + b)  minfv (a); v (b)g:
It follows that v(a + b) = minfv(a); v(b)g if v(a) 6= v(b). This fa t is referred
to as the ultra-metri triangle equality. Note that for z 2 we have v (p ) =
Z p
z

z , i.e., v is onto. Due to a famous theorem by Ostrowski [Ost18℄ the p-adi

p

valuations are essentially the only maps with these properties.

The elements of non-negative value form a ring, the valuation ring
Zp = f r=s 2 : g d(r; s) = 1 and p s g:
Q -

The elements of are alled the p-adi integers. In the elements of

Zp Zp

positive value form a maximal ideal, the valuation ideal p , whi h is the
Zp

3
only maximal ideal in Zp . The elements Zp n p form the multipli ative
Zp

group of units of : Zp

pZ p = f r=s 2 : g d(r; s) = 1 and p j r g

Q

Zp n pZ p = f r=s 2 : g d(r; s) = 1, p r and p

Q - - s g:

From the maximality of p it follows that =p is a eld, the residue

Zp Zp Zp

lass eld wrt. v . Up to isomorphism, this residue lass eld is parti ularly
p

simple:
Zp=p = ( + p )=p ' =( \ p ) = =p :
Zp Z Zp Zp Z Z Zp Z Z

All ideals in the ring of p-adi integers are of the form

Zp

pk
Zp = f x 2 : v (x)  k g
Zp p

= f r=s 2 : g d(r; s) = 1, p j r g
Q
k
(k 2 ): N

A valuation an be essentially re overed from its valuation ring. To avoid

a two-sorted language, we may thus drop the information about the on rete
values by using the language of rings together with abstra t divisibilities.
These divisibilities express ordering relations in the value group by relating Z

rational numbers:
xjy : ! v(x)  v(y)
xy : ! v(x) = v(y)
x 6 y : ! v(x) 6= v(y):
We furthermore add a onstant  of value 1 to our language, whi h is in-
terpreted as the p of our p-adi valuation. Note that our language does not
in lude re ipro als. For onvenien e, we allow ourselves to identify terms
with polynomials in [x; ℄ where x = (x ; : : : ; x ) are the ontained vari-
Z 1 n

ables, and  is the onstant of our language.

3 Solving Congruen es
In the previous se tion we have introdu ed the valuation rings wrt. p- Zp

adi valuations on the rational numbers. We have demonstrated that these

rings have a parti ularly ni e algebrai stru ture, whi h suggests that they
admit sophisti ated algebrai methods for solving. We are going to fo us on
su h methods in the following se tion, after here making lear the onne tion
between solving over on one hand, and solving over the integers, whi h
Zp

we are a tually interested in, on the other hand.

4
 The following lemma shows that p-adi solutions an easily be lifted to
integer solutions, while integer solution are themselves already p-adi solu-
tions.
Lemma 1 Let f , . . . , f 2 [x ; : : : ; x ℄ be polynomials that are linear in
1 Z 1
x1 , . . . , x . Let p be prime, and let k1 , . . . , k 2 N . Consider the following
m n

n m

systems S and S 0 of ongruen es over Z and Z , respe tively: p

S = ff (x)  0 mod p
j
kj
Z : 1  j  mg
S0 = ff (x)  0 mod p
j
kj
Zp : 1  j  m g:
Then S has a solution a 2 Z i S 0 has a solution a0 2 Z . More pre isely,
n n

every solution a 2 Z for S is already a solution for S 0 , and every solution

p
n

a0 2 Z for S 0 an be easily lifted to a solution a0 for S in Z .

n
p
n

Proof To begin with, observe that Z is a subring of Z , and that for our p, p

k1 , . . . , k , the orresponding ideals p are exa tly the restri tions of the
m
kj
Z

ideals p ; more pre isely

kj
Zp

p =p \ p kj
Z (1  j  m):
kj
Zp Z
kj
Zp

Let now a be a solution for S over . Then f (a)  0 mod p orre- Z

kj
Z

sponding to f (a) 2 p implies f (a) 2 p , whi h in turn orresponds

j
kj kj
Z Zp

to f (a)  0 mod p .
j j
kj
Zp

Let vi e versa a0 = (r =s ; : : : ; r =s ) 2 be a solution for S 0. Let

j
n
1 1 Zp

k = maxfk ; : : : ; k g. We restri t our attention to r =s . This is a p-adi

n n

1 m 1 1
integer, and thus s is relatively prime to p. We ompute using the extended
1
Eu lidean algorithm a multipli ative inverse s of s in =p : 1 Z
k

1 = g d(s ; p ) = s s + xp ; 1
k
1 1
k

i.e., s s  1 mod p over , and ertainly s s  1 mod p over .

