1 / 191

Introduction to Number Theory and Cryptography

Learn the foundational concepts of number theory and their application in cryptography, the art of secure message encryption. Understand the notions of divisibility, prime and composite numbers, common divisors, and the greatest common divisor (GCD).

eshaver
Télécharger la présentation

Introduction to Number Theory and Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 00 Introducing Foundations

  2. Elementary Number-Theoretic Notions An important application of number-theoretic algorithms is in cryptography, which is the discipline concerned with encrypting a message sent from one party to another, so that someone who intercepts the message will not be able to decode it. Let the set Z = { …., -2, -1, 0, 1, 2, 3, ….} of integers. Let the set N = {0, 1, 2, 3, ….} of natural numbers. The notation d | a (read “d divides a”) means that a = k*d for some integer k.

  3. Every integer divides 0. If a > 0 and d | a, then | d | ≤ | a |. If d | a, then a is a multiple of d. If d does not divide a, we write d| a. If d | a and d ≥ 0, then d is a divisor of a. d | a if and only if -d | a. There is no loss of generality by defining the divisors to be nonnegative, with the understanding that the negative of any divisor of a also divides a. A divisor of a nonzero integer a is at least 1 but not greater than |a|. For example, the divisors of 24 are 1, 2, 3, 4, 6, 8, 12 and 24. Every integer a is divisible by the trivial divisors 1 and a. Nontrivial divisors of a also called factors of a. For example, the factors of 24 are 2, 3, 4, 6, 8 and 12. And the factors of 20 are 2, 4, 5 and 10.

  4. Before addressing Euclid’s algorithm for greatest common advisor, let recall and go over some of the fundamental concept of algorithm: An algorithm is a sequence of unambiguous instructions for solving a problem, i.e., for obtaining a required output for any legitimate input in a finite amount of time.

  5. Solution for a given Problem? design input Algorithm output specifications (a way for finding its solu.) specifications encode Program Input “computer” Program output Program code Figure 1.01.1 Notion of Algorithm

  6. Several characteristics of Algorithms: • The non-ambiguity requirement for each step of an algorithm cannot be compromised. [non-ambiguity step] Prime Factorization in Middle School Procedure for computing gcd(m, n) is defined ambiguously • The range of inputs for which an algorithm works has to be specified carefully. [Well-specified inputs’ range] Consecutive integer checking algorithm for computing gcd(m, n) does not work correctly when one of the input numbers is zero. • The same algorithm can be represented in several different ways. [Different ways for specifying an algorithm] Euclid’s algorithm can be defined recursively or non-recursively.

  7. Several characteristics of Algorithms: • … • Several algorithms for solving the same problem may exist. [Several algorithms for a problem] Euclid, Consecutive integer checking and Middle school procedure for computing gcd(m, n) • Algorithms for the same problem can be based on very different ideas and can solve the problem with dramatically different speeds. [Various Speeds of different Algorithms for solving the same problem]For m > n > 0, the number of recursive calls for Euclid algorithm is O(log n). • For the worst case number of recursive calls for the Euclid algorithm is O(s t). where s = └ log m ┘ + 1 bits and t = └ log n ┘ + 1 bits. The run time complexity is O((log m)(log n) bit operations.

  8. Let Z = { …, -2, -1, 0, 1, 2, …} is the set of integers. Let N = { 0, 1, 2, ….} be the set of natural numbers. Prime and Composite Numbers An integer a > 1, whose only divisors are the trivial divisors 1 and a, is said to be a prime number (or, more simply, a prime). A prime number has no factors. There are infinitely many primes (prove!). The first 20 primes, in order, are 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71. An integer a > 1 that is not prime is said to be a composite number (or more simply, a composite). For example, 39 is composite because 3 | 39 and 13 | 39. That is, it is because 39 has the divisors 3 and 13. A composite number has at least one factor. The integer 1 is said to be a unit and is neither prime nor composite. The integer 0 and all negative integers are neither prime nor composite.

