1 / 20

Greatest Common Divisor

Greatest Common Divisor. We now know that if Z n is a field, then n must be a prime number. Is it true that Z p is a field for all prime p? We will answer the more general question of which elements of Z n have multiplicative inverses (useful for affine ciphers)

makana
Télécharger la présentation

Greatest Common Divisor

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Greatest Common Divisor • We now know that if Zn is a field, then n must be a prime number. • Is it true that Zp is a field for all prime p? • We will answer the more general question of which elements of Zn have multiplicative inverses (useful for affine ciphers) • DefinitionIf m and n are integers, not both zero, the greatest common divisor of m and n, denoted gcd(m,n), is the largest integer that divides both m and n • gcd(0,0) is not defined, since every integer divides 0 • Symbolically: gcd(m,n) = max { k : k | m and k | n } • Example: gcd(24,32) = 8 • Since 1 is a divisor of any integer, gcd(m,n)  1 • If m  0, then gcd(m,n) ≤ |m|

  2. Greatest Common Divisor • We now state some elementary properties of the gcd function 1. For integers m and n, not both zero, gcd(m,n) = gcd(|m|,|n|). 2. If m> 0, then gcd(m,m) = m and gcd(m,0) = m 3. For integers m and n, not both zero, gcd(m,n) = gcd(n,m). 4. For integers m and n, not both zero, gcd(m,n) = gcd(m+kn,n) for any integer k

  3. Euclid’s Greatest Common Divisor Algorithm • Since m mod n = m - m/nn, We can now apply statement 4 and statement 3 to see that gcd(m,n) = gcd(m mod n, n) = gcd(n, m mod n) 5. For integers m and n with n > 0, gcd(m,n) = gcd(n, m mod n). • We can apply statement 5 to derive an algorithm for computing - greatest common divisors • Euclid’s Algorithm: • Input: integers m and n, not both zeroOutput: d = gcd(m,n) • If n == 0 d = |m|elsewhile n  0 c = n n = m mod n m = c d = mreturn d

  4. Euclid’s Greatest Common Divisor Algorithm • Example 1: compute gcd(24,32) • gcd(24,32) = gcd(32,24) = gcd(24,32 mod 24) = gcd(24,8) = gcd(8, 24 mod 8) = gcd(8,0) = 8

  5. Euclid’s Greatest Common Divisor Algorithm • One of the special properties of the greatest common divisor of two numbers is that it can be written as an integer linear combination of the numbers • Example 2: gcd(32,24) = 8 • 32 = 124 + 8 • Thus 8 = 132 + (-1)24 • Example 3: gcd(54,42) 54 = 142 + 12 42 = 312 + 6 12 = 26 + 0, so 6 = gcd(54,42) Using back-substitution: 6 = 142 - 312 and 12 = 154 - 142 Thus 6 = 142 - 3(154 - 142 ) = 442 + (-3)54

  6. Greatest Common as a Linear Combination TheoremLet a and b be integers, not both zero. Then there are integers x and y such that gcd(a,b) = xa + yb. • Why is this result so interesting to us? • Suppose we are looking at an element a of Zn for some n > 1. • If gcd(a,n) = 1, then there are integers x, y such that 1 = xa + yn • Apply the Division Algorithm to find the quotient q and remainder x mod n when dividing x by n • Since x = qn + (x mod n), we have xa = (x mod n)a + qna • Thus 1 = xa + yn = ((x mod n)a + qna) + yn = (x mod n)a + (qa + y)n • Therefore (x mod n)a = 1 – (qa+y)n = 1 (mod n) • Since x mod n < n, we have found a multiplicative inverse for a in Zn.

  7. Greatest Common as a Linear Combination • Suppose p is prime • Since every element in {1,…p-1} is relativel prime to p, we see that there is another element b in Zp such that an b =1. That is, every nonzero element of Zp has a multiplicative inverse in Zp, which means that: • If p is prime, then (Zn , n , n ) is a field. • More importantly, in an affine cipher y = ax + b, we must choose a so that gcd(a,26) = 1.

  8. Extended Euclidean Algorithm • We now want an algorithm that computes not only the gcd(a,b) but also the coefficents x and y so that gcd(a,b) = xa + ybn • This would enable us to compute multiplicative inverses in Zn for general n. • This would be particularly useful for computing the decryption function for an affine cipher • If the affine cipher encryption function is given by y = ax + b, then the decryption function would be x = a-1(y+(-b)), where –b is the additive inverse of b and a-1 is the multiplicative inverse of a in Z26. • Example: Since gcd(9,26) = 1, 9 has an inverse in Z26. • Thus y = 9x + 4 is a valid affine encryption function. • It is easy to see that the multiplicative inverse of 9 in Z26 is 3: 39 = 27 and 27 mod 26 = 1, so 3 26 9 = 1 • Also, additive inverse of 4 in Z26 is 22, since 22 + 4 = 26 and 26 mod 26 = 0 • Thus the corresponding decryption function is x = 3(y+(-4)) = 3(y + 22) = 3y + 3 n 22 = 3y + (66 mod 26) = 3y + 14

