CSE 311 Lecture 13: Primes and GCD. Emina Torlak and Kevin Zatloukal

Transcription

1 CSE 311 Lecture 13: Primes and GCD Emina Torlak and Kevin Zatloukal 1

2 Topics Modular arithmetic applications A quick wrap-up of Lecture 12. Primes Fundamental theorem of arithmetic, Euclid s theorem, factoring. Greatest Common Divisors (GCD) GCD definition and properties. Euclidean algorithm Computing GCDs with the Euclidean algorithm. Extended Euclidean algorithm Bézout s theorem and the extended Euclidean algorithm. 2

3 Modular arithmetic applications A quick wrap-up of Lecture 12.

4 3

5 Modular arithmetic properties Modular addition property Let m be a positive integer ( m Z with m > 0). If and, then. a b (mod m) c d (mod m) a + c b + d (mod m) Modular multiplication property Let m be a positive integer ( m Z with m > 0). If and, then. a b (mod m) c d (mod m) ac bd (mod m) 4

6 Unsigned integer representation x n i= 0 b i2 i b i {0, 1} bn 1 b 2 b 1 b 0 Represent integer as a sum of powers of 2: x = n 1 If where each, then the representation is. Examples: 99 = = n = 8 99 = = So for : 5

7 Sign-magnitude integer representation 2 n 1 < x < 2 n 1 x n If, represent with bits as follows: Use the first bit as the sign (0 for positive and 1 for negative), and the remaining bits as the (unsigned) value. n 1 Examples: 99 = = n = 8 99 = = = So for : The problem with this representation is that our standard arithmetic algorithms no longer work, e.g., adding the representation of -18 and 99 doesn t give the representation of 81. 6

8 Two s complement integer representation x n Represent with bits as follows: If 0 x < 2 n 1, use the n-bit unsigned representation of x. If, use the -bit unsigned representation of. 2 n 1 x < 0 n + x 2 n Key property: Two s complement representation of any number so arithmetic works. y mod 2 n mod 2 n y is equivalent to 7

9 Two s complement integer representation x n Represent with bits as follows: If 0 x < 2 n 1, use the n-bit unsigned representation of x. If, use the -bit unsigned representation of. 2 n 1 x < 0 n + x 2 n Key property: Two s complement representation of any number so arithmetic works. y mod 2 n mod 2 n y is equivalent to Examples: So for : 99 = = = = 238 = = n = 8 99 = = =

10 Two s complement integer representation x n Represent with bits as follows: If 0 x < 2 n 1, use the n-bit unsigned representation of x. If, use the -bit unsigned representation of. 2 n 1 x < 0 n + x 2 n Key property: Two s complement representation of any number so arithmetic works. y mod 2 n mod 2 n y is equivalent to Examples: So for : 99 = = = = 238 = = n = 8 99 = = = Arithmetic mod 2 n is easy in hardware: just throw away bits n+ 1 and higher. 7

11 Computing the two s complement representation 2 n 1 x < 0 x n 2 n + x = 2 n x For, is represented using the -bit unsigned representation of. To compute this value: n Compute the -bit unsigned representation of. Flip the bits of x to get the representation of 2 n 1 x. Add 1 to get. 2 n x This computation works because x + x 2 n 1 x = 2 n 1 x x + 1 = 2 n x x is all 1s, which represents. So we have and. 8

12 Computing the two s complement representation 2 n 1 x < 0 x n 2 n + x = 2 n x For, is represented using the -bit unsigned representation of. To compute this value: n Compute the -bit unsigned representation of. Flip the bits of x to get the representation of 2 n 1 x. Add 1 to get. 2 n x This computation works because x + x 2 n 1 x = 2 n 1 x x + 1 = 2 n x is all 1s, which represents. So we have and. Example: -18 in 8-bit two s complement 18 in 8-bit unsigned: Flip the bits: Add 1: x 8

13 Applications of modular arithmetic Modular arithmetic is the basis of modern computing, with many applications. Examples include hashing, pseudo-random numbers, and simple ciphers. 9