1 1
k
Z Z 1 1
k
Zp Zp

Moreover, the orresponding ongruen es obviously hold for all k , . . . , k . 1 m

This means that r s s =s = r s onstitutes an integer solution for x that

1 1 1 1 1 1 1
is ongruent to r =s wrt. all the p , . . . , p . We set a0 = r s and
1 1
k1
Zp
km
Zp 1 1 1
applying our method to the other oordinates, we obtain a omplete integer
solution a0 for S 0 over . A ording to our initial observations, this a0 is
Zp

obviously a solution for S over . Z

Although we use to speak of integer solutions, it is also quite natural to

onsider these solutions as elements in ( =p ) , where k is the highest power Z
k n

of p in S . Viewed in this way, the solutions obtained by the lifting pro edure
in the proof of Lemma 1 will in general not be the anoni al representatives,
i.e., we have to expe t to obtain integers x = a0  p . We an however easily i
k

derive from any su h solution another solution, whi h is well-behaved.

i

5
Lemma 2 Let S be a system of linear ongruen e as in Lemma 1, and let
a 2 Z be an integer solution for S . Let k = maxfk1 ; : : : ; k g. Then all
n
m

elements of a + (p Z) are integer solutions of S . In parti ular there is one

k n

solution = ( 1 ; : : : ; ) 2 a + (p Z) with 0  < p for i 2 f1; : : : ; ng.

n
k n
i
k

Proof Our a = (a1 ; : : : ; a ) solves S if and only if it solves for j 2 f1; : : : ; mg

the equation f = 0 over Z=p Z. Let b 2 (p Z) . Then b = 0 in (Z=p Z) ,
n
kj k n kj n
j

and thus a + b = a is a solution of f = 0 over Z=p Z. A ordingly, for kj

i2 f1; : : : ; ng we an obtain by division with positive remainder of a by

j

i i

p .
k

It is not hard to see that a + (p ) in Lemma 2 does not des ribe the
k
Z
n

omplete solution spa e of S . As an example onsider the system

5x + 7x + 1  0 mod 11:
1 2

Here (5; 1) is a solution, but so is also ( 3; 2) 2= (5; 1) + (11 ) . Z

2

4 Extended Quantier Elimination

For solving our linear onstraints, we use an ee tive linear quantier elim-
ination pro edure based on virtual substitution of test points. Based on
ideas of Ferrante and Ra ko [FR79℄ for de ision problems, virtual substi-
tution methods for quantier elimination date ba k to a theoreti al paper
by Weispfenning [Wei88℄. Corresponding methods over the reals have been
su essfully used for solving problems from numerous areas in s ien e and
engineering [DSW98℄.
For eliminating the quantiers from an input formula
'(u1 ; : : : ; u m )Q x 1 1 :::Q x n n (u ; : : : ; u
1 m ; x1 ; : : : ; x n )
where Q 2 f9; 8g, the elimination starts with the innermost quantier re-
i

garding the other quantied variables within as extra parameters. Univer-

sal quantiers are handled by means of the equivalen e 8x ! :9x: .
We may thus restri t our attention to a formula of the form
' (u1 ; : : : ; u k )  9x  (u ; : : : ; u ; x);
1 k

where the u , . . . , u are a tually x quantied from further outside. The

m+1 k i

idea is now to nd a nite elimination set E of terms in u , . . . , u su h that 1 k

_
9x  (u ; : : : ; u ; x) 
1 k

[x=t℄(u ; : : : ; u ):
1 k

t2E

6
That is, the above disjun tion is a quantier-free equivalent for '. Note that
it is not ne essary to perform any transformation on the boolean stru ture of

. The elimination method is single exponential in the number of quantied
variables, and double exponential in the number of quantier blo ks. It has
turned out suitable for parallelization [DGS98℄.
By keeping tra k of the terms t substituted during
W
the elimination pro ess,
we obtain instead of a quantier-free equivalent 
[x=t ℄ a guarded ex-
k
i=1 i

pression [DS97a℄ 2 3

[x=t ℄ x = t
... ... 75
1 1
6
4

[x=t ℄ x = tk k

in luding satisfying sample points. This pro ess of extended quantier elim-
ination an also be repeated for several existential quantiers. The result
then is a set of onditions ea h asso iated with an answer for ea h elimi-
nated variable obtained by ba k-substitution.
The onstru tion of elimination sets for linear formulas in valued elds has
been des ribed by the se ond author [Stu00℄. Before, Weispfenning had given
elimination sets for spe ial ases of valued elds in luding the ase of p-adi
valuations [Wei88℄. Ne essary simpli ation strategies and implementation
issues have been dis ussed in [DS99℄.
The existen e of a quantier elimination pro edure for the general ase
in luding non-linear formulas has been shown independently by Ax and
Ko hen [AK66℄ and Ershov [Ers65℄. The rst expli it pro edure has been
given by Cohen [Coh69℄. Considerable progress has been made by Ma in-
tyre [Ma 76℄ turning to a more reasonable language in luding root predi ates
in analogy to the reals. This has been made expli it by Weispfenning [Wei84℄.

