Algorithms CMSC Basic algorithms in Number Theory: Euclid s algorithm and multiplicative inverse

Similar documents
Number Theory Proof Portfolio

The Euclidean Algorithm and Multiplicative Inverses

Finite Fields. Mike Reiter

COMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635

8 Primes and Modular Arithmetic

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

Arithmetic Algorithms, Part 1

Basic elements of number theory

Basic elements of number theory

CPSC 467b: Cryptography and Computer Security

11 Division Mod n, Linear Integer Equations, Random Numbers, The Fundamental Theorem of Arithmetic

3 The fundamentals: Algorithms, the integers, and matrices

Some Facts from Number Theory

Algorithms (II) Yu Yu. Shanghai Jiaotong University

CPSC 467: Cryptography and Computer Security

ECE 646 Lecture 5. Mathematical Background: Modular Arithmetic

Discrete Mathematics and Probability Theory Fall 2018 Alistair Sinclair and Yun Song Note 6

Integers and Division

Module 1. Integers, Induction, and Recurrences

4 Number Theory and Cryptography

With Question/Answer Animations. Chapter 4

CHAPTER 3. Congruences. Congruence: definitions and properties

Intermediate Math Circles February 26, 2014 Diophantine Equations I

Elementary Number Theory Review. Franz Luef

Discrete Mathematics and Probability Theory Fall 2013 Vazirani Note 3

Exercises Exercises. 2. Determine whether each of these integers is prime. a) 21. b) 29. c) 71. d) 97. e) 111. f) 143. a) 19. b) 27. c) 93.

The set of integers will be denoted by Z = {, -3, -2, -1, 0, 1, 2, 3, 4, }

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

Algebra. Modular arithmetic can be handled mathematically by introducing a congruence relation on the integers described in the above example.

4 Powers of an Element; Cyclic Groups

2 Arithmetic. 2.1 Greatest common divisors. This chapter is about properties of the integers Z = {..., 2, 1, 0, 1, 2,...}.

1. multiplication is commutative and associative;

Discrete Mathematics and Probability Theory Summer 2014 James Cook Note 5

Solution Sheet (i) q = 5, r = 15 (ii) q = 58, r = 15 (iii) q = 3, r = 7 (iv) q = 6, r = (i) gcd (97, 157) = 1 = ,

Homework #2 solutions Due: June 15, 2012

18 Divisibility. and 0 r < d. Lemma Let n,d Z with d 0. If n = qd+r = q d+r with 0 r,r < d, then q = q and r = r.

Modular Arithmetic Instructor: Marizza Bailey Name:

7.4 DO (uniqueness of minimum-cost spanning tree) Prove: if all edge weights are distinct then the minimum-cost spanning tree is unique.

Algorithms CMSC Homework set #1 due January 14, 2015

Part V. Chapter 19. Congruence of integers

Chapter 4 Finite Fields

Mat Week 8. Week 8. gcd() Mat Bases. Integers & Computers. Linear Combos. Week 8. Induction Proofs. Fall 2013

The next sequence of lectures in on the topic of Arithmetic Algorithms. We shall build up to an understanding of the RSA public-key cryptosystem.

COT 3100 Applications of Discrete Structures Dr. Michael P. Frank

Lecture Notes. Advanced Discrete Structures COT S

Student Responsibilities Week 8. Mat Section 3.6 Integers and Algorithms. Algorithm to Find gcd()

Chapter 5. Number Theory. 5.1 Base b representations

Notes on Systems of Linear Congruences

Greatest Common Divisor MATH Greatest Common Divisor. Benjamin V.C. Collins, James A. Swenson MATH 2730

1 Overview and revision

Lecture 4: Number theory

ALGEBRA. 1. Some elementary number theory 1.1. Primes and divisibility. We denote the collection of integers

Part I, Number Systems. CS131 Mathematics for Computer Scientists II Note 1 INTEGERS

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry. Spring 2006

cse 311: foundations of computing Spring 2015 Lecture 12: Primes, GCD, applications

CISC-102 Fall 2017 Week 6

Know the Well-ordering principle: Any set of positive integers which has at least one element contains a smallest element.

