The Chinese remainder theorem and the Fourier transform

Posted 2026-05-05

I’d recommend skimming the previous post if you have not yet done so, which discusses the Chinese remainder theorem in a purely linear-algebraic light, along with a bunch of notions we use. It’s neat, though we don’t say anything that is terribly surprising.

That’s, instead, what this post is for.

As a quick reminder, the somewhat abstract-nonsense-y Chinese remainder theorem is the following: let $V$ be a vector space over a field $𝐅$ and let $W_{1}, \dots, W_{k} \subseteq V$ be subspaces of $V$ . If, dimensionally, we have

\dim (V / ⋂_{i} W_{i}) = \sum_{i} \dim (V / W_{i}),

(where all dimensions are defined) then we can decompose $V$ in the following way

V / ⋂_{i} W_{i} ≃ \prod_{i} (V / W_{i}),

where the invertible map $π : V / ⋂_{i} W_{i} \to \prod_{i} (V / W_{i})$ is the product $π = π_{1} \times \dots \times π_{k}$ of natural maps into $V / W_{i}$ :

π_{j} (x + ⋂_{i} W_{i}) = x + W_{j},

for $j = 1, \dots, k$ .

The abstract Fourier transform

Ok, with that, we can start with the “general” Fourier transform over fields.

Let $V$ be the vector space of polynomials over some field $𝐅$ and let $p \in V$ be any nonzero polynomial which decomposes into $p = q_{1} q_{2} \dots q_{k}$ with $q_{1}, \dots, q_{k} \in V$ mutually coprime. Define $W_{p}$ to be the set of all polynomials in $V$ that are divisible by $p$ . This means, from the previous post, that we have the equivalence:

V / W_{p} ≃ \prod_{i} V / W_{q_{i}}

where the coordinate-wise map is the “obvious” one:

π_{i} (x + W_{p}) = x + W_{q_{i}} .

which is (again!) the Chinese remainder theorem over the ${q_{i}}$ .

Now, if $p$ splits over $𝐅$ and has no repeated root, that is, if $p$ satisfies

p (x) = α_{0} (x - α_{1}) (x - α_{2}) \dots (x - α_{n})

for $α_{0}, \dots, α_{n} \in 𝐅$ with $α_{1}, \dots, α_{n}$ distinct, then we can set $q_{i} (x) = x - α_{i}$ for $i = 1, \dots, n$ . (Easy check: what must $n$ be here, in terms of $p$ ?) Note that the $q_{i}$ are indeed mutually coprime and $⋂_{i} W_{q_{i}} = W_{p}$ , so the conditions are satisfied and, from before, we have

V / W_{p} ≃ \prod_{i} V / W_{q_{i}},

via the simple map above. Finally, note that $\dim (V / W_{q_{i}}) = \deg (q_{i}) = 1$ for each $i$ , so $V / W_{q_{i}}$ can be described by exactly one field element $𝐅$ . Indeed, from the previous post, one such description is that $f \in V / W_{q_{i}}$ is equivalent to taking the remainder of $f$ modulo $q_{i}$ , which is simply the value of $f$ at $α_{i}$ .¹

In other words, there is a simple invertible linear mapping between a polynomial (modulo $p$ ) and its evaluation on points $α_{1}, \dots, α_{n}$ , which are the roots of $p$ . That is to say for each polynomial $f$ modulo $p$ , there is an equivalence $f \to \hat{f}$ between the polynomial modulo $p$ , $f + W_{p}$ , and its evaluations $f (α_{1}), \dots, f (α_{n})$ .

This leads us to the last appetizer course.

The abstract convolution theorem

This is almost an immediate application of the above. In particular, let $f, g \in V$ be two polynomials, then we have that

f g + W_{p} \leftrightarrow ((f g) (α_{1}), \dots, (f g) (α_{n})) = (f (α_{1}) g (α_{1}), \dots, f (α_{n}) g (α_{n})) .

Or, in polynomial notation:

f g \mod p \leftrightarrow (f (α_{1}) g (α_{1}), \dots, f (α_{n}) g (α_{n})),

and the map is exactly the evaluation of the product at the points $α_{1}, \dots, α_{n}$ .

Again, note on the left hand side we are doing multiplication as polynomials. That is to say, we are convolving the coefficients of $f$ and $g$ and then reducing them modulo $p$ , whereas on the right, we are doing pointwise multiplication of the evaluations of $f$ and $g$ over the points $α_{i}$ .

Indeed, this is exactly where the structure of $p$ splitting over $𝐅$ is useful. Note that the original abstract Chinese remainder theorem requires that $⋂_{i} W_{q_{i}} = W_{p}$ . Now the dimensions of the map $V / W_{p} ≃ \prod_{i} V / W_{q_{i}}$ , of course, make sense without this requirement when $\deg (p) = n$ , so we in general have a relationship between $f$ modulo $p$ and its evaluations over the $α_{i}$ , but the “natural” quotient map $x + W_{p} \mapsto x + W_{q_{i}}$ only makes sense when $W_{p} \subseteq W_{q_{i}}$ , or, equivalently, when $q_{i}$ divides $p$ . So, if we were to take $f g + W_{p}$ , then the output of such a map will not necessarily be of the form $f g + W_{q_{i}}$ , so the abstract convolution theorem above would not hold.

The usual discrete Fourier transform (DFT)

Ok, now let’s finally get to the “usual” DFT. Let $α_{1}, \dots, α_{n}$ be the $n$ th roots of unity over some field $𝐅$ , such that they are the roots of the polynomial $p (x) = x^{n} - 1$ . That is to say, the polynomial $p$ splits over $𝐅$ , with the roots of unity ${α_{i}}$ as its factors. (This goes both ways: $α_{i}$ is an $n$ th root of unity over some field if, and only if, it is a root of $x^{n} - 1$ over this field.) We can also take any $n$ th primitive root of unity $ω$ (that is, one in which $ω^{i} \neq 1$ when $i = 1, \dots, n - 1$ ) and write $α_{i} = ω^{i}$ for $i = 1, \dots n$ up to relabelling of the indices.

Note that the field $𝐅$ can be anything that has $n$ th roots of unity—we have made no assumptions about the field anywhere other than $0 \neq 1$ , implicitly, in our proof. For example, taking our field $𝐅 = 𝐂$ , the complex numbers, we could have, for any $n$ , $α_{i} = \exp (- 𝐢 2 π i / n)$ , where $𝐢^{2} = - 1$ . On the other hand, in the Fermat prime field $| 𝐅 | = 2^{16} + 1$ , we can take $α_{i} = 3^{i} \mod 2^{16} + 1$ and $n = 2^{16}$ . Any of these (and many more, of course!) are perfectly valid options.

Now, let’s go back to our equivalence.

We previously said, taking $p (x) = x^{n} - 1$ , that

f \mod (x^{n} - 1) \mapsto (f (α_{1}), \dots, f (α_{n})),

is invertible over $𝐅$ . This is the usual (discrete) Fourier transform. In particular, we may take $f \mod (x^{n} - 1)$ to be of degree $\leq n - 1$ since any element of degree $m \geq n$ will have $x^{m} = x^{m \mod n}$ . The mapping is just the “forward” Fourier transform:

f (α_{i}) = \sum_{j = 1}^{n} f_{j} α_{i}^{j - 1},

where $f_{1}, \dots, f_{n}$ are the $n$ coefficients of $f \mod (x^{n} - 1)$ . In terms of a primitive $n$ th root $ω$ , we have that $α_{i} = ω^{i}$ (again, up to relabeling of the ${α_{i}}$ ) so

f (ω^{i}) = \sum_{j = 1}^{n} ω^{i (j - 1)} f_{j} .

This is the standard DFT equation.

Circular convolution to products

Now, let $f, g \in V$ both be polynomials, then we also have, from our more abstract version of the convolution theorem above, that

f g \mod (x^{n} - 1) \mapsto (f (α_{1}) g (α_{1}), \dots, f (α_{n}) g (α_{n})) .

As mentioned before, the multiplication $f g$ is multiplication as polynomials. That is, the coefficients of the polynomial $f g$ are the coefficients of the polynomial $f$ convolved with those of $g$ , then reduced by $x^{n} - 1$ . But this reduction simply maps all terms $x^{m} \to x^{m \mod n}$ . In other words, the coefficients of $f g \mod (x^{n} - 1)$ are exactly the coefficients resulting from a circular convolution of the coefficients of $f$ with those of $g$ !

Equivalently, this gives the “vectorial form”, when $f$ and $g$ are assumed to be of degree $\leq n - 1$ :

f * g \mapsto \hat{f} \circ \hat{g} .