  9. Common Divisors and Greatest Common Divisor (GCD) If n is a divisor of x (denoted n | x) and n is also divisor of y (denoted n | y), then n is the common divisor of x and y. Example: The common divisors of 24 and 30 are 1, 2, 3 and 6. An important property of common divisors is that n | x and n | y implies that n | (x + y) and n | (x – y). (a0.2) Proof: n | x implies that x = n * q; n | y implies that y = n * Q. Then (x + y) = (n * q + n * Q) = n * (q + Q) which is divisible by n to yield the product (q + Q). Thus n | (x + b). x

  10. Theorem 0.2 If d | a and d | b, then for integers i and j, d | (ia + jb) Proof: Since d | a and d | b, there exists integers m and n such that a = md and b = nd. Therefore, for any integer i and j, (ia + jb) = imd + jnd = (im + jn)d which means d | (ia + jb), because d |(im + jn)d. QED Take 6|24 and 6|30. 24=4*6 and 30 = 5*6. (i*24+j*30) = i*4*6 + j*5*6 = (i*4 + j*5)6. That is, 6|(i*24+j*30).

  11. If x | y, then either |x| ≤ |y| or y = 0, which implies that x | y and y | x implies that x = y. (a0.4) Proof: If x | y then either |x| ≤ |y| or y = 0. If y | x then either |y| ≤ |x| or x = 0. This implies that {|x| ≤ |y| and |y| ≤ |x|} or {y = 0 and x = 0} which both implies x = + y.

  12. If x and y are both nonzero, then the greatest common divisor of x and y, denoted gcd(x, y) is the largest integer that divides both of them. This integer is between 1 and min(|x|, |y|). Example 0.26: The positive divisors of 24 are 1, 2, 3, 4, 6, 8, 12 and 24. The positive divisors of 30 are 1, 2, 3, 5, 6, 10, 15 and 30. So the common positive divisors of 24 and 30 are 1, 2, 3 and 6. The greatest common divisor of 24 and 30 (denoted gcd(24, 30)) is 6. Based on Thm 0.2, since 6|24 and 6|30 then 6|(i*24 + j*30) for any integers i and j. The reason is that this can be written 6|i*24 and 6|j*30.

  13. We define gcd(0, 0) = 0. This definition is necessary to make standard properties of the gcd function (such as gcd(x, 0) = |x| ) universally valid. The following are elementary properties of the gcd function: gcd(a, b) = gcd(b, a), gcd(a, b) = gcd(-a, b), gcd(a, b) = gcd(|a|, |b|), gcd(a, 0) = |a|, and gcd(a, ka) = |a|, for k ɛ Z = { …., -2, -1, 0, 1, 2, …} of integers.

  14. The following theorem states that if x and y are any integers, not both zero, then gcd(x, y) is the smallest positive element of the set {ix + jy | i, j Z} of linear combination of x and y. Theorem 0.3 Let x and y be integers, not both 0. Let d = min{ix + jy | i, j Z and ix + jy > 0}. That is, d is the smallest positive linear combination of x and y. Then d = gcd(x, y). gcd(24, 30) = d = min{-1*24+1*30, 1*24+0*30, 0*24+1*30, ….} which is 6.

  15. Proof: Let i and j be the integers that yield the minimal value d. That is, d = ix + jy(> 0, by Thm 0.3). Let q and r be the quotient and remainder, respectively, of dividing x by d. Then owing to Equality 0.1 and the fact that d is positive, x = q*d + r and 0 ≤ r < d. Therefore, we have r = x – q*d= x – q(ix + jy) = x(1 – qi) + y(-qj), which means that r is a linear combination of x and y. Since d is the smallest positive linear combination of x and y, and also r < d, we conclude r = 0, which means d | x. Similarly, d | y. Therefore d is a common division of y and x, which means d ≤ gcd(x, y). On the other hand, since the gcd(x, y) divides both x and y, theorem 0.2, gcd(x, y) | ix + jy. Since d = ix + jy, these imply that gcd(x, y) | d. We conclude d ≥ gcd(x, y). Combining these last two inequalities, we have d = gcd(x, y). QED

  16. Example 0.27: We have that gcd(12, 8) = 4, and 4 = min { 0 < 4(i*3 + j*2) } This implies that (i*3 + j*2) = 1, when (i = 1, j = -1), or (i = -1, j = 2), or (i = 3, j = -4), or (i = -3, j = 5), or (i = 5, j = -7), or (i = -5, j = 8), or … Note that if gcd(x, y) = d, then {ix + jy} = {d ( + )}. Example 0.28: Let a = 60, b = 24. For i, j Z and 0 < ix + jy = i * 60 + j * 24 = 12(i * 5 + j * 2). This implies that (i * 5 + j * 2) > 0. We observe that 12(i * 5 + j * 2) has a minimum value if . 0 < (i * 5 + j * 2) = 1. That is, when (i = 1 and j = -2), or (i = -1 and j = 3), or (i = 3 and j = -7), or (i = -3 and j = 8), or (i = 5 and j = -12), or (i = -5 and j = 13), or or (i = 7 and j = -17), or (i = -7 and j = 18), etc. 4 = 1(12) + (-1)8 > 0 or -1(12)+2*8 > 0, 3(12) + (-4)8, … No matter what i and j are, 4 is the smallest. gcd(60, 24) d=12= min{1*60 + (-2)*24, 3*60 + (-7)*24, …. }