5 Solving by Extended Quantier Elimina-

tion
We onsider for f , . . . , f 2 [x ; : : : ; x ℄ linear, p prime, and k , . . . , k 2
1 m Z 1 n 1 m

N, a system of ongruen es
S = ff (x)  0 mod p
1
k1
Z ; :::; f m (x)  0 mod p km
Z g:
A ording to Lemma 1 it suÆ es to solve instead the orresponding system
S = ff (x)  0 mod p
1
k1
Zp ; :::; f m (x)  0 mod p
km
Zp g:
7
over . The solvability of this new system S 0 an be expressed by a rst
Zp

order formula as follows:

^
n
^
m 
(S )  9x


9x
0
1 n 1jx ^i p
kj
j f (x ; : : : ; x )
j 1 n :
i=1 j =1

Here, the rst onjun tion restri ts the x to be in the valuation ring .
i Zp

Extended quantier elimination applied to this formula will de ide feasibility

and, in the positive ase, yield one sample solution. Our notion of solving
thus resembles the standard notion used in onstraint solving. Re all from
Lemma 2 that in our situation su h a sample solution even des ribes an
innite subset of the solution spa e.
Algorithm 3 (Solving Integer Congruen es)
Input: A system
S = f f (x)  0 mod p
j
kj
Z : 1  j  m g:
of ongruen es over with f , . . . , f 2 [x ; : : : ; x ℄ linear, p prime, and
Z 1 Z 1
k , ..., k 2 .
m n

1 m N

Output: \infeasible," or a sample solution = ( ; : : : ; ) over for S with 1 Z

0 <p f for i 2 f1; : : : ; ng.

n
max g
k1 ;:::;km
i

1. Change from S to S 0 a ording to Lemma 1

2. Generate from S 0 the rst-order formula (S 0) as des ribed above
3. Apply extended quantier elimination to (S 0 )
4. (a) if the elimination result is false then return \infeasible"
(b) else lift the solution a0 2 to a solution a 2 a ording to
Zp
n
Z
n

Lemma 1
5. Apply Lemma 2 to derive from a a solution
= ( 1 ; : : : ; ); n

where 0  i < pmaxf k1 ;:::;km g

for i 2 f1; : : : ; ng.
Proof The orre tness follows from Lemma 1, Lemma 2, the denition
of extended quantier elimination, and the orresponden e between S 0 and
(S 0) dis ussed above.
8
 In our algorithm, the quantier elimination step (3) onstitutes due to
the parti ular form of (S 0) an extreme spe ial ase of p-adi quantier
elimination. From the elimination point of view, the ru ial synta ti feature
of (S 0) is that all the x o ur only on the right hand sides of the abstra t
i

divisibilities. That is, we only impose lower bounds on the values of these x i

but no upper bounds.

Restating the elimination pro edure given in [Stu00℄ for this spe ial ase
in our ongruen e framework, the p-adi solutions will be determined as
follows.
Denition 4 For a ongruen e = f (x)  0 mod I we denote by (=) the
orresponding equation f (x) = 0. This naturally extends to the notion of a
system S (=)
of equations orresponding to a system S of ongruen es.
Algorithm 5 (De iding p-adi Congruen es)
Input: A system
= f f (x)  0 mod p : 1  j  m g
S0 j
kj
Zp

of ongruen es over with f , . . . , f 2 [x ; : : : ; x ℄ linear, p prime.