Here, we write $f * g$ for the circular convolution of the coefficients of $f$ and $g$ and write ${\hat{f}}_{i} = f (α_{i})$ and similarly for $g$ , with $\circ$ being the elementwise (Hadamard) product. From before, the forward map between the convolution and the product is the evaluation map $f \mapsto \hat{f}$ . (A simple exercise is to write out what the matrix $F \in 𝐅^{n \times n}$ such that $\hat{f} = F f$ looks like!)

The “additive” Fourier transform

Finally, we note that there are a bunch of other possible types of Fourier transform, including the so-called “additive” Fourier transform, which works over fields of characteristic two. (It really works for any finite field of nonzero characteristic, but small-characteristic fields are the most practical; we’ll go through the characteristic-two case here and leave the rest as an exercise.) This type of transform is incredibly useful in a number of succinct proofs, see, e.g., Binius, ZODA, or Ligerito.

Let $𝐅$ be a finite field with $| 𝐅 | = 2^{m}$ for some positive integer $m$ , then note that $𝐅$ is a vector space over $𝐅_{2} = {0,1}$ of dimension $m$ . (Why?) Let $e_{1}, \dots, e_{m}$ be any basis of this vector space and let $n \leq m$ . In what follows, $2^{n}$ will be the number of evaluation points of the polynomial $f$ modulo a particular polynomial $p$ we will choose carefully.

With that, let $p$ be a polynomial that vanishes on any $x$ which is in the span of $e_{1}, \dots, e_{n}$ (not $m$ ) over $𝐅_{2}$ . Call this the $𝐅_{2}$ -vector space $A$ . Explicitly, $p$ can be, for example

p (x) = \prod_{β \in {0, 1}^{n}} (x - β_{1} e_{1} - \dots - β_{n} e_{n}) = \prod_{α \in A} (x - α) .

so $\ker p = A$ . Note that $p$ splits exactly over all points in $A$ (and therefore splits over $𝐅$ ) satisfying the conditions for the abstract Fourier transform above.

From our abstract Fourier transform theorem above, this has the immediate implication that there is an invertible map, for any polynomial $f$ over $𝐅$ between

f + W_{p} \mapsto {(f (α))}_{α \in A},

and this map is the obvious one: $f + W_{p} \to f (α)$ for each $α \in A$ . (Quick one: why is this injective, again?) This looks just like a simple application of the above, but it has some very special structure.

A teensy dessert

As a little bit of a cliffhanger, it is not hard to show by induction that $p$ satisfies $p (x + y) = p (x) + p (y)$ for any $x, y \in 𝐅$ , as does any polynomial of that form.

We can then split $A$ into two disjoint cosets $A = A^{'} \cup (u + A^{'})$ , for some $u \in 𝐅$ and some $A^{'} \subseteq A$ which also a vector space over $𝐅_{2}$ . Set $q$ to be the polynomial that vanishes over $A^{'}$ , in the same way as $p$ above, then $p (x) = q (x) q (x - u) = q (x) (q (x) + q (u))$ , since $a - b = a + b$ in characteristic two. From before, $q$ and $q + q (u)$ split over $𝐅$ , yet share no roots since they vanish over $A^{'}$ and $u + A^{'}$ respectively, which share no common elements. This means they are mutually coprime and, by the abstract Chinese remainder theorem above, we have

f + W_{p} \mapsto (f + W_{q}, f + W_{q + q (u)}) .

Of course, we can continue decomposing $A^{'}$ and therefore $q$ itself into the product of two polynomials, mutually coprime, and so on…

Which suggests, maybe, that there’s a faster algorithm for evaluating ${(f (α))}_{α \in A}$ , than just naively evaluating $f$ at every point of $A$ .

And, maybe, just maybe, a very similar observation also holds for the “usual” Fourier transform.

Until next time!

There is a “nearly-purely-linear-algebraic proof” instead by noting that the evaluation-at- $α_{i}$ map $V \to 𝐅$ has kernel containing $W_{q_{i}}$ since any $f \in W_{q_{i}}$ evaluates to zero under this map (why?). We can therefore consider it as a map $V / W_{q_{i}} \to 𝐅$ , but the map is also not zero everywhere (since obviously the constant polynomial $1 \in V$ is not zero at $α_{i}$ ) and so must be surjective—and therefore invertible—by dimension counting since $\dim (V / W_{q_{i}}) = 1 = \dim (𝐅)$ . ↩