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Discrete Math, Fourteenth Problem Set (July 18)

Discrete Mathematics GCD, LCM, RSA Algorithm

INTEGERS. In this section we aim to show the following: Goal. Every natural number can be written uniquely as a product of primes.

4. Number Theory (Part 2)

Mathematical Foundations of Cryptography

cse 311: foundations of computing Fall 2015 Lecture 12: Primes, GCD, applications

CSE 20 DISCRETE MATH. Winter

CMPUT 403: Number Theory

CMSC Discrete Mathematics SOLUTIONS TO SECOND MIDTERM EXAM November, 2005

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

12x + 18y = 50. 2x + v = 12. (x, v) = (6 + k, 2k), k Z.

MONOALPHABETIC CIPHERS AND THEIR MATHEMATICS. CIS 400/628 Spring 2005 Introduction to Cryptography

a the relation arb is defined if and only if = 2 k, k

Chapter 3 Basic Number Theory

Remainders. We learned how to multiply and divide in elementary

Number theory (Chapter 4)

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Lecture 6: Introducing Complexity

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

3.2 Solving linear congruences. v3

Number Theory Basics Z = {..., 2, 1, 0, 1, 2,...} For, b Z, we say that divides b if z = b for some. Notation: b Fact: for all, b, c Z:

Notes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I

Introduction to Sets and Logic (MATH 1190)

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

CISC-102 Winter 2016 Lecture 11 Greatest Common Divisor

ICS141: Discrete Mathematics for Computer Science I

Math 131 notes. Jason Riedy. 6 October, Linear Diophantine equations : Likely delayed 6

Outline. Number Theory and Modular Arithmetic. p-1. Definition: Modular equivalence a b [mod n] (a mod n) = (b mod n) n (a-b)

CSE 311 Lecture 13: Primes and GCD. Emina Torlak and Kevin Zatloukal

Direct Proof MAT231. Fall Transition to Higher Mathematics. MAT231 (Transition to Higher Math) Direct Proof Fall / 24

not to be republished NCERT REAL NUMBERS CHAPTER 1 (A) Main Concepts and Results

Chapter 1. Greatest common divisor. 1.1 The division theorem. In the beginning, there are the natural numbers 0, 1, 2, 3, 4,...,

PUTNAM TRAINING NUMBER THEORY. Exercises 1. Show that the sum of two consecutive primes is never twice a prime.

NOTES ON SIMPLE NUMBER THEORY

Elementary Algebra Chinese Remainder Theorem Euclidean Algorithm

Numbers, Groups and Cryptography. Gordan Savin

Math 4400/6400 Homework #8 solutions. 1. Let P be an odd integer (not necessarily prime). Show that modulo 2,

Math.3336: Discrete Mathematics. Primes and Greatest Common Divisors

MATH 433 Applied Algebra Lecture 4: Modular arithmetic (continued). Linear congruences.

Applied Cryptography and Computer Security CSE 664 Spring 2017

Transcription:

Algorithms CMSC-27200 Basic algorithms in Number Theory: Euclid s algorithm and multiplicative inverse Instructor: László Babai Last updated 02-14-2015. Z denotes the set of integers. All variables in this note range over Z. 1 Divisibility, definition of gcd Definition 1.1 (divisibility). We say that a divides b (written as a b) if ( x)(ax = b). Exercise 1.2. Prove: (a) d divides all numbers d = ±1. (b) All numbers 1 divide z z = 0. Exercise 1.3. Prove: (a) If d a and d b then d a ± b. (b) If a b c then a c (transitivity of divisibility). Let Div(a) denote the set of divisors of the number a. For instance, Div( 6) = {±1, ±2, ±3, ±6}. (1) Exercise 1.4. Prove: (a) Div(a) = Div( a). (c) If a 0 then Div(a) is a finite set. (b) Div(0) = Z Let Div(a, b) = Div(a) Div(b). So Div(a, b) is the set of common divisors of a and b. Definition 1.5 (gcd). We say that d is a greatest common divisor of a and b if (i) d a and d b (: d is a common divisor of a and b :) (ii) ( e)( if e a and e b then e d) (: d is divisible by all common divisors of a and b :) So d is greatest in the sense of divisibility. We rephrase the definition. The following exercise is central to our discussion. Exercise 1.6. Prove: d is a greatest common divisor of a and b if and only if Div(a, b) = Div(d), (2) i. e., the common divisors of a and b are precisely the divisors of d. 1 Part (b) of Ex. 1.2 includes the fact that 0 0. The reader may be puzzled: did we overrule the prohibition agains division by zero? No, we did not: the definition of divisibility (Def. 1.1) does not involve division, only multiplication. So 0 0 because there exists x such that 0 x = 0 (for instance, x = 17 is a solution). 1

Note that if the number d satisfies either definition then so does d. To make the gcd notation unique, we additionally require gcd(a, b) 0. We defined gcd(a, b) by a wish-list; we need to prove that such a d always exists. The proof will be algorithmic: it will not only prove the existence of such d but also give an efficient way to calculate d. Theorem 1.7. Every pair of numbers has a greatest common divisor. First we settle some special cases. Exercise 1.8. Div(a, 0) = Div(a). Therefore gcd(a, 0) exists and is equal to a. (Note in particular that gcd(0, 0) = 0.) Exercise 1.9. Div(a, a) = Div(a). Therefore gcd(a, a) exists and is equal to a. We also note that Exercise 1.10. (a) Div(a) = Div( a ) (c) Div(a, b) = Div(b, a). (b) Div(a, b) = Div( a, b ) The key lemma to the proof of Theorem 1.7 is the following. Exercise 1.11 (Euclid s Lemma, modern version). Div(a, b) = Div(a b, b). It follows by induction on k that Exercise 1.12. For all k we have Div(a, b) = Div(a kb, b). To make the algorithm efficient, we need to review the Division Theorem. Exercise 1.13 (Division Theorem). ( a, b)( if b 0 then ( q, r)(a = bq + r and 0 r < b ) (Prove by induction on a.) The quantity q is the integer quotient and r is the least non-negative remainder. Notation 1.14. We use r = (a mod b) to denote the smallest non-negative remainder of a divided by b. For instance, 2 = (30 mod 7) = (30 mod 7) and 5 = ( 30 mod 7). This is the L A TEX code 2 for such expressions: $5 = (-30 \bmod{7})$ 2 Proof of existence of gcd: Euclid s algorithm To prove Theorem 1.7, we pick two numbers a, b of which we wish to compute the gcd. By Ex. 1.10 we may assume a b 0. 2 The pronunciation of the term L A TEX is not latex (the source of natural rubber or rubbery synthetic materials). It derives from TEX, the typesetting system created by Donald Knuth, on which L A TEX is built. As professor Knuth explains in his TEXBook, the three letters are not the Roman T, E, X but the Greek τ, ɛ, χ and should be pronounced like the first syllable in words like technical or technology. 2