Z 1 Z 1
Output: \infeasible," or a sample solution a0 2 for S 0 .
m n
n
Zp

BEGIN
S := f(S 0; ;)g
S 0 := ;
for ea h variable x 2 fx1 ; : : : ; x g do
for ea h (S;  ) 2 S do
n

for ea h onstraint in S do
if ontains x then
a := solution in Q wrt. x for (=)
S := S with a plugged in for x
S 0 := S 0 [ f(S ;  [ fx = ag)g
a


od
S0 := S with 0 plugged in for x
S 0 := S 0 [ f(S ;  [ fx = 0g)g
0
od
S := S 0
S 0 := ;
od
if there is (f0  0; : : : ; 0  0g;  ) in S then
return 
else

9
 return \infeasible"

END
Proof This is a straightforward onsequen e of Corollary 8.5 in [Stu00℄
applied to (S 0 ).
Example 6 We apply our implementation of Algorithm 3 to the following
randomly generated system S of ongruen es:
70x + 6x + 89x + 7x + 30  0
1 3 4 6 mod 10310

87x + 93x + 78x + 73x + 53  0

1 2 3 4 mod 1039

87x + 41x + 3  0 2 5 mod 1033

12x + 37x + 69x + 15x + 53  0

2 3 4 6 mod 1033

75x + 90x + 65x + 14x + 41  0

1 3 4 5 mod 103
91x + 96x + 55  05 6 mod 103 :
2

Extended quantier elimination applied to (S 0 ) yields the following sample

solution over Z103 for S 0:
x =
1120921235 ; x =
2555928514 ;
1
6450196079 19350588237
2

x =
2265478209 ; x =
2512869252 ;
3
6450196079 6450196079
4

x =
1335886309 ; x =
4961733734 :
5
6450196079 6450196079
6

After lifting this results in the following orresponding sample solution for
the original system S over : Z

x1 = 18804386104945290509
x2 = 8303843175527713857
x3 = 63090697556404646456
x4 = 83696580514895056415
x5 = 93826373987783010344
x6 = 133646566652950881192:
The total omputation time is 2.3 s, whi h is almost ompletely spent for
the extended quantier elimination step. All other steps, in parti ular the
lifting, take less than the a ura y of the system lo k, whi h is 0.01 s.
10
6 Parametri Moduli
So far, we have onsidered integer ongruen e systems with prime power
moduli for a xed prime p. Algorithm 5 suggests that the rst-order frame-
work of quantier elimination is not ne essary for solving this problem. The
entire elimination pro edure an easily be des ribed in terms of manipulat-
ing lists of ongruen e systems. This hanges when turning to more general
questions. The rst more general problem we are going to dis uss here, is
solving our ongruen e systems uniformly for a parametri prime p.
Let us take a look at our Algorithm 3 wrt. this generalization:
1. The p-adi system S 0 an be generated as before now ontaining para-
metri ideals p .
kj
Zp

2. The rst-order formula (S 0 ) now ontains the onstant  of our lan-
guage denoting the parametri p.
3. The extended quantier elimination is now not a de ision pro edure.
Noti e that variable-free atomi formulas annot be de ided. For our
generalized Algorithm 5 this means that we drop the nal if statement
but return the extended quantier elimination result. The onditions
in this result will ontain two types of atomi onditions:
(a) Positive onditions on p resulting from the substitution into the
ongruen es.
(b) Negative onditions on p, whi h are guarding onditions intro-
du ed with substitution for ex luding zero denominators.
4/5. The lifting step depends on the on rete hoi e for p, and has to be
onsidered separate from the p-adi solution phase. The p-adi solution
provided by the generalized Algorithm 5 will thus be the nal output
of our generalized Algorithm 3.
Example 7 We re ompute our Example 6 repla ing the base 103 of the
moduli by a parametri p. We then obtain after 7.43 s the following solution,
whi h is uniform over for the valid moduli p 2= f3; 6450196079g:
Zp

 
3  1 ^ 6450196079  1 a0 ;

where the p-adi integer solution a0 happens to be identi al to that for the
ase p = 103 in Example 6. Our a0 an be lifted e.g. for p = 103 within less
then 0.01 s to the integer solution we know from Example 6.
11
 Noti e that we have found in the above example a uniform p-adi solution,
subje t to a guarding ondition that straightforwardly states that the system
is unsolvable for p 2 f3; 6450196079g.
The remainder of this se tion is devoted to studying what kind of re-
sults on erning uniformity and expli itness we may expe t wrt. the stated
problem on one hand, and our parti ular approa h to it on the other hand.
Example 8 Consider the following system of two ongruen es:
3x + 5x  1 mod
1 2 p
5x + 3x  1 mod
1 2 p:

Our elimination pro edure yields the following result distinguishing two ases:
 
2 6 1 fx = ; x = 0g :1
1
2
2  1 fx = ; x = g
3
1 1
1 8 2 8

With the result in the example, we would for p = 2 be only allowed to lift
the rst solution, while for all other primes p only the se ond one is valid.
Sin e we have to know p for lifting anyway, it is easy to automati ally dete t
the orre t bran h. Anyway, the question arises whether there exists also a
uniform solution, whi h we would onsider an intermediate result of better
quality. This is in fa t not the ase here as we going to exhibit in the sequel.
To begin with, note that by inspe tion of our elimination pro edure, we
know that our sample solutions will always be numbers not involving the
onstant  = p of our language.
Lemma 9 A rational number a is a p-adi integer for all primes p if and
only if it is an integer. In other words,
\
Zp = Z :
p prime
T
Proof Let a = n=d 2 be redu ed to lowest terms. Then p d for all
Zp -

primes p. It follows that d = 1 and thus a 2 . Let onversely a = a=1 2 ,

p

Z Z

and let p be prime. Then p 1 and thus a 2 .

