Number Theory Review

Greatest Common Divisor

Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

Chapter 11 Number-Theoretic Algorithms

Jason Pearson and Sam Demorest

April 19, 2015

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

Overview

1 Number Theory Review

2 Greatest Common Divisor

3 Euclid’s Algorithm

4 Modular Arithmetic

5 Solving Modular Linear Equations

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

Composite and Prime Numbers

Composite Numbers have a divisor other than itself and one.

For example 4|20 means that 20 = 5 * 4
The divisors of 12 are 1,2,3,4,6 and 12
Prime numbers have no divisors but 1 and itself
First 10 Primes
2, 