  17. Corollary 0.3.1 For any integers x and y, if d | x and d | y, then d | gcd(x, y). Proof: This corollary follows from equation (a0.3) (that is, Theorem 0.2), because gcd(x, y) is a linear combination of x and y by Theorem 0.3. QED This Corollary 0.3.1 states: Suppose x and y are integers, not both 0. Then every common divisor of x and y is a divisor of gcd(x, y).

  18. Example 0.29: The positive divisors of 24 are 1, 2, 3, 4, 6, 8, 12 and 24. The positive divisors of 30 are 1, 2, 3, 5, 6, 10, 15 and 30. So the common positive divisors of 24 and 30 are 1, 2, 3 and 6. The value of gcd(24, 30) is 6. As Corollary 0.3.1 implies that 1, 2, 3, and 6 all divide 6.

  19. Corollary 0.3.2 For all integer x and y and any non-negative integer n, gcd(nx, ny) = n*gcd(x, y). Proof: if n = 0, the corollary is trivial. If n > 0, then gcd(nx, ny) is the smallest positive element of the set {anx + bny | a, b Z}, which is n times the smallest positive element of the set {ax + by | a, b Z }. QED

  20. Corollary 0.3.3 For all positive integers n, x and y if n | xy and gcd(x, n) = 1 then n | y. Proof: Since gcd(a, n) = 1, a and n are relatively prime. That is, a is indivisible by n. But n | ab implies that n | b for a is indivisible by n. QED

  21. Relatively prime integers Two integers a and b are relatively prime if their only common divisor is 1, that is, if gcd(a, b) = 1. For example, 8 and 15 are relatively prime, since the divisors of 8 are 1, 2, 4, and 8, and the divisors of 15 are 1, 3, 5, and 15.

  22. Greatest Common Divisor (GCD) Describe Euclid’s algorithm for efficiently computing the greatest common divisor of two given integers, not both zero. Later, when analyze the running time, we shall see a connection with the Fibonacci numbers, which yield a worst-case input for Euclid’s algorithm. Let restrict both a and b are nonnegative integers, since gcd(a, b) = gcd(|a|, |b|),

  23. Theorem 0.4 (GCD Recursion Theorem) For any nonnegative integer a and any positive integer b, gcd(a, b) = gcd(b, a mod b). Proof: We need to show that gcd(a, b) and gcd(b, a mod b) divide each other, so that by equation (a0.4) they must be equal (since they are both non-negative). We first show that gcd(a, b) | gcd(b, a mod b). Let d = gcd(a, b), then d | a and d | b. (a mod b) = a – q*b, where q = └ a / b ┘. Since (a mod b) is thus a linear combination of a and b, equation (a0.3) (that is, Theorem 0.2) implies that d | (a mod b). Therefore, since d | b and d | (a mod b), Corollary 0.3.1 implies that d | gcd(b, a mod b) or equivalently, that gcd(a, b) = gcd(b, a mod b). (T0.4A)

  24. Similarly we show that gcd(b, a mod b) | gcd(a, b). Let d = gcd(b, a mod b), then d | b and d | (a mod b). Since a = q*b + (a mod b), where q = └ a / b ┘, we have that a is a linear combination of b and (a mod b). By equation (a0.3), we concluded that d | a. since d | b and d | a, we have d | gcd(a, b) by Corollary 0.3.1 or, equivalently, that gcd(b, a mod b) | gcd(a, b). (T0.4.B) Using equation (a0.4) to combine equations (T0.4A) and (T0.4B) completes the proof. QED

  25. a = q*b + (a mod b), 64 = 2 * 24 + 16 24 = 1*16 + 8 16 = 2 * 8 + 0 8 = 0 * 0 + 8 Example 0.30: According to the previous theorem, gcd(64, 24) = gcd(24, 16) because 16 = 64 mod 24. We can continue in this manner to determine gcd(64, 24). That is, gcd(64, 24) = gcd(24, 16) note that gcd(24, 64) = gcd(64, 24) = gcd(16, 8) = gcd(8, 0) = 8.