Procedure: Euclid s algorithm Input: integers a b 0 Output: gcd(a, b) Pseudocode A. 0 Initialize: A := a, B := b 1 while B 1 do 2 R := (A mod B) [Division Theorem] 3 A := B, B := R 4 end(while) 5 return A Exercise 2.1. Prove that the algorithm terminates in a finite number of steps. The correctness of the algorithm follows from the following loop invariant: Div(A, B) = Div(a, b). Exercise 2.2. Prove that this is indeed a loop invariant. Given this loop invariant, we conclude that when looping terminates (i. e., when B = 0) we have Div(a, b) = Div(A, 0) = Div(A), so the returned value A qualifies as gcd(a, b) by Ex. 1.6. This completes the proof of correctness of Euclid s algorithm and thereby the proof of Theorem 1.7 (that gcd exists). The efficiency of the algorithm follows from the following observation: Exercise 2.3. (a) Let B i be the value of B produced after the i-th iteration of the while loop, starting with B 0 = b. Prove: for all i we have B i+2 B i /2. (b) Suppose b has n digits in binary. Then Euclid s algorithm terminates in 2n rounds. Exercise 2.4 (Division algorithm). If A and B are positive integers with n binary digits then A mod B can be computed in O(n 2 ) bit operations. Therefore the total number of bit-operations is O(n 3 ), so this is a polynomial-time algorithm. (Good job, Euclid!) Exercise 2.5. (a) Modify the Division Theorem so r satisfies b /2 < r b /2 (remainder with least absolute value). (b) Show that if in Euclid s algorithm we use remainders with least absolute value, the process terminates in n rounds (where, as before, n is the number of binary digits of b). Exercise 2.6 (Euclid s Lemma, original version). gcd(a, b) = gcd(a b, b). 3

3 Recursive implementation We now give an alternative, recursive implementation of Euclid s algorithm. The non-recursive code is preferred. Pseudocode B: recursive. 0 procedure gcd(a, b) (a b 0) 1 if b = 0 then return a 2 else r := (a mod b) [Division Theorem] 3 return gcd(b, r) Exercise 3.1. Analyse this version of the algorithm. 4 Gcd as linear combination Definition 4.1. A linear combination of the numbers a, b is a number of the form au + bv. (As everywhere in this note, all numbers mentioned are integers.) A fundamental result about the gcd says that it can be written as a linear combination: Theorem 4.2. ( a, b)( u, v)(gcd(a, b) = au + bv) For instance, gcd(72, 52) = 4 = 72 ( 5) + 52 7 Exercise 4.3. Prove Theorem 4.2 by induction on a + b. Hint: use Euclid s Lemma. Exercise 4.4. Prove: if d is a common divisor of a and b and d is a linear combination of a and b then d is a greatest common divisor of a and b (i. e., d = gcd(a, b)). 5 Congruence, modular arithmetic Definition 5.1 (Congruence). We say that a is congruent 3 to b modulo m if m a b. Notation: a b (mod m). The notation in L A TEX: $a\equiv b \pmod{m}$ Exercise 5.2. Prove that congruence modulo m is an equivalence relation on Z. The equivalence classes are called residue classes mod m. If m 0 then there are exactly m residue classes mod m. NOTE: a and b belong to the same residue class modulo m if and only if a b (mod m). Exercise 5.3. Prove: if a x (mod m) and b y (mod m) then a ± b x ± y (mod m) and ab xy (mod m). Exercise 5.4. Prove: If a b (mod m) then gcd(a, m) = gcd(b, m). In other words, all members of a residue class mod m have the same gcd with the modulus. 3 The text uses the term a is equivalent to b modulo m. This is not the commonly used term in this context. Please use congruent. 4