- Zp

Let now S be a system of ongruen es with parametri modulus base p

over . Denote by S 0 the orresponding system over as made pre ise in
Z Zp

Lemma 1, and by S the orresponding system of equations a ording to

(=)

Denition 4.
We learn from Lemma 9 above that a uniform p-adi integer solution for
S is in fa t a uniform integer solution for S 0 and thus also for S . By hoosing
0

12
p suÆ iently large, it is not hard to see that this uniform integer solution
even solves the orresponding system S of linear equations. Conversely,
(=)

any integer solution for S is obviously a uniform integer solution for S and
(=)

thus for S 0. The following proposition states this observation more on isely:
Proposition 10 Let S be a system of linear ongruen es over Z, let S 0 be
the orresponding system over Z , and let S (=) be the orresponding system
p

of linear equations over Z. Assume we determine a (uniform) solution a for

one of these three systems. Then a is up to some natural homomorphism
also a (uniform) solution for the other two systems.
Consider now the system of equations over orresponding to the on-Z

gruen e system in Example 8:

3x + 5x = 1 1 2

5x + 3x = 1: 1 2

Subtra ting the rst equation from the se ond one, we obtain the onsequen e
x = x . A solution x = x = a 2
1 2 1 2 would thus have to satisfy 8a =
Z

3a + 5a = 1, whi h is obviously impossible. Proposition 10 now tells us that

there is no uniform solution for the original ongruen e system, neither over
Z nor over . Con erning the ase distin tion, our solution in Example 8 is
Zp

optimal.
Our pro edure is however not optimal in general. In the following example
we miss nding a uniform solution, although there exists one.
Example 11 Consider the system onsisting of the sole ongruen e
5x + 7x + 1  0 mod p:
1 2

Appli ation of our elimination pro edure yields that this is solvable for all
primes p, giving two guarded sample solutions. The rst one holds uniformly,
ex ept for p = 5, while the se ond one holds uniformly ex ept for p = 7:
 
5  1 fx = ; x = 0g : 1
1
2
7  1 fx = 0; x = g
5
1
1 2 7

Here x = 3 and x = 2 solves the orresponding system of equations over

1 2
Z , and thus onstitutes a uniform solution for all p.
In the non-parametri ase we ould obviously easily obtain either \true"
or \false" for ea h guarding ondition, and then pi k a \true" solution. In
the parametri ase here, we have seen onditions of the form p  1 and
p 6 1 for primes p.

13
 In fa t, every variable-free formula over our language is simplied to
\true," \false," or a formula of one of the forms
p1 6 1 _


_ p 6 1;
k  1 ^


^ p  1;
p1 k

where p <


< p prime. The rst formula states p 2 fp ; : : : ; p g, while

1 1
the se ond one states p 2= fp ; : : : ; p g. We observe, as a onsequen e, that
k k

1 k

any parametri ongruen e system of our onsidered form is of one of the

following four types:
1. generally feasible for all primes p,
2. generally infeasible for all primes p,
3. feasible for nitely many p,
4. feasible for all but nitely many p.
In parti ular, there is no su h system for whi h there exists a partition P [_ 1
P of all primes into innite sets P and P , su h that the system is feasible
2 1 2
for all p 2 P but infeasible for all p 2 P .
1 2

Guarding onditions of the form p 6 1 _


_ p 6 1 restri ting p to a

1 k

nite set of primes are typi ally introdu ed be ause the ongruen e system
degenerates for these primes. For instan e p , . . . , p may be the prime
1 k

fa tors of a ertain oeÆ ient, whi h be omes zero then, whi h in turn leads
to a spe ial solution that does not work for other primes. Guards of the form
p  1 ^


^ p  1, in ontrast, ex lude, as a rule, the prime fa tors of
1 k

the denominators of the asso iated solution.

Arriving from an arbitrary variable-free formula over our language, whi h
possibly ontains the onstant , at one of the four forms des ribed above is
by no means trivial. It requires a large arsenal of sophisti ated simpli ation
strategies. The part of our simplier that is of general interest for quantier
elimination over dis retely valued elds has been des ribed in detail in [DS99℄.
Further spe ial-purpose simpli ation algorithms have been added for the
parti ular proje t dis ussed here.

7 Simultaneous Lifting
With the parametri setup of the previous se tion it is possible to lift the
p-adi solutions simultaneously for nitely many primes p. The ru ial tool
for this is the well-known Chinese Remainder Theorem ( rt) [BWK93℄.
14
Theorem 12 (Chinese Remaindering) Let r1 , . . . , r , m1 , . . . , m k k 2 Z ,
where the m are relatively prime. We are interested in the system
i

S = f x  r mod m j 1  i  k g
i i

of ongruen es. For 1  i  k set

Y
n i = m: i

j k
1
6 i
j=

Then g d(n ; m ) = 1, and the extended Eu lidean algorithm yields a linear

i i

ombination 1 = s n + t m . Now i i i i

X
k

a= nsr
j j j

j =1

is a solution to the system S . The set of all solutions is a + mZ, where

m = m1


m . k

7.1 Simultaneous Bran h Lifting

Consider now for a ongruen e system S with symboli p a solution bran h
( ; fx = ; : : : ; x = g): 1
r1
s1 n
rn
sn

Let k be the highest power of p in S , and let P = fp ; : : : ; p g be a nite 1 l

set of primes satisfying . We are going to apply the Chinese Remainder

Theorem for obtaining an integer solution that is simultaneously orre t for
all the p , . . . , p , by solving for ea h of the r =s the following system of
1 l i i

integer ongruen es:

y  1 mod p k
1
...
y  1 mod p k
l

y  0 mod s : i

All the k-th powers of the various p are obviously pairwise relatively prime, j

and sin e the p satisfy , they are also relatively prime to s . The rst
j i

l ongruen es allow us to multiply r =s with our solution a for y without i i

hanging its residue lass modulo any of the ideals p for the various p , k
Zp 1
. . . , p , and that a 6 0. The last ongruen e makes sure that a will be a
multiple of s , su h that r a=s 2 .
l

i i i Z

15
Example 13 For our Example 7 we had obtained a uniform result for p 2=
f3; 6450196079g, whi h we simultaneously lift:
(i) For the rst ten primes f2; 5; 7; 11; 13; 17; 19; 23; 29; 31g dierent from
3, we obtain after 0.01 s a uniform integer solution where x , . . . , x 1 6
have either 93 or 94 digits ea h.
(ii) For the rst 100 primes f2; : : : ; 547g dierent from 3, we obtain after
0.79 s a uniform integer solution where x , . . . , x have 2192 digits ea h.
1 6

(iii) For the rst 500 primes f2; : : : ; 3581g dierent from 3, we obtain after
31.5 s a uniform integer solution where x , . . . , x have either 15228 or
1 6
15229 digits ea h.

7.2 Simultaneous Solution Lifting

Simultaneous bran h lifting is appli able only in ases where the list of target
primes mat hes one parti ular solution bran h. This will be in general not
be the ase as we have demonstrated for our Example 8 on erning, e.g., the
primes 2, 3. Nevertheless, we an always nd simultaneous integer solutions
for a given nite set of primes, provided, of ourse, the system is solvable for
every single prime.
Consider a nite set P = fp ; : : : ; p g of primes su h that our system S
1
is solvable for ea h p 2 P . That is, for ea h p 2 P we have a p -adi integer
l

i i

solution bran h 0 0
( ; fx = a ; : : : ; x = a g)
(i) (i)
1
(i)
1
(i)
n
(i)
n

with a p satisfying , and we an independently lift all the solutions for

i
(i)

the various p , arriving at orresponding integer solutions

i

L1 = fx = a (1)
1
(1)
1 ; : : : ; x(1) =a g (1)

...
n n

Ll = fx = a (l)
1
(l)
1 ; : : : ; x( )
n
l
=a g (l)
n

for p , . . . , p , respe tively. It is easy to see that we an equivalently repla e

1 l

all the a , . . . , a by the solution a of the following system, where k is the

(1)
1
(l)
1 1
highest power of p in the original system S :
a1 a (1)
1 mod p1 k

...
a1 a (l)
1 mod p : k
l

16
This system is denitely solvable by Chinese remaindering. In the same way,
we independently nd suitable a , . . . , a . su h that x = a , . . . , x = a
2 1 1
simultaneously solves S for all p 2 P .
n n n

Example 14 We simultaneously lift the result in Example 8 for various

nite sets of primes:
(i) For the rst ten primes f2; 3; 5; 7; 11; 13; 17; 19; 23; 29g we obtain after
less than 0.01 s the uniform solution x = 404355827, x = 3639202442.
1 2

(ii) For the rst 100 primes f2; : : : ; 541g we obtain a uniform solution after
0.01 s, where both x and x have 220 digits.
1 2

(iii) For the rst 500 primes f2; : : : ; 3571g we obtain a uniform solution after
0.15 s, where both x and x have 1520 digits.
1 2

In general, there will be solution bran hes that mat h for several primes
P 0  P , su h that we an lift these bran hes by simultaneous bran h lifting.
That is, we ombine both our approa hes.

7.3 Innite Sets of Primes

Both our approa hes allow us to lift simultaneously only for a nite number of
primes. Simultaneous lifting of a non-integer solution for an innite number
of primes is in fa t impossible as the following lemma shows.
Lemma 15 Let r=s be a p-adi integer wrt. an innite set P of primes. If
r=s an be simultaneously lifted to an integer for an innite subset P 0  P ,
then r=s is already an integer.
Proof Let the lifting fa tor s  1 mod p for all p 2 P 0 . Sin e P 0 is innite,
there is p 2 P 0 with p
0 0 > s, and from s  1 mod p , i.e., lifting does not
0
hange r=s.

8 Arbitrary Moduli
So far we have only onsidered linear ongruen e systems modulo powers of
one xed possibly parametri prime modulus. We are now going to extend
our ideas to general moduli, where we restri t to the non-parametri ase.
Consider a system
S = ff (x)  0 mod  ;
1 1 :::; f m (x)  0 mod  g;
m

17
where f , . . . , f 2 [x ; : : : ; x ℄ are polynomials that are linear in x , . . . , x ,
1 Z 1 1
and  , . . . ,  2 .
m n n

1 m N

The key observation is that ea h of the  , . . . ,  fa tors into nitely 1

many prime powers, and that a 2 satises a given ongruen e modulo
m
n
Z

a produ t of prime powers if and only if it does so for all the single prime
powers simultaneously:
^
l
Y
l

f (a)  0 mod p ki
i
() f (a)  0 mod p i:
k
i

i=1 i=1

So, we have learned all ne essary te hniques for solving this more general
problem already in the previous se tion. The following algorithm explains
how to organize the omputation:
Algorithm 16 (Solving with Arbitrary Moduli)
Input: A system
= ff (x)  0 mod  ; : : : ; f (x)  0 mod  g:
S 1 1 m m

of ongruen es over with f , . . . , f 2 [x ; : : : ; x ℄ linear,  , . . . ,  2 .

Z 1 Z 1 1 N

Output: \infeasible," or a sample solution a 2 for S .

m n m
n
Z

BEGIN
P := the prime fa tors of  , . . . ,  1
for ea h p 2 P do
m

T := ;
k( ) := 0
p

for j := 1 : m do
k := the power of p in  j

if k > 0 then
T := T [ ff (x)  0 mod p j
k
g
k( ) := max(k( ) ; k)
p p


od
apply Algorithm 3 to T
if T is feasible then
a := an integer solution for T
(p)

else
return \infeasible"

od
for i := 1 : n do
C := f x  a mod p
i
(p)
i
k
(p)
jp2Pg
18
 ai := an integer solution for x by rt i

od
return (a1 ; : : : ; a ) n

END
Example 17 We apply our implementation of Algorithm 16 to the following
system S of ongruen es derived from the randomly generated Example 6:
70x + 6x + 89x + 7x + 30  0
1 3 4 6 mod 280
87x + 93x + 78x + 73x + 53  0
1 2 3 4 mod 5665
87x + 41x + 3  0 2 5 mod 110
12x + 37x + 69x + 15x + 53  0
2 3 4 6 mod 1545
75x + 90x + 65x + 14x + 41  0
1 3 4 5 mod 3125
91x + 96x + 55  0
5 6 mod 1925:
The moduli here fa torize as follows:
280 = 2
53

7
5665 = 5
11
103
110 = 2
5
11
1545 = 3
5
103
3125 = 5 5

1925 = 5 2

7
11:
We obtain after 2.29 s the following solution:
x1 = 2873631250; x2 = 3339537828;
x3 = 289265341729; x4 = 422862329737;
x5 = 255144121; x6 = 112853162929:
Noti e that our algorithm is based on solution lifting in ontrast to bran h
lifting. In extreme spe ial ases a ombination with bran h lifting might be
more eÆ ient. This is the ase when there are many prime fa tors o urring
with equal powers in all of the moduli. One would then solve the system
parametri ally for this distribution of prime powers.