  26. Euclid’s Algorithm for Computing Common Divisor Theorem 0.4 gives us a straightforward method for determining the greatest common divisor of two integers. The example above illustrates the method. To find the gcd(m, n) we recursively apply the equality in the theorem 0.4 until n = 0, and then return m. This method is called Euclid’s Algorithm for it was developed by Euclid around 300 B.C.

  27. Euclid’s algorithmfor computing gcd(m, n), which is based on repeatedly applying the equality gcd(m, n) = gcd(n, m mod n), where m mod n is the remainder of m/n, until (m mod n) = 0. Since gcd(m, 0) = m, the last value of m is also the greatest common divisor of the initial m and n.

  28. Example 0.31: gcd(60, 24) = gcd(24, 12) = gcd(12, 0) = 12. gcd(17, 15) = gcd(15, 2) = gcd(2, 1) = gcd(1, 0) = 1 gcd(37, 8) = gcd(8,5) = gcd(5,3)= gcd(3, 2) = gcd(2, 1) = gcd(1,0) = 1 gcd(37,10) = gcd(10, 7) = gcd(7,3 )= gcd(3, 1) = gcd(1,0)=1

  29. Recall: • Several characteristics of Algorithms: • … • The same algorithm can be represented in several different ways. [Different ways for specifying an algorithm]Euclid’s algorithm can be defined recursively or non-recursively. • Algorithms for the same problem can be based on very different ideas and can solve the problem with dramatically different speeds. [Various Speeds of different Algorithms for solving the same problem.] For m > n > 0, the number of recursive calls for Euclid algorithm is O(log n).

  30. Algorithm Euclid (m, n) //Compute gcd(m, n) by Euclid’s algorithm Input: two non-negative m and n, not both zero integers Output: the greatest common divisor of m and n while n ≠ 0 do { if (n = = 0) r ← m mod n; then return m m ← n; else Euclid(n, m mod n) n ← r;} return m.

  31. Example 0.32: Find the greatest common divisor of two integers, 7,276,500 and 3,185,325. gcd(7,276,500, 3,185,325) = gcd(3,185,325, 905,850) = gcd(905,850, 467,775) = gcd(467,775, 438,075) = gcd(438,075, 29,700) = gcd(29,700, 22,275) = gcd(22,275, 7,425) = gcd(7,425, 0) = 7,425 It requires 7 recursive calls to get the solution 7,425. Let n = 3,185,325 log n = 21 For the worse case, the number of recursive calls is about 21 times.

  32. gcd(222…, 7425) gcd(72.., 318…) gcd(318…, 905) gcd(7425, 0) Euclid’s Algorithm 7425 gcd(318.., 905…) gcd(7425, 0) gcd(222…, 7425) gcd(905…, 467…)

  33. Definition: An algorithm is said to be correct if, for every input instance, it halts with the correct output. • The algorithm will eventuallyhalt: • The new value of n on the next iteration is m mod n, which is always smaller than n (since 0 ≤ r < n, for r = m mod n). The value of the second number of the pair (m, n) • (which is gcd(m ← n, n ← r) = m mod n.) eventually becomes • 0 and it cannot become negative. The algorithm stops.

  34. Algorithm Euclid (m, n) //Compute gcd(m, n) by Euclid’s algorithm Input: two non-negative m and n, not both zero integers Output: the greatest common divisor of m and n {m > n 0} while n ≠ 0 do { if (n = = 0) r ← m mod n; then return m m ← n; else Euclid(n, m mod n) n ← r;} return m. {d = min{i*m + j*n | i, j Z and i*m + j*n > 0}} { gcd(m, n) = gcd(n, m mod n) is the invariant condition}

  35. Lemma 0.0: If a ≥ b, then a mod b < a/2. • Proof: Consider a ≥ b. Then • b a/2 a • a mod b • or • a/2 b a • a mod b • By observation, either b ≤ a/2 or b > a/2. These two cases are shown in the figure above. • Case 1: If b ≤ a/2, then we have a mod b < b ≤ a/2, since 0 ≤ a mod b < b. • Case 2: If b > a/2, then a mod b = a – b < a/2. [Since a mod b = a – q*b, then q = 1 for b > a/2. Therefore a – b < a/2.] QED.

  36. After two consecutive rounds, both arguments, a and b, are at the very least halved in value. i.e., the length of each a and b decreases by at least one bit (i.e., shift right).If there are initially n-bit integers, then the base case will be reached with 2n recursive calls. i.e., GCD(a, b) = GCD(b, a mod b) = GCD(a mod b, b mod (a mod b)). Since each call involves a quadratic-time division (takes O(n2) bit operations), the total time is 2n * O(n2) = O(n3).

  37. Rationalize: Euclid(n, m mod n), where m mod n < m/2. Let say, m mod n = m/2. Then m mod n reduces m by one bit through right shift. Then Euclid(m mod n, n mod (m mod n) ) where n mod (m mod n) < n/2. This reduces n by one bit through right shift. Assume that both m and n are of n-bit integers. Then 2n recursive calls are needed. Each m/n requires O(n2 ). That is, the total running time is 2n * O(n2 ) = O(n3 ) .

  38. The overall running time of Euclid is proportional to the number of recursive calls it makes. • Our analysis makes use of the Fibonacci numbers Fk, defined by the following recurrence: • Fi = Fi-1 + Fi-2 for i ≥ 2, • F0 = 0, F1 = 1. • Note that, in the following sequel, • F(k) = F(k-1) + F(k-2), k ≥ 2; F(0) = 0 and F(1) = 1 • which is equivalent to write • Fk = Fk-1+ Fk-2 k ≥ 2 and F0 = 0 and F1 = 1.

  39. Lemma 0.1: If m > n ≥ 1 and the invocation Euclid(m, n) performs k ≥ 1 recursive calls, then m ≥ Fk+2 and n ≥ Fk+1, where Fkis the kth number in the Fibonacci sequence.

  40. Proof: The proof is by induction. Induction base: Suppose the call gcd(m, n) results in 1 recursive call. That means, n ≠ 0 and k = 1. Let k = 1. Since n ≥ 1 n ≥ F1+1 = F2 = 1, because F2 = F1 + F0 = 1 + 0 = 1. Since m > n, we have m ≥ 2, which means m ≥ F1+2 = F3 = 2, because F3 = F2 + F1 = 1 + 1 = 2. Since n > (m mod n), in each recursive call the first argument is strictly larger than the second; the assumption that m > n therefore holds for each recursive call.

  41. Induction hypothesis: Assume the lemma is true if k – 1 recursive calls are made. Induction step: We need to show the lemma is true if k ≥ 2 recursive calls are made. That means we need to show m ≥ Fk+2 and n ≥ Fk+1. The first recursive call is gcd(n, m mod n). Since there are k recursive calls in all, this call must require k – 1 recursive calls. Since k ≥ 2, there is at least one more recursive call, which means m mod n ≥ 1. Therefore, since n > m mod n, the conditions of the induction hypothesis are satisfied, which means n ≥ Fk+1 and m mod n ≥ Fk. (e0.1)

  42. So we have arrived at least one of the inequalities we need to show. Towards showing the other, we have m = q*n + m mod n, (e0.2) where q is the quotient of dividing m by n. since m > n, q ≥ 1. Inequality (e0.1) and Equality (e0.2) therefore imply m ≥ n + m mod n ≥ Fk+1+ Fk = Fk+2 . This completes the proof. QED

  43. Note that the induction step also can be written as follows: Assume that the lemma is true if k – 1 recursive calls are made. We shall then prove that it is true for k recursive calls. Since k > 0, we have n > 0, and Euclid(m, n) calls Euclid(n, m mod n) recursively, which in turn makes k -1 recursive calls. The inductive hypothesis then implies that n ≥ Fk+1 (thus proving part of the lemma), and (m mod n) ≥Fk. We have n + (m mod n) = n + (m – └ m / n ┘ * n) ≤ m. Since m > n > 0 implies └ m / n ┘ ≥ 1. Thus, m ≥ n + (m mod n) ≥ Fk+1+ Fk = Fk+2

  44. The following theorem is an immediate corollary of this lemma 0.1. Theorem 0.5 (Lame’s Theorem): For any integer k ≥ 1, if m > n ≥ 1 and n < Fk+1 then the call Euclid(m, n) makes fewer than k recursive calls. Reason: when k = 1, we do not have F2 > F1 for F(2) = F(1) = 1. Therefore we begin k = 2. For the base, k = 2, the call Euclid(F3, F2) = Euclid(2, 1) = Euclid(1, 2 mod 1) makes exactly one recursive call to Euclid(1, 0). By induction, we can show, for k > 2, we have Fk > Fk-1 > 0 and Fk+1 = Fk + Fk-1 and therefore we have Fk+1 mod Fk = Fk-1 . Thus we have Euclid(Fk+1, Fk) = Euclid(Fk, Fk+1 mod Fk) = Euclid(Fk, Fk-1) Therefore the call Euclid(Fk+1, Fk) recurses one time more than the call Euclid(Fk, Fk-1), or exactly k – 1 times, assuming that Euclid(Fk, Fk-1) makes exactly k - 2 recursive calls. QED 0,1,1,2,3,5,8,13,21,… E(21,13) = E(13,21mod13=8) =E(8,5)=E(5,3)=E(3,2)=E(2,1)=E(1,0). 6 recursive calls, one less than F7 = 13

  45. Since Fk is approximately , where is the golden ratio , the number of recursive calls in Euclid is O(log b). Therefore if we call Euclid on two b-bit numbers, then it performs O(b) arithmetic operations and O(b3) bit operations (assuming that multiplication and division of b-bit numbers take O(b2) bit operations). • Complexity of Euclid’s algorithm: By Lame’s theorem you find a first Fibonacci number larger than n. If it is Fk+1 there are fewer than k recursive calls. Thus the number of the recursive calls in Euclid is O(log n), assuming n = 2k. • Anyway the run time complexity is O((log m)(log n)) bit operations.

  46. Consecutive integer checking algorithm for computing gcd(m,n) Principle:Name the smaller number of m and n as t to be the possible common divisor for the given numbers m and n. Test whether m is divisible by t. If not reduce t by one, then test whether m is divisible by the t = t - 1. Repeat this process until m is divisible by the new t. Then we test whether n is divisible by the new t. If yes, then t is the common divisor of m and n. Otherwise, repeat the same process for the smaller t (at least one less than the current t) as the possible common divisor for the given number m and n.

  47. t = min{5, 0}; r = 5 mod 0 implies that r = 5 – 0 – 0 - … - 0 operates infinitely. Step 1: t ← min{m, n}. Step 2: remainder = m mod t. If the remainder is 0, go to Step 3; Otherwise, go to Step 4. Step 3: remainder = n mod t. If the remainder of n mod t is 0, return t as the answer and stop; otherwise, proceed to Step 4. Step 4: Decrease the value of t by 1. Go to Step 2.

  48. This algorithm does not work correctly when one of the inputs numbers is zero (why? On Step 2: r = (3, 0) = 3, then go to Step 4. t = 0 – 1 = -1. This fails to work!). • This example illustrates why it is so important to specify the range of an algorithm’s input explicitly and carefully. • Definition: An algorithm is said to be correct if, for every input instance, it halts with the correct output.

  49. Example 0.33: Find gcd(11, 3). • Let m = 11 and n = 3. • Step 1: t = min{ 11, 3} = 3. • Step 2: r = 11 mod 3 = 2 ≠ 0. • Go to Step 4 • Step 4: t = t -1; that is, t = 3 – 1 = 2. • Go to Step 2. • Step 2: r = 11 mod 2 = 1 ≠ 0. • Go to Step 4. • Step 4: t = t -1; that is, t = 2 – 1 = 1. • Go to Step 2. • Step 2: r = 11 mod 1 = 0. • Then go to step 3 • Step 3: r = n mod t; that is r = 3 mod 1 = 0; • then return t = 1 as the answer and stop.

  50. Example 0.35: Another example for finding gcd(16, 12) • Let m = 16 and n = 12 • Step 1: t = min{16, 12}. • Step 2: r = 16 mod 12 = 4 ≠ 0. Go to Step 4. • Step 4: t = t - 1; that is, t = 12 – 1 = 11. • Go to Step 2. • Step 2: r = 16 mod 11 = 5 ≠ 0. Go to Step 4 • Step 4: t = t - 1; that is, t = 11 – 1 = 10. • Go to Step 2. • Step 2: r = 16 mod 10 = 6 ≠ 0. Go to Step 4. • Step 4: t = t - 1; that is, t = 10 – 1 = 9. • Go to Step 2. • Step 2: r = 16 mod 9 = 7 ≠ 0. Go to Step 4 • Step 4: t = t - 1; that is, t = 9 - 1 = 8. • Go to Step 2.

More Related