6 Multiplicative inverse Definition 6.1. We say that x is a multiplicative inverse of a modulo m if ax 1 (mod m). Exercise 6.2. Suppose x is a multiplicative inverse of a modulo m. Then y is a multiplicative inverse of a modulo m if and only if y x (mod m). So the multiplicative inverse is unique modulo m. We denote the least positive multiplicative inverse of a by (a 1 mod m). So for instance (3 1 mod 17) = 6. Theorem 6.3. The number a has a multiplicative inverse mod m gcd(a, m) = 1. The direction of the proof is easy. Exercise 6.4. Prove: if a b (mod m) and d m then a b (mod d). Exercise 6.5. Prove the direction of Theorem 6.3. Hint: let d = gcd(a, m). Suppose x is a multiplicative inverse of a modulo m. So ax 1 (mod d). But ax 0 (mod d). So 1 0 (mod d). Exercise 6.6. Prove the direction of Theorem 6.3. Hint: apply Theorem 4.2 (gcd as linear combination) to a and m. 7 Computing the multiplicative inverse Next we shall learn how to use Euclid s algorithm to efficiently compute the multiplicative inverse. We illustrate this on the example of computing x = (13 1 mod 18). gcd(18, 13) = 1, so x exists. We can establish that gcd(18, 13) = 1 through the following sequence of remainders: 18, 13, 5, 3, 2, 1, 0 (namely, 18 = 13 1+5, 13 = 5 2+3, 5 = 3 1+2, 3 = 2 1+1, 2 = 1 2+0). Consider now the following congruences. Both of these are true for x = (13 1 mod 18). 18x 0 (mod 18) 13x 1 (mod 18) (3) Subtracting the second from the first, we obtain 5x 1 (mod 18) (4) Subtracting twice this congruence from the preceding one, we obtain 3x 3 (mod 18) (5) Subtracting this congruence from the preceding one, we obtain 2x 4 (mod 18) (6) Subtracting this congruence from the preceding one, we obtain 5

x 7 (mod 18) (7) So the solutions are those values of x that are congruent to 7 modulo 18. In particular, (13 1 mod 18) = 7. (Verify!) REMARK. Let us review the logic of this argument. We started from the pair of congruences (3) and from these we deduced congruence (6). Does this mean that x is a multiplicative inverse of 13 modulo 18 if and only if x 7 (mod 18)? NO. What it means is this: IF x is a multiplicative inverse of 13 modulo 18 THEN x 7 (mod 18). This argument does NOT in itself prove that x = 7 or x = 25 or x = 11 etc. are solutions. What we proved is that ONLY these numbers (those that are congruent to 7 modulo 18) can be solutions. But Theorem 6.3 guarantees that a solution EXISTS. So we knew from the beginning that the number x we are looking for exists. We concluded that x must belong to the residue class of numbers that are 7 (mod 18). Does that mean that for instance x = 7 is a solution? This is now guaranteed by Exercise 6.2 which says in particular that the multiplicative inverses form an entire residue class modulo 18. So if there is a number in the residue class x 7 (mod 18) that is a multiplicative inverse of 13 modulo 18 then all numbers in this residue class (including 7, 25, 11, etc.) are. So it is a combination of the calculations above with Theorem 6.3 and Exercise 6.2 that guarantee that every number 7 (mod 18) is a multiplicative inverse of 13 modulo 18, and no number outside this residue class is. We found all solutions. Was it necessary to verify our solution at the end? Not if we are confident that we did not make an arithmetic error. The residue class x 7 (mod 18) is guaranteed to consist precisely of the multiplicative inverses of 13 modulo 18. The only purpose of the verification is to check we did not make an error in the calculations. The next exercise asks you to turn the scheme we used above to calculate (13 1 mod 18) into an algorithm. Exercise 7.1. Suppose gcd(a, m) = 1. Design an efficient algorithm that finds (a 1 mod m). Write your algorithm in elegant pseudocode. Do not use recursion. Hint: your code should be a modification of Pseudocode A. Your algorithm should be as efficient as Euclid s (within a constant factor). Exercise 7.2. Given a and b, write gcd(a, b) as a linear combination of a and b. Design an efficient algorithm to do so. Explain your algorithm in concise, unambiguous English, no pseudocode required. Hint. Here is an example: Let a = 72 and b = 52. Then gcd(a, b) = 4. We need to find u, v such that 4 = 72u + 52v. Divide each side of this equation by 4; we get 1 = 18u + 13v. So v must be a multiplicative inverse of 13 modulo 18. (Why?) So take v = 7 (computed above), and find u. (Compare with the example given after Theorem 4.2.) 6

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback