Greatest Common Divisor

We now know that if Zn is a field, then n must be a prime number.

Is it true that Zp is a field for all prime p?

We will answer the more general question of which elements of Zn have

multiplicative inverses (useful for affine ciphers)

Definition
If m and n are integers, not both zero, the greatest common divisor of m and
n, denoted gcd(m,n), is the largest integer that divides both m and n

gcd(0,0) is not defined, since every integer divides 0

Symbolically: gcd(m,n) = max { k : k | m and k | n }

Example: gcd(24,32) = 8

Since 1 is a divisor of any integer, gcd(m,n) 1

If m 0, then gcd(m,n) |m|

Greatest Common Divisor

We now state some elementary properties of the gcd function

1. For integers m and n, not both zero, gcd(m,n) = gcd(|m|,|n|).

2. If m> 0, then gcd(m,m) = m and gcd(m,0) = m
3. For integers m and n, not both zero, gcd(m,n) = gcd(n,m).
4. For integers m and n, not both zero, gcd(m,n) = gcd(m+kn,n) for any integer k

Euclids Greatest Common Divisor Algorithm

Since m mod n = m - m/n n, We can now apply statement 4 and statement 3 to

see that gcd(m,n) = gcd(m mod n, n) = gcd(n, m mod n)

5. For integers m and n with n > 0, gcd(m,n) = gcd(n, m mod n).

We can apply statement 5 to derive an algorithm for computing - greatest common

divisors

Euclids Algorithm:

Input:
Output:

If n == 0
d = |m|
else
while n 0
c=n
n = m mod n
m=c
d=m
return d

integers m and n, not both zero

d = gcd(m,n)

Euclids Greatest Common Divisor Algorithm

Example 1: compute gcd(24,32)

gcd(24,32)

= gcd(32,24)
= gcd(24,32 mod 24)
= gcd(24,8)
= gcd(8, 24 mod 8)
= gcd(8,0)
=8

Euclids Greatest Common Divisor Algorithm

One of the special properties of the greatest common divisor of two numbers is
that it can be written as an integer linear combination of the numbers

Example 2: gcd(32,24) = 8

32 = 124 + 8

Thus 8 = 132 + (-1)24

Example 3: gcd(54,42)
54 = 142 + 12
42 = 312 + 6
12 = 26 + 0, so 6 = gcd(54,42)
Using back-substitution:
6 = 142 - 312 and 12 = 154 - 142
Thus 6 = 142 - 3(154 - 142 ) = 442 + (-3)54

Greatest Common as a Linear Combination

Theorem
Let a and b be integers, not both zero. Then there are integers x and y
such that gcd(a,b) = xa + yb.

Why is this result so interesting to us?

Suppose we are looking at an element a of Zn for some n > 1.

If gcd(a,n) = 1, then there are integers x, y such that 1 = xa + yn

Apply the Division Algorithm to find the quotient q and remainder x mod n when
dividing x by n

Since x = qn + (x mod n), we have xa = (x mod n)a + qna

Thus
1 = xa + yn
= ((x mod n)a + qna) + yn
= (x mod n)a + (qa + y)n

Therefore (x mod n)a = 1 (qa+y)n = 1 (mod n)

Since x mod n < n, we have found a multiplicative inverse for a in Zn.

Greatest Common as a Linear Combination

Suppose p is prime

Since every element in {1,p-1} is relativel prime to p, we see that there is

another element b in Zp such that a n b =1. That is, every nonzero element of Zp
has a multiplicative inverse in Zp, which means that:

If p is prime, then (Zn , n , n ) is a field.

More importantly, in an affine cipher y = ax + b, we must choose a so that

gcd(a,26) = 1.

Extended Euclidean Algorithm

We now want an algorithm that computes not only the gcd(a,b) but also the
coefficents x and y so that gcd(a,b) = xa + ybn

This would enable us to compute multiplicative inverses in Zn for general n.

This would be particularly useful for computing the decryption function for an affine
cipher

If the affine cipher encryption function is given by y = ax + b, then the decryption

function would be x = a-1(y+(-b)), where b is the additive inverse of b and a-1 is
the multiplicative inverse of a in Z26.

Example: Since gcd(9,26) = 1, 9 has an inverse in Z26.

Thus y = 9x + 4 is a valid affine encryption function.

It is easy to see that the multiplicative inverse of 9 in Z26 is 3:

39 = 27 and 27 mod 26 = 1, so 3 26 9 = 1

Also, additive inverse of 4 in Z26 is 22, since 22 + 4 = 26 and 26 mod 26 = 0

Thus the corresponding decryption function is

x = 3(y+(-4)) = 3(y + 22) = 3y + 3 n 22 = 3y + (66 mod 26) = 3y + 14

Extended Euclidean Algorithm

The idea is to compute a sequence of remainders r0, r1, r2, terminating with
the greatest common divisor of the two numbers a and b.

We also want to compute, as we go, coefficients xi and yi such that

ri = xia + yib

Actually, r2 will be our first true remainder: we start with r0= a and r1 = b.

It is then obvious what the coefficients should be: x0 = 1, y0 = 0; x1 = 0, y1 = 1

Why? Because a = 1a + 0b and b = 0a + 1b

Now we set r2 = r0 mod r1

How do we get the coefficients xi and yi ? From the integer division theorem:

r0 = r0/ r1 r1 + (r0 mod r1) = r0/ r1 r1 + r2

Thus r2 = r0 - r0/ r1 r1 = (x0a + y0b) - r0/ r1 (x1a + y1b)

= (x0 - r0/ r1 x1)a + (y0 - r0/ r1 y1)b

So we set x2 = x0 - r0/ r1 x1 and y2 = y0 - r0/ r1 y1

In general, ri+1 = ri-1 mod ri, xi+1 = xi-1 - ri-1/ ri xi, yi+1 = yi-1 - ri-1/ ri yi

Notice that when we get rn+1 = 0, then rn = gcd(a,b)

Extended Euclidean Algorithm

So here is the algorithm:

r0= a , r1 = b, x0 = 1, y0 = 0; x1 = 0, y1 = 1 (initialization)
i=1
Do the following while ri 0:
ri+1 = ri-1 mod ri, xi+1 = xi-1 - ri-1/ ri xi,
i = i+1

return ri-1

yi+1 = yi-1 - ri-1/ ri yi

Extended Euclidean Algorithm

A computationally more appealing method can be derived from the following
observation:

1 d i 1 xi 1

d i 1

d i d i xi

yi 1

yi

di

d i 1
d
d
i 1 d i i

di

d i 1

xi
xi 1

xi
d i 1
xi 1
xi
di

yi

yi 1

yi
d i 1

yi 1
yi
di

Extended Euclidean Algorithm

Thus we have the following matrix version of the algorithm:
Input:

Integers a and b, not both zero

Output: Integers x,y and d such that d = gcd(a,b) and d = xa + yb

d0
d
1

y0

y1 b

x0
x1

1
0

0
1

while d1 0 do:

d0

x0

d1

x1

d = d0, x = x0, y = y0
return d, x, y

y0

y1 1

d0

d i 1

d1
di
1

x0

y0

x1

y1

1 52

52
96 96

1 96

96
52 52

96

1 52

1 52


0 44

Example 4:

a = 52, b = 96

0 44 1 1
1 52 1

52

2 1
44 44 1 1 8
2 1
1 44 1 1 8

44

2 1 4 11 6
8 8

1 8

8
4 4

1 4


11 6 0
2

gcd(52,96) = 4
4 = (-11) 52 + 6 96

11

24

13

Relatively Prime Pairs

Definition If gcd(a,b) = 1, then we say that a and b are relatively prime

and write a b

Theorem If a | bc and a b, then a | c

Corollary If p is a prime and p | ab then p | a or p | b.

Restating an earlier result:

Integer a Zn has a n-inverse in Zn if and only if a n.

Algorithm for Computing b-inverses

Recall that if gcd(a,b) = 1, then a has a multiplicative inverse in Zb
Moreover, we showed that if 1 = xa + yb, then x mod b is the b-inverse of a
Thus, we do not need to compute the y in the extended Euclidean algorithm
In fact, we can eliminate the last column of the 2 by 3 matrix in that algorithm.
Input:

Integers a and b with b > 1.

Output: The multiplicative inverse of a mod b.

d0
d
1

x0 a

x1 b

1
0

while d1 0 do:

d0

d1

x0

1
x1

if d0 1 return No inverse
else
return x0

d0

d i 1

d
d
i 1
1

x0

x1

Example: Computing b-inverses

4. Compute the multiplicative inverse of 43 in Z56
1 56

56
43 43

13

13

1
1

1 13 1
4


13

1
4
4 4

4
1 4

4
1 1 13

43

1 43 1

43
13 13 1

13
13

56

Thus the 56-inverse of 43 is x = (13 mod 56) = 56+(13) = 43

Least Common Multiple

Lemma
i
i
i2
If a = p11 p2 pkk and b =

p1j1 p2j 2 pk,jkwhere the pts are distinct primes and

each exponent is nonnegative, then

gcd(a,b) =

p1min(i1 , j1 ) p2min(i2 , j 2) pkmin(ik , jk )

Definition
The least common multiple of positive integers a and b is the least integer
divisible by both a and b.
Notation: lcm(a,b)
Lemma
If a = p i1 p i 2 p ik and b = p j1 p j 2 p ,jk where the pts are distinct primes and
1 2
k
1
2
k
each exponent is nonnegative, then
lcm(a,b) =

p1max(i1 , j1 ) p2max(i2 , j 2) pkmax(ik , jk )

Theorem
If a and b are positive integers, then lcm(a,b) =

ab
gcd(a, b)

Modular Arithmetic

Definition
Given integers a, b and m > 0, we say a is congruent to b mod m,
written a b (mod m) or a m b, if and only if a mod m = b mod m.

Theorem
If a, b, m are integers with m > 0, then a m b if and only if m | (b-a)

Definition
A set C of integers is a complete residue system modulo m iff
integer a

c C such that a m c

c, d C, if c m d then c = d

Thus C is a complete residue system modulo m if and only if every

integer is congruent mod m to exactly one element of C.

The set { 0, 1, . . . , m-1 } of remainders mod m is the least nonnegative

complete residue system mod m.

Basic Properties of the Congruence Relation

Theorem
Let m and d be positive integers and a, b, c arbitrary integers. Then
(i)

a m a

(ii)

a m b b m a

(iii)

a m b and b m c a m c

(iv)

a m b a +c m b +c and ac m bc

(v)

a m b a d m bd

(vi)

a m and ab m ac b m c

(vii) gcd(a,b) = d a/d b/d

(viii) gcd(a,m) = d and ab m ac bd m cd
Note: statement (viii) in the book is false, as is the last statement of
the proof! (Let m = 6, a = 2, b = 3 and c = 6).

Homework
1. Find d = gcd(43,56) and integers x and y such that d = 43x + 56y, using the
extended Euclidean algorithm
2. For this problem, suppose we are using an affine cipher with encryption function
y = 9x + 4
(a) Encrypt the message nothard; your answer should be a string of capital
letters
(b) Decrypt the message TAAOEKM; your answer should be a string of lower
case letters