Primes and GCD

Emina Torlak and Kevin Zatloukal

- Modular arithmetic applications
- A quick wrap-up of Lecture 12.
- Primes
- Fundamental theorem of arithmetic, Euclid’s theorem, factoring.
- Greatest Common Divisors (GCD)
- GCD definition and properties.
- Euclidean algorithm
- Computing GCDs with the Euclidean algorithm.
- Extended Euclidean algorithm
- Bézout’s theorem and the extended Euclidean algorithm.

A quick wrap-up of Lecture 12.

- Modular addition property
- Let $m$ be a positive integer ($m \in \Z$ with $m>0$).
- If $\congruent{a}{b}{m}$ and $\congruent{c}{d}{m}$, then $\congruent{a+c}{b+d}{m}$.
- Modular multiplication property
- Let $m$ be a positive integer ($m \in \Z$ with $m>0$).
- If $\congruent{a}{b}{m}$ and $\congruent{c}{d}{m}$, then $\congruent{ac}{bd}{m}$.

- Represent integer $x$ as a sum of $n$ powers of 2:
- If $x = \sum_{i=0}^{n-1} b_i2^i$ where each $b_i\in\{0,1\}$,
- then the representation is $b_{n-1}\ldots b_2 b_1 b_0$.

- Examples:
- $99 = 64 + 32 + 2 + 1$
- $18 = 16 + 2$
- So for $n = 8$:
- $99 = 0110\ 0011$
- $18 = 0001\ 0010$

- If $-2^{n-1} < x < 2^{n-1}$, represent $x$ with $n$ bits as follows:
- Use the first bit as the sign (0 for positive and 1 for negative), and
- the remaining $n-1$ bits as the (unsigned) value.

- Examples:
- $99 = 64 + 32 + 2 + 1$
- $18 = 16 + 2$
- So for $n = 8$:
- $\ \ \,99 = 0110\ 0011$
- $-18 = 1001\ 0010$
- $\ \ \,81 = 0101\ 0001$

The problem with this representation is that our standard arithmetic algorithms no longer work, e.g., adding the representation of -18 and 99 doesn’t give the representation of 81.

- Represent $x$ with $n$ bits as follows:
- If $0 \leq x < 2^{n-1}$, use the $n$-bit unsigned representation of $x$.
- If $-2^{n-1} \leq x < 0$, use the $n$-bit unsigned representation of $2^n + x$.

- Key property:
- Two’s complement representation of any number $y$ is equivalent to $\mod{y}{2^n}$ so arithmetic works $\mod{}{2^n}$.

- Examples:
- $99 = 64 + 32 + 2 + 1$
- $18 = 16 + 2$
- $2^8 - 18 = 256 - 18 = 238 = 128 + 64 + 32 + 8 + 4 + 2$
- $81 = 64 + 16 + 1$

- So for $n = 8$:
- $\ \ \,99 = 0110\ 0011$
- $-18 = 1110\ 1110$
- $\ \ \,81 = 0101\ 0001$

Arithmetic $\mod{}{2^n}$ is easy in hardware: just throw away bits $n+1$ and higher.

For $-2^{n-1} \leq x < 0$, $x$ is represented using the $n$-bit unsigned representation of $2^n + x = 2^n - |x|$. To compute this value:

- Compute the $n$-bit unsigned representation of $|x|$.
- Flip the bits of $|x|$ to get the representation of $2^n-1-|x|$.
- Add 1 to get $2^n - |x|$.

This computation works because $|x|+\overline{|x|}$ is all 1s, which represents $2^n-1$. So we have $\overline{|x|} = 2^n - 1 - |x|$ and $\overline{|x|} + 1 = 2^n - |x|$.

- Example: -18 in 8-bit two’s complement
- 18 in 8-bit unsigned: $0001\ 0010$
- Flip the bits: $1110\ 1101$
- Add 1: $1110\ 1110$

Modular arithmetic is the basis of modern computing, with many applications.

Examples include

- hashing,
- pseudo-random numbers, and
- simple ciphers.

- Problem:
- We want to map a small number of data values from a large domain $\{0, 1, \ldots, M-1\}$ into a small set of locations $\{0, 1, \ldots, n-1\}$ to be able to quickly check if a value is present.
- Solution:
- Compute $\text{hash}(x) = \mod{x}{p}$ for a prime $p$ close to $n$.
- Or, compute $\text{hash}(x) = \mod{ax+b}{p}$ for a prime $p$ close to $n$.
- This approach depends on all of the bits of data the data.
- Helps avoid collisions due to similar values.
- But need to manage them if they occur.

- Linear Congruential method
- $x_{n+1} = \mod{(ax_n + c)}{m}$

Choose $x_0$ randomly and $a, c, m$ carefully to produce a sequence of $x_n$’s.

- Example
- $a = 1103515245, c = 12345, m = 2^{31}$ from BSD
- $x_0 = 311$
- $x_1 = 1743353508, x_2 = 1197845517, x_3 = 1069836226, \ldots$

- Ceasar or shift cipher
- Treat letters as numbers: A = 0, B = 1, …
- $f(p) = \mod{(p + k)}{26}$
- $f^{-1}(p) = \mod{(p - k)}{26}$
- More general version
- $f(p) = \mod{(ap + b)}{26}$
- $f^{-1}(p) = \mod{(a^{-1}(p - b))}{26}$

$a^{-1}$ is the *multiplicative inverse* of $a$ modulo 26,
and we’ll soon see how to compute these inverses.

Fundamental theorem of arithmetic, Euclid’s theorem, factoring.

- Prime number
- An integer $p > 1$ is called
*prime*if its only positive factors are $1$ and $p$. - Composite number
- An integer $c > 1$ is called
*composite*if it is not prime.

- A prime number is divisible only by itself and 1.
- We say that $a$ is a
*factor*of $b$ if $a\vert b$. - Note that 1 is neither prime nor composite.
- The above definitions apply only to integers greater than 1.

- Fundamental theorem of arithmetic
- Every positive integer greater than 1 has a unique prime factorization.

In other words, every integer $n > 1$ can be written uniquely as a prime, or the product of two or more primes ordered by size.

- Examples
- $48= 2\cdot 2\cdot 2\cdot 2\cdot 3$
- $591 = 3 \cdot 197$
- $45,523 = 45,523$
- $321,950 = 2 \cdot 5 \cdot 5 \cdot 47 \cdot 137$
- $1,234,567,890 = 2 \cdot 3 \cdot 3 \cdot 5 \cdot 3,607 \cdot 3,803$

- Euclid’s theorem
- There are infinitely many primes.

- Proof by contradiction:
- Suppose that there are finitely many primes: $p_1, \ldots, p_n$.
- Define the number $P = p_1 \cdot \ldots\cdot p_n$, and let $Q = P + 1$.
**Case 1:**If $Q>1$ is prime, then $Q$ is a prime different from all of $p_1, \ldots, p_n$, since it is bigger than all of them. This contradicts the assumption that the list $p_1,\ldots, p_n$ includes all primes.**Case 2:**If $Q>1$ is not prime, then $Q$ has some prime factor $p$, which must be in $p_1, \ldots, p_n$. Therefore $p \vert P$ and $p \vert Q$ so $P = jp$ and $Q = kp$ for some integers $j,k$. We then have $Q- P = (k-j)p = 1$, which means that $p \vert 1$. But no prime divides 1, leading again to a contradiction.- Since both cases are contradictions, the assumption must be false. $\qed$

- Primality testing
- Given an integer $n$, determine if $n$ is prime.
- Factoring
- Given an integer $n$, determine the prime factorization of $n$.

- We don’t know of an efficient algorithm for factoring large numbers.
- The security of commonly used cryptographic protocols (e.g., RSA) hinges on this fact.
- For example, it took two years and thousands of machine-hours to factor a 232-digit (768-bit) number known as RSA-768.
- But factoring is easy for quantum computers!

GCD definition and properties.

- Greatest common divisor (GCD)
- The greatest common divisor of integers $a$ and $b$, written as $\gcd{a}{b}$, is the largest integer $d$ such that $d\vert a$ and $d\vert b$.

**Examples:**

$\gcd{100}{125}$ | $=$ | $25$ |

$\gcd{17}{49}$ | $=$ | $1$ |

$\gcd{11}{66}$ | $=$ | $11$ |

$\gcd{13}{0}$ | $=$ | $13$ |

$\gcd{180}{252}$ | $=$ | $36$ |

- A naive approach is to first factor both $a$ and $b$:
- $a = 2^3\cdot 3\cdot 5^2\cdot 7\cdot 11 = 46,20$
- $b = 2\cdot 3^2\cdot 5^3\cdot 7\cdot 13 = 204,750$
- And then compute $\gcd{a}{b}$ as follows:
- $\gcd{a}{b} = 2^{\min(3,1)}\cdot 3^{\min(1,2)}\cdot 5^{\min(2,3)}\cdot 7^{\min(1,1)}\cdot 11^{\min(1,0)} \cdot 13^{\min(0,1)}$

But factoring is expensive! Can we compute $\gcd{a}{b}$ without factoring?

Computing GCDs with the Euclidean algorithm.

- $\gcd{a}{0}$
- If $a$ is a positive integer, then $\gcd{a}{0} = a$.

Proof follows straightforwardly from the definition of GCD and divisibility.

- GCD and modulo
- If $a$ and $b$ are positive integers, then $\gcd{a}{b} = \gcd{b}{\mod{a}{b}}$.

- Proof:
- First note that by definition of mod, $a = qb + \mod{a}{b}$ for some integer $q=\div{a}{b}$.
- Now, let $d = \gcd{a}{b}$. Then $d\vert a$ and $d\vert b$, so $a=kd$ and $b=jd$ for some $k,j\in\Z$. Therefore, $\mod{a}{b} = a - qb = kd - qjd = d(k-qj)$. So, $d\vert (\mod{a}{b})$ and since $d\vert b$, we have that $d = \gcd{a}{b} \leq \gcd{b}{\mod{a}{b}}$.
- Next, let $e = \gcd{b}{\mod{a}{b}}$. Then $e\vert b$ and $e\vert (\mod{a}{b})$, so $b=me$ and $\mod{a}{b}=ne$ for some $m,n\in\Z$. Therefore, $a = qb + \mod{a}{b} = qme + ne $. So, $e\vert a$ and $e\vert b$, we have that $e = \gcd{b}{\mod{a}{b}} \leq \gcd{a}{b}$. The result follows from these cases. $\qed$

Apply $\gcd{a}{b} = \gcd{b}{\mod{a}{b}}$ until you get $\gcd{a}{0} = a$.

Example implementation:

```
// Assumes a >= b >= 0.
public static int gcd(int a, int b) {
if (b == 0)
return a; // GCD(a, 0) = a
else
return gcd(b, a % b); // GCD(a, b) = GCD(b, a mod b)
}
```

- $\gcd{660}{126}$
- $= \gcd{126}{\mod{660}{126}} = \gcd{126}{30}$
- $= \gcd{30}{\mod{126}{30}} = \gcd{30}{6}$
- $= \gcd{6}{\mod{30}{6}} = \gcd{6}{0}$
- $= 6$

**In tableau form:**

660 = | 5 * | 126 + | 30 |

126 = | 4 * | 30 + | 6 |

30 = | 5 * | 6 + | 0 |

Bézout’s theorem and the extended Euclidean algorithm.

- Bézout’s theorem
- If $a$ and $b$ are positive integers, then there exist integers $s$ and $t$ such that $\gcd{a}{b} = sa + tb$.

We can extend Euclidean algorithm to find $s$ and $t$ in addition to computing $\gcd{a}{b}$.

- Compute GCD and keep the tableau.

$\gcd{35}{27} = 35s + 27t$.

$a$ $=$ | $q$ $*$ | $b$ $+$ | $r$ |

$35$ $=$ | $1$ $*$ | $27$ $+$ | $8$ |

$27$ $=$ | $3$ $*$ | $8$ $+$ | $3$ |

$8$ $=$ | $2$ $*$ | $3$ $+$ | $2$ |

$3$ $=$ | $1$ $*$ | $2$ $+$ | $1$ |

$\gcd{a}{b}$ | $\gcd{b}{\mod{a}{b}}$ | $r=\mod{a}{b}$ | ||
---|---|---|---|---|

$\gcd{35}{27}$ | $=$ | $\gcd{27}{\mod{35}{27}}$ | $=$ | $\gcd{27}{8}$ |

$=$ | $\gcd{8}{\mod{27}{8}}$ | $=$ | $\gcd{8}{3}$ | |

$=$ | $\gcd{3}{\mod{8}{3}}$ | $=$ | $\gcd{3}{2}$ | |

$=$ | $\gcd{2}{\mod{3}{2}}$ | $=$ | $\gcd{2}{1}$ | |

$=$ | $\gcd{1}{\mod{2}{1}}$ | $=$ | $\gcd{1}{0}$ |

- Compute GCD and keep the tableau.
- Solve the equations for $r$ in the tableau.