14 Hashing Problem: We want to map a small number of data values from a large domain {0, 1,, M 1} into a small set of locations {0, 1,, n 1} to be able to quickly check if a value is present. Solution: Compute hash(x) = x mod p for a prime p close to n. Or, compute for a prime close to. hash(x) = ax + b mod p p n This approach depends on all of the bits of data the data. Helps avoid collisions due to similar values. But need to manage them if they occur. 10

15 Pseudo-random number generation Linear Congruential method x n+ 1 = (a + c) mod m x n x 0 a, c, m x n Choose randomly and carefully to produce a sequence of s. 11

16 Pseudo-random number generation Linear Congruential method x n+ 1 Choose randomly and carefully to produce a sequence of s. Example = (a + c) mod m x n x 0 a, c, m x n a = , c = 12345, m = 2 31 from BSD x 0 = 311 x 1 = , x 2 = , x 3 = , 11

17 Simple ciphers Ceasar or shi! cipher Treat letters as numbers: A = 0, B = 1, f (p) = (p + k) mod 26 f 1 (p) = (p k) mod 26 More general version f (p) = (ap + b) mod 26 f 1 (p) = ( a 1 (p b)) mod 26 12

18 Simple ciphers Ceasar or shi! cipher Treat letters as numbers: A = 0, B = 1, f (p) = (p + k) mod 26 f 1 (p) = (p k) mod 26 More general version a 1 f (p) = (ap + b) mod 26 f 1 (p) = ( a 1 (p b)) mod 26 is the multiplicative inverse of modulo 26, and we ll soon see how to compute these inverses. a 12

19 Primes Fundamental theorem of arithmetic, Euclid s theorem, factoring. 13

20 Primality Prime number An integer is called prime if its only positive factors are and. Composite number An integer p > 1 1 p c > 1 is called composite if it is not prime. 14

21 Primality Prime number An integer is called prime if its only positive factors are and. Composite number An integer p > 1 1 p c > 1 is called composite if it is not prime. A prime number is divisible only by itself and 1. We say that is a factor of if. a b a b Note that 1 is neither prime nor composite. The above definitions apply only to integers greater than 1. 14

22 A key theorem about all positive integers Fundamental theorem of arithmetic Every positive integer greater than 1 has a unique prime factorization. 15

23 A key theorem about all positive integers Fundamental theorem of arithmetic Every positive integer greater than 1 has a unique prime factorization. In other words, every integer can be written uniquely as a prime, or the product of two or more primes ordered by size. Examples n> 1 48 = = , 523 = 45, , 950 = , 234, 567, 890 = , 607 3,

24 A key theorem about primes Euclid s theorem There are infinitely many primes. 16

25 A key theorem about primes Euclid s theorem There are infinitely many primes. Proof by contradiction: 16

26 A key theorem about primes Euclid s theorem There are infinitely many primes. Proof by contradiction: Suppose that there are finitely many primes:. p 1,, p n 16

27 A key theorem about primes Euclid s theorem There are infinitely many primes. Proof by contradiction: Suppose that there are finitely many primes: p 1,, p n. Define the number, and let. P = p 1 p n Q = P

28 A key theorem about primes Euclid s theorem There are infinitely many primes. Proof by contradiction: Suppose that there are finitely many primes: p 1,, p n. Define the number P = p 1 p n, and let Q = P + 1. Case 1: If Q > 1 is prime, then Q is a prime different from all of p 1,, p n, since it is bigger than all of them. This contradicts the assumption that the list includes all primes. p 1,, p n 16

29 A key theorem about primes Euclid s theorem There are infinitely many primes. Proof by contradiction: Suppose that there are finitely many primes: p 1,, p n. Define the number P = p 1 p n, and let Q = P + 1. Case 1: If Q > 1 is prime, then Q is a prime different from all of p 1,, p n, since it is bigger than all of them. This contradicts the assumption that the list p 1,, p n includes all primes. Case 2: If Q > 1 is not prime, then Q has some prime factor p, which must be in p 1,, p n. Therefore p P and p Q so P = jp and Q = kp for some integers j, k. We then have Q P = (k j)p = 1, which means that p 1. But no prime divides 1, leading again to a contradiction. 16