  9. Extended Euclidean Algorithm • The idea is to compute a sequence of “remainders” r0, r1, r2, … terminating with the greatest common divisor of the two numbers a and b. • We also want to compute, as we go, coefficients xi and yi such that ri = xia + yib • Actually, r2 will be our first true remainder: we start with r0= a and r1 = b. • It is then obvious what the coefficients should be: x0 = 1, y0 = 0; x1 = 0, y1 = 1 • Why? Because a = 1a + 0b and b = 0a + 1b • Now we set r2 = r0 mod r1 • How do we get the coefficients xi and yi ? From the integer division theorem: • r0 =  r0/ r1r1 + (r0 mod r1) =  r0/ r1r1 + r2 • Thus r2 = r0 -  r0/ r1r1 = (x0a + y0b) -  r0/ r1(x1a + y1b) = (x0-  r0/ r1x1)a + (y0-  r0/ r1y1)b • So we set x2 = x0-  r0/ r1x1 and y2 = y0-  r0/ r1y1 • In general, ri+1 = ri-1 mod ri, xi+1 = xi-1-  ri-1/ rixi, yi+1 = yi-1-  ri-1/ riyi • Notice that when we get rn+1 = 0, then rn = gcd(a,b)

  10. Extended Euclidean Algorithm • So here is the algorithm: r0= a , r1 = b, x0 = 1, y0 = 0; x1 = 0, y1 = 1 (initialization) i = 1 Do the following while ri 0: • ri+1 = ri-1 mod ri, xi+1 = xi-1-  ri-1/ rixi, yi+1 = yi-1-  ri-1/ riyi • i = i+1 return ri-1

  11. Extended Euclidean Algorithm A computationally more appealing method can be derived from the following observation:

  12. Extended Euclidean Algorithm Thus we have the following matrix version of the algorithm: Input: Integers a and b, not both zero Output: Integers x,y and d such that d = gcd(a,b) and d = xa + yb while d1 0 do: d = d0, x = x0, y = y0 return d, x, y

  13. Example 4: a = 52, b = 96 gcd(52,96) = 4 4 = (-11) 52 + 6 96

  14. Relatively Prime Pairs • DefinitionIf gcd(a,b) = 1, then we say that a and b are relatively prime and write a  b • TheoremIf a | bc and a  b, then a | c • Corollary If p is a prime and p | ab then p | a or p | b. • Restating an earlier result: • Integer a  Zn has a n-inverse in Zn if and only if a  n.

  15. Algorithm for Computing b-inverses Recall that if gcd(a,b) = 1, then a has a multiplicative inverse in Zb Moreover, we showed that if 1 = xa + yb, then x mod b is the b-inverse of a Thus, we do not need to compute the y in the extended Euclidean algorithm In fact, we can eliminate the last column of the 2 by 3 matrix in that algorithm. Input: Integers a and b with b > 1. Output: The multiplicative inverse of a mod b. while d1 0 do: if d0  1 return “No inverse” else return x0

  16. Example: Computing b-inverses 4. Compute the multiplicative inverse of 43 in Z56 Thus the 56-inverse of 43 is x = (-13 mod 56) = 56+(-13) = 43

  17. Least Common Multiple LemmaIf a = and b = , where the pts are distinct primes andeach exponent is nonnegative, then gcd(a,b) = DefinitionThe least common multiple of positive integers a and b is the least integer divisible by both a and b. Notation: lcm(a,b) LemmaIf a = and b = , where the pts are distinct primes and each exponent is nonnegative, then lcm(a,b) = TheoremIf a and b are positive integers, then lcm(a,b) =

  18. Modular Arithmetic • DefinitionGiven integers a, b and m > 0, we say a is congruent to b mod m, written a  b (mod m) or a m b, if and only if a mod m = b mod m. • TheoremIf a, b, m are integers with m > 0, then a m b if and only if m | (b-a) • DefinitionA set C of integers is a complete residue system modulo m iff •  integer a  c  C such that a m c •  c, d  C, if c m d then c = d • Thus C is a complete residue system modulo m if and only if every integer is congruent mod m to exactly one element of C. • The set { 0, 1, . . . , m-1 } of remainders mod m is the least nonnegative complete residue system mod m.

  19. Basic Properties of the Congruence Relation TheoremLet m and d be positive integers and a, b, c arbitrary integers. Then (i) a m a (ii) a m b b m a (iii) a m b and b m c a m c (iv) a m b a +c m b +c and ac m bc (v) a m b ad m bd (vi) a m and ab m ac  b m c (vii) gcd(a,b) = d  a/d  b/d (viii) gcd(a,m) = d and ab m ac  bd m cd Note: statement (viii) in the book is false, as is the last statement of the proof! (Let m = 6, a = 2, b = 3 and c = 6).

  20. Homework • Find d = gcd(43,56) and integers x and y such that d = 43x + 56y, using the extended Euclidean algorithm • For this problem, suppose we are using an affine cipher with encryption function y = 9x + 4 • Encrypt the message “nothard”; your answer should be a string of capital letters • Decrypt the message “TAAOEKM”; your answer should be a string of lower case letters

More Related