$\gcd{35}{27} = 35s + 27t$.

$a$ $=$ | $q$ $*$ | $b$ $+$ | $r$ |

$35$ $=$ | $1$ $*$ | $27$ $+$ | $8$ |

$27$ $=$ | $3$ $*$ | $8$ $+$ | $3$ |

$8$ $=$ | $2$ $*$ | $3$ $+$ | $2$ |

$3$ $=$ | $1$ $*$ | $2$ $+$ | $1$ |

$r$ $=$ | $a$ $-$ | $q$ $*$ | $b$ |

$8$ $=$ | $35$ $-$ | $1$ $*$ | $27$ |

$3$ $=$ | $27$ $-$ | $3$ $*$ | $8$ |

$2$ $=$ | $8$ $-$ | $2$ $*$ | $3$ |

$1$ $=$ | $3$ $-$ | $1$ $*$ | $2$ |

- Compute GCD and keep the tableau.
- Solve the equations for $r$ in the tableau.
- Back substitute the equations for $r$.

$\gcd{35}{27} = 35s + 27t$.

$r$ $=$ | $a$ $-$ | $q$ $*$ | $b$ |

$8$ $=$ | $35$ $-$ | $1$ $*$ | $27$ |

$3$ $=$ | $27$ $-$ | $3$ $*$ | $8$ |

$2$ $=$ | $8$ $-$ | $2$ $*$ | $3$ |

$1$ $=$ | $3$ $-$ | $1$ $*$ | $2$ |

$1$ | $ = 3 - 1 * (8 - 2 * 3)$ | Plug in the def of 2. |

$ = 3 - 8 + 2*3$ | ||

$ = (-1) * 8 + 3*3$ | Group 8’s and 3’s. | |

$ = (-1) * 8 + 3*(27 - 3*8)$ | Plug in the def of 3. | |

$ = (-1) * 8 + 3*27 + (- 9) * 8$ | ||

$ = 3 * 27 + (-10) * 8$ | Group 8’s and 27’s. | |

$ = 3 * 27 + (-10) * (35 - 1*27)$ | Plug in the def of 8. | |

$ = 3 * 27 + (-10) * 35 + 10 *27$ | ||

$ = 13 * 27 + (-10) * 35$ | Group 27’s and 35’s. |

Suppose $\gcd{a}{m} = 1$.

By Bézout’s Theorem, there exist integers $s$ and $t$ such that $sa + tm = 1$.

- $\mod{s}{m}$ is the
*multiplicative inverse*of $a$ - $1 = \mod{(sa+tm)}{m} = \mod{sa}{m}$

Solve: $\congruent{7x}{1}{26}$

① Compute GCD and keep the tableau.

② Solve the equations for $r$ in the tableau.

$a$ $=$ | $b$ $*$ | $q$ $+$ | $r$ |

$26$ $=$ | $7$ $*$ | $3$ $+$ | $5$ |

$7$ $=$ | $5$ $*$ | $1$ $+$ | $2$ |

$5$ $=$ | $2$ $*$ | $2$ $+$ | $1$ |

$r$ $=$ | $a$ $-$ | $b$ $*$ | $q$ |

$5$ $=$ | $26$ $-$ | $7$ $*$ | $3$ |

$2$ $=$ | $7$ $-$ | $5$ $*$ | $1$ |

$1$ $=$ | $5$ $-$ | $2$ $*$ | $2$ |

③ Back substitute the equations for $r$.

④ Solve for $x$.

- Multiplicative inverse of 7 mod 26
- $\mod{(-11)}{26}=15$

- So, $x=26k + 15$ for $k\in\Z$.

- Every positive integer $p>1$ is either prime or composite.
- $p$ is
*prime*if its only factors are $p$ and 1. - Otherwise, $p$ is composite.
- $\gcd{a}{b}$ is the greatest integer that divides both $a$ and $b$.
- It can be computed efficiently using the Euclidean algorithm.
- By Bézout’s Theorem, $\gcd{a}{b} = sa + tb\,$ for some integers $s, t$.
- $s, t$ can be computed using the extended Euclidean algorithm.
- If $\gcd{a}{b} = 1$, $\mod{s}{b}$ is the multiplicative inverse of $a$ modulo $b$.