30 A key theorem about primes Euclid s theorem There are infinitely many primes. Proof by contradiction: Suppose that there are finitely many primes: p 1,, p n. Define the number P = p 1 p n, and let Q = P + 1. Case 1: If Q > 1 is prime, then Q is a prime different from all of p 1,, p n, since it is bigger than all of them. This contradicts the assumption that the list p 1,, p n includes all primes. Case 2: If Q > 1 is not prime, then Q has some prime factor p, which must be in p 1,, p n. Therefore p P and p Q so P = jp and Q = kp for some integers j, k. We then have Q P = (k j)p = 1, which means that p 1. But no prime divides 1, leading again to a contradiction. Since both cases are contradictions, the assumption must be false. 16

31 Important algorithmic problems Primality testing Given an integer, determine if n is prime. Factoring Given an integer, determine the prime factorization of. n n n 17

32 Important algorithmic problems Primality testing Given an integer, determine if n is prime. Factoring Given an integer, determine the prime factorization of. n n We don t know of an efficient algorithm for factoring large numbers. The security of commonly used cryptographic protocols (e.g., RSA) hinges on this fact. For example, it took two years and thousands of machine-hours to factor a 232-digit (768-bit) number known as RSA-768. But factoring is easy for quantum computers! n 17

33 Greatest Common Divisors (GCD) GCD definition and properties. 18

34 Definition of greatest common divisor (GCD) Greatest common divisor (GCD) The greatest common divisor of integers a and b, written as GCD(a, b), is the largest integer such that and. d d a d b 19

35 Definition of greatest common divisor (GCD) Greatest common divisor (GCD) The greatest common divisor of integers a and b, written as GCD(a, b), is the largest integer such that and. Examples: GCD(100, 125) = GCD(17, 49) = GCD(11, 66) = GCD(13, 0) = GCD(180, 252) = d d a d b 19

36 Definition of greatest common divisor (GCD) Greatest common divisor (GCD) The greatest common divisor of integers a and b, written as GCD(a, b), is the largest integer such that and. Examples: GCD(100, 125) = 25 GCD(17, 49) = GCD(11, 66) = GCD(13, 0) = GCD(180, 252) = d d a d b 19

37 Definition of greatest common divisor (GCD) Greatest common divisor (GCD) The greatest common divisor of integers a and b, written as GCD(a, b), is the largest integer such that and. Examples: GCD(100, 125) = 25 GCD(17, 49) = 1 GCD(11, 66) = GCD(13, 0) = GCD(180, 252) = d d a d b 19

38 Definition of greatest common divisor (GCD) Greatest common divisor (GCD) The greatest common divisor of integers a and b, written as GCD(a, b), is the largest integer such that and. Examples: GCD(100, 125) = 25 GCD(17, 49) = 1 GCD(11, 66) = 11 GCD(13, 0) = GCD(180, 252) = d d a d b 19

39 Definition of greatest common divisor (GCD) Greatest common divisor (GCD) The greatest common divisor of integers a and b, written as GCD(a, b), is the largest integer such that and. Examples: GCD(100, 125) = 25 GCD(17, 49) = 1 GCD(11, 66) = 11 GCD(13, 0) = 13 GCD(180, 252) = d d a d b 19

40 Definition of greatest common divisor (GCD) Greatest common divisor (GCD) The greatest common divisor of integers a and b, written as GCD(a, b), is the largest integer such that and. Examples: GCD(100, 125) = 25 GCD(17, 49) = 1 GCD(11, 66) = 11 GCD(13, 0) = 13 GCD(180, 252) = 36 d d a d b 19

41 GCD(a, b) How can we compute? a a = = 46, 20 b = = 204, 750 A naive approach is to first factor both and : b 20

42 How can we compute? A naive approach is to first factor both and : And then compute GCD(a, b) a a = = 46, 20 b = = 204, 750 GCD(a, b) as follows: GCD(a, b) = 2 min(3,1) 3 min(1,2) 5 min(2,3) 7 min(1,1) 11 min(1,0) 13 min(0,1) b 20

43 How can we compute? A naive approach is to first factor both and : And then compute GCD(a, b) a a = = 46, 20 b = = 204, 750 GCD(a, b) as follows: GCD(a, b) = 2 min(3,1) 3 min(1,2) 5 min(2,3) 7 min(1,1) 11 min(1,0) 13 min(0,1) b But factoring is expensive! Can we compute GCD(a, b) without factoring? 20