9 Con lusions
Based on an extended quantier elimination pro edure for p-adi ally valued
elds, we have devised algorithms for solving multivariate linear systems
of ongruen es. Our methods generally split into two parts: First, nding
19
solutions in suitable rings of p-adi integers . Se ond, lifting these solutions
Zp

to the integers . The rst part is omputationally hard, while the se ond
Z

one is straightforward and eÆ ient. For the spe ial ase, where ea h modulus
is some power of a xed prime, the omputationally hard rst part an be
performed uniformly for all primes. For this ase, we have developed two
methods for making the lifting step also as uniform as theoreti ally possible.
These methods an be nally reused for extending our approa h to the general
ase of arbitrary, i.e. not ne essarily prime power, moduli. This general ase is
a onsiderable generalization of the problem solved by the Chinese Remainder
Theorem.

Referen es
[AK66℄ James Ax and Simon Ko hen. Diophantine problems over lo al
elds. Annals of Mathemati s, 83:437{456, 1966. Part III.
[BWK93℄ Thomas Be ker, Volker Weispfenning, and Heinz Kredel. Grobner
Bases, a Computational Approa h to Commutative Algebra, vol-
ume 141 of Graduate Texts in Mathemati s. Springer, New York,
1993.
[Coh69℄ Paul J. Cohen. De ision pro edures for real and p-adi elds.
Communi ations in Pure and Applied Logi , 25:213{231, 1969.
[DGS98℄ Andreas Dolzmann, Oliver Gloor, and Thomas Sturm. Approa hes
to parallel quantier elimination. In Oliver Gloor, editor, Pro eed-
ings of the 1998 International Symposium on Symboli and Alge-
brai Computation (ISSAC 98), pages 88{95, Rosto k, Germany,
August 1998. ACM, ACM Press, New York, 1998.
[DS97a℄ Andreas Dolzmann and Thomas Sturm. Guarded expressions in
pra ti e. In Wolfgang W. Ku hlin, editor, Pro eedings of the 1997
International Symposium on Symboli and Algebrai Computation
(ISSAC 97), pages 376{383, Maui, HI, July 1997. ACM, ACM
Press, New York, 1997.
[DS97b℄ Andreas Dolzmann and Thomas Sturm. Redlog: Computer al-
gebra meets omputer logi . ACM SIGSAM Bulletin, 31(2):2{9,
June 1997.
[DS99℄ Andreas Dolzmann and Thomas Sturm. P-adi onstraint solv-
ing. In Sam Dooley, editor, Pro eedings of the 1999 International
20
 Symposium on Symboli and Algebrai Computation (ISSAC 99),
Van ouver, BC, pages 151{158. ACM Press, New York, NY, July
1999.
[DSW98℄ Andreas Dolzmann, Thomas Sturm, and Volker Weispfenning.
Real quantier elimination in pra ti e. In B. H. Matzat, G.-M.
Greuel, and G. Hiss, editors, Algorithmi Algebra and Number
Theory, pages 221{247. Springer, Berlin, 1998.
[Ers65℄ Juri L. Ershov. On elementary theories of lo al elds. Algebra i
Logika Sem., 4(2):5{30, 1965.
[FR79℄ Jeanne Ferrante and Charles W. Ra ko. The Computational
Complexity of Logi al Theories. Number 718 in Le ture Notes
in Mathemati s. Springer-Verlag, Berlin, 1979.
[Ma 76℄ Angus Ma intyre. On denable subsets of p-adi elds. Journal
of Symboli Logi , 41(3):605{610, September 1976.
[Ost18℄ Alexander Ostrowski. U ber einige Losungen der Funktionalglei-
hung '(x)
'(y) = '(xy). A ta Mathemati a, 41:271{284, 1918.
[Stu99℄ Thomas Sturm. Reasoning over networks by symboli methods.
Appli able Algebra in Engineering, Communi ation and Comput-
ing, 10(1):79{96, September 1999.
[Stu00℄ Thomas Sturm. Linear problems in valued elds. Journal of Sym-
boli Computation, 30(2):207{219, August 2000.
[Wei84℄ Volker Weispfenning. Quantier elimination and de ision pro e-
dures for valued elds. In G. H. Muller and M. M. Ri hter, editors,
Models and Sets (Aa hen, 1983), volume 1103 of Le ture Notes in
Mathemati s, pages 419{472. Springer-Verlag, Berlin, Heidelberg,
1984.
[Wei88℄ Volker Weispfenning. The omplexity of linear problems in elds.
Journal of Symboli Computation, 5(1&2):3{27, February{April
1988.

21