44 Euclidean algorithm Computing GCDs with the Euclidean algorithm. 21

45 Euclidean algorithm is based on two useful facts GCD(a, 0) If a is a positive integer, then GCD(a, 0) = a. 22

46 Euclidean algorithm is based on two useful facts GCD(a, 0) a GCD(a, 0) = a If is a positive integer, then. Proof follows straightforwardly from the definition of GCD and divisibility. 22

47 Euclidean algorithm is based on two useful facts GCD(a, 0) a GCD(a, 0) = a If is a positive integer, then. Proof follows straightforwardly from the definition of GCD and divisibility. GCD and modulo If and are positive integers, then. a b GCD(a, b) = GCD(b, a mod b) 22

48 Euclidean algorithm is based on two useful facts GCD(a, 0) a GCD(a, 0) = a If is a positive integer, then. Proof follows straightforwardly from the definition of GCD and divisibility. GCD and modulo If and are positive integers, then. Proof: a b GCD(a, b) = GCD(b, a mod b) 22

49 Euclidean algorithm is based on two useful facts GCD(a, 0) a GCD(a, 0) = a If is a positive integer, then. Proof follows straightforwardly from the definition of GCD and divisibility. GCD and modulo If and are positive integers, then. a b GCD(a, b) = GCD(b, a mod b) Proof: First note that by definition of mod, for some integer. a = qb + a mod b q = a div b 22

50 Euclidean algorithm is based on two useful facts GCD(a, 0) a GCD(a, 0) = a If is a positive integer, then. Proof follows straightforwardly from the definition of GCD and divisibility. GCD and modulo If and are positive integers, then. a b GCD(a, b) = GCD(b, a mod b) Proof: First note that by definition of mod, for some integer. d = GCD(a, b) Now, let. a = qb + a mod b q = a div b 22

51 Euclidean algorithm is based on two useful facts GCD(a, 0) a GCD(a, 0) = a If is a positive integer, then. Proof follows straightforwardly from the definition of GCD and divisibility. GCD and modulo If and are positive integers, then. a b GCD(a, b) = GCD(b, a mod b) Proof: First note that by definition of mod, for some integer. a = qb + a mod b q = a div b d = GCD(a, b) d a d b a = kd b = jd k, j Z Now, let. Then and, so and for some. 22

52 Euclidean algorithm is based on two useful facts GCD(a, 0) a GCD(a, 0) = a If is a positive integer, then. Proof follows straightforwardly from the definition of GCD and divisibility. GCD and modulo If and are positive integers, then. a b GCD(a, b) = GCD(b, a mod b) Proof: First note that by definition of mod, for some integer. a = qb + a mod b q = a div b d = GCD(a, b) d a d b a = kd b = jd k, j Z a mod b = a qb = kd qjd = d(k qj) Now, let. Then and, so and for some. Therefore,. 22

53 Euclidean algorithm is based on two useful facts GCD(a, 0) a GCD(a, 0) = a If is a positive integer, then. Proof follows straightforwardly from the definition of GCD and divisibility. GCD and modulo If and are positive integers, then. a b GCD(a, b) = GCD(b, a mod b) Proof: First note that by definition of mod, for some integer. a = qb + a mod b q = a div b d = GCD(a, b) d a d b a = kd b = jd k, j Z Now, let. Then and, so and for some. Therefore, a mod b = a qb = kd qjd = d(k qj). So, d (a mod b) and since d b, we have that. d = GCD(a, b) GCD(b, a mod b) 22

54 Euclidean algorithm is based on two useful facts GCD(a, 0) a GCD(a, 0) = a If is a positive integer, then. Proof follows straightforwardly from the definition of GCD and divisibility. GCD and modulo If and are positive integers, then. a b GCD(a, b) = GCD(b, a mod b) Proof: First note that by definition of mod, for some integer. Now, let. Then and, so and for some. Therefore, a mod b = a qb = kd qjd = d(k qj). So, d (a mod b) and since d b, we have that. Next, let. a = qb + a mod b q = a div b d = GCD(a, b) d a d b a = kd b = jd k, j Z d = GCD(a, b) GCD(b, a mod b) e = GCD(b, a mod b) 22

55 Euclidean algorithm is based on two useful facts GCD(a, 0) a GCD(a, 0) = a If is a positive integer, then. Proof follows straightforwardly from the definition of GCD and divisibility. GCD and modulo If and are positive integers, then. a b GCD(a, b) = GCD(b, a mod b) Proof: First note that by definition of mod, for some integer. a = qb + a mod b Now, let. Then and, so and for some. Therefore, a mod b = a qb = kd qjd = d(k qj). So, d (a mod b) and since d b, we have that. Next, let. Then and, so and for some. q = a div b d = GCD(a, b) d a d b a = kd b = jd k, j Z d = GCD(a, b) GCD(b, a mod b) e = GCD(b, a mod b) e b e (a mod b) b = me a mod b = ne m, n Z 22

56 Euclidean algorithm is based on two useful facts GCD(a, 0) a GCD(a, 0) = a If is a positive integer, then. Proof follows straightforwardly from the definition of GCD and divisibility. GCD and modulo If and are positive integers, then. a b GCD(a, b) = GCD(b, a mod b) Proof: First note that by definition of mod, for some integer. a = qb + a mod b Now, let. Then and, so and for some. Therefore, a mod b = a qb = kd qjd = d(k qj). So, d (a mod b) and since d b, we have that. Next, let. Then and, so and for some. Therefore,. q = a div b d = GCD(a, b) d a d b a = kd b = jd k, j Z d = GCD(a, b) GCD(b, a mod b) e = GCD(b, a mod b) e b e (a mod b) b = me a mod b = ne m, n Z a = qb + a mod b = qme + ne 22

57 Euclidean algorithm is based on two useful facts GCD(a, 0) a GCD(a, 0) = a If is a positive integer, then. Proof follows straightforwardly from the definition of GCD and divisibility. GCD and modulo If and are positive integers, then. a b GCD(a, b) = GCD(b, a mod b) Proof: First note that by definition of mod, for some integer. a = qb + a mod b q = a div b d = GCD(a, b) d a d b a = kd b = jd k, j Z Now, let. Then and, so and for some. Therefore, a mod b = a qb = kd qjd = d(k qj). So, d (a mod b) and since d b, we have that. d = GCD(a, b) GCD(b, a mod b) e = GCD(b, a mod b) e b e (a mod b) b = me a mod b = ne Next, let. Then and, so and for some m, n Z. Therefore, a = qb + a mod b = qme + ne. So, e a and e b, we have that. e = GCD(b, a mod b) GCD(a, b) 22

58 Euclidean algorithm is based on two useful facts GCD(a, 0) a GCD(a, 0) = a If is a positive integer, then. Proof follows straightforwardly from the definition of GCD and divisibility. GCD and modulo If and are positive integers, then. a b GCD(a, b) = GCD(b, a mod b) Proof: First note that by definition of mod, for some integer. a = qb + a mod b q = a div b d = GCD(a, b) d a d b a = kd b = jd k, j Z Now, let. Then and, so and for some. Therefore, a mod b = a qb = kd qjd = d(k qj). So, d (a mod b) and since d b, we have that. d = GCD(a, b) GCD(b, a mod b) e = GCD(b, a mod b) e b e (a mod b) b = me a mod b = ne Next, let. Then and, so and for some m, n Z. Therefore, a = qb + a mod b = qme + ne. So, e a and e b, we have that. The result follows from these cases. e = GCD(b, a mod b) GCD(a, b) 22

59 Euclidean algorithm Apply GCD(a, b) = GCD(b, a mod b) until you get GCD(a, 0) = a. Example implementation: // Assumes a >= b >= 0. public static int gcd(int a, int b) { if (b == 0) return a; // GCD(a, 0) = a else return gcd(b, a % b); // GCD(a, b) = GCD(b, a mod b) } 23

60 Euclidean algorithm Apply GCD(a, b) = GCD(b, a mod b) until you get GCD(a, 0) = a. Example implementation: // Assumes a >= b >= 0. public static int gcd(int a, int b) { if (b == 0) return a; // GCD(a, 0) = a else return gcd(b, a % b); // GCD(a, b) = GCD(b, a mod b) } GCD(660, 126) 23

61 Euclidean algorithm Apply GCD(a, b) = GCD(b, a mod b) until you get GCD(a, 0) = a. Example implementation: // Assumes a >= b >= 0. public static int gcd(int a, int b) { if (b == 0) return a; // GCD(a, 0) = a else return gcd(b, a % b); // GCD(a, b) = GCD(b, a mod b) } GCD(660, 126) = GCD(126, 660 mod 126) = GCD(126, 30) 23

62 Euclidean algorithm Apply GCD(a, b) = GCD(b, a mod b) until you get GCD(a, 0) = a. Example implementation: // Assumes a >= b >= 0. public static int gcd(int a, int b) { if (b == 0) return a; // GCD(a, 0) = a else return gcd(b, a % b); // GCD(a, b) = GCD(b, a mod b) } GCD(660, 126) = GCD(126, 660 mod 126) = GCD(126, 30) = GCD(30, 126 mod 30) = GCD(30, 6) 23

63 Euclidean algorithm Apply GCD(a, b) = GCD(b, a mod b) until you get GCD(a, 0) = a. Example implementation: // Assumes a >= b >= 0. public static int gcd(int a, int b) { if (b == 0) return a; // GCD(a, 0) = a else return gcd(b, a % b); // GCD(a, b) = GCD(b, a mod b) } GCD(660, 126) = GCD(126, 660 mod 126) = GCD(126, 30) = GCD(30, 126 mod 30) = GCD(30, 6) = GCD(6, 30 mod 6) = GCD(6, 0) 23

64 Euclidean algorithm Apply GCD(a, b) = GCD(b, a mod b) until you get GCD(a, 0) = a. Example implementation: // Assumes a >= b >= 0. public static int gcd(int a, int b) { if (b == 0) return a; // GCD(a, 0) = a else return gcd(b, a % b); // GCD(a, b) = GCD(b, a mod b) } GCD(660, 126) = GCD(126, 660 mod 126) = GCD(126, 30) = GCD(30, 126 mod 30) = GCD(30, 6) = GCD(6, 30 mod 6) = GCD(6, 0) = 6 23

65 Euclidean algorithm Apply GCD(a, b) = GCD(b, a mod b) until you get GCD(a, 0) = a. Example implementation: // Assumes a >= b >= 0. public static int gcd(int a, int b) { if (b == 0) return a; // GCD(a, 0) = a else return gcd(b, a % b); // GCD(a, b) = GCD(b, a mod b) } GCD(660, 126) = GCD(126, 660 mod 126) = GCD(126, 30) = GCD(30, 126 mod 30) = GCD(30, 6) = GCD(6, 30 mod 6) = GCD(6, 0) = 6 In tableau form: 660 = 5 * = 4 * = 5 *

66 Extended Euclidean algorithm Bézout s theorem and the extended Euclidean algorithm. 24

67 Bézout s theorem about GCDs Bézout s theorem If a and b are positive integers, then there exist integers s and t such that. GCD(a, b) = sa + tb 25

68 Bézout s theorem about GCDs Bézout s theorem If a and b are positive integers, then there exist integers s and t such that. GCD(a, b) = sa + tb We can extend Euclidean algorithm to find computing. GCD(a, b) s t and in addition to 25

69 Extended Euclidean algorithm 1. Compute GCD and keep the tableau. GCD(35, 27) = 35s + 27t. 26

70 Extended Euclidean algorithm 1. Compute GCD and keep the tableau. GCD(35, 27) = 35s + 27t. a = q b + r 35 = = = = GCD(a, b) GCD(b, a mod b) r = a mod b GCD(35, 27) = GCD(27, 35 mod 27) = GCD(27, 8) = GCD(8, 27 mod 8) = GCD(8, 3) = GCD(3, 8 mod 3) = GCD(3, 2) = GCD(2, 3 mod 2) = GCD(2, 1) = GCD(1, 2 mod 1) = GCD(1, 0) 26

71 Extended Euclidean algorithm 1. Compute GCD and keep the tableau. 2. Solve the equations for in the tableau. r GCD(35, 27) = 35s + 27t. a = q b + r 35 = = = = r = a q b 8 = = = =

72 Extended Euclidean algorithm 1. Compute GCD and keep the tableau. 2. Solve the equations for r in the tableau. 3. Back substitute the equations for. r GCD(35, 27) = 35s + 27t. r = a q b 8 = = = =

73 Extended Euclidean algorithm 1. Compute GCD and keep the tableau. 2. Solve the equations for r in the tableau. 3. Back substitute the equations for. r GCD(35, 27) = 35s + 27t. r = a q b 8 = = = = = 3 1 (8 2 3) = = ( 1) Plug in the def of 2. Group 8 s and 3 s. 28

74 Extended Euclidean algorithm 1. Compute GCD and keep the tableau. 2. Solve the equations for r in the tableau. 3. Back substitute the equations for. r GCD(35, 27) = 35s + 27t. r = a q b 8 = = = = = 3 1 (8 2 3) = = ( 1) = ( 1) (27 3 8) = ( 1) ( 9) 8 = ( 10) 8 Plug in the def of 2. Group 8 s and 3 s. Plug in the def of 3. Group 8 s and 27 s. 28

75 Extended Euclidean algorithm 1. Compute GCD and keep the tableau. 2. Solve the equations for r in the tableau. 3. Back substitute the equations for. r GCD(35, 27) = 35s + 27t. r = a q b 8 = = = = = 3 1 (8 2 3) = = ( 1) = ( 1) (27 3 8) = ( 1) ( 9) 8 = ( 10) 8 = ( 10) ( ) = ( 10) = ( 10) 35 Plug in the def of 2. Group 8 s and 3 s. Plug in the def of 3. Group 8 s and 27 s. Plug in the def of 8. Group 27 s and 35 s. 28

76 Multiplicative inverse GCD(a, m) = 1 Suppose. mod m By Bézout s Theorem, there exist integers. sa + tm = 1 s t and such that s mod m is the multiplicative inverse of a 1 = (sa + tm) mod m = sa mod m 29

77 Using multiplicative inverses to solve modular equations Solve: 7x 1 (mod 26) 30

78 Using multiplicative inverses to solve modular equations Solve: 7x 1 (mod 26) Compute GCD and keep the tableau. GCD(26, 7) = GCD(7, 5) = GCD(5, 2) = GCD(2, 1) = GCD(1, 0) = 1 30

79 Using multiplicative inverses to solve modular equations Solve: 7x 1 (mod 26) Compute GCD and keep the tableau. GCD(26, 7) = GCD(7, 5) = GCD(5, 2) = GCD(2, 1) = GCD(1, 0) = 1 Solve the equations for a = b q + r 26 = = = r in the tableau. r = a b q 5 = = =

80 Using multiplicative inverses to solve modular equations Solve: 7x 1 (mod 26) Compute GCD and keep the tableau. GCD(26, 7) = GCD(7, 5) = GCD(5, 2) = GCD(2, 1) = GCD(1, 0) = 1 Solve the equations for r in the tableau. Back substitute the equations for. 1 = 5 2 (7 5 1) = ( 2) = ( 2) (26 7 3) = ( 11) r a = b q + r 26 = = = r = a b q 5 = = =

81 Using multiplicative inverses to solve modular equations Solve: 7x 1 (mod 26) Compute GCD and keep the tableau. GCD(26, 7) = GCD(7, 5) = GCD(5, 2) = GCD(2, 1) = GCD(1, 0) = 1 Solve the equations for a = b q + r 26 = = = r in the tableau. r = a b q 5 = = = Back substitute the equations for. 1 = 5 2 (7 5 1) = ( 2) = ( 2) (26 7 3) = ( 11) x Solve for. Multiplicative inverse of 7 mod 26 ( 11) mod 26 = 15 x = 26k + 15 k Z So, for. r 30

82 Summary p > 1 Every positive integer is either prime or composite. p is prime if its only factors are p and 1. Otherwise, is composite. p GCD(a, b) a b is the greatest integer that divides both and. It can be computed efficiently using the Euclidean algorithm. GCD(a, b) = sa + tb By Bézout s Theorem, for some integers. s, t can be computed using the extended Euclidean algorithm. If, is the multiplicative inverse of modulo. GCD(a, b) = 1 s mod b a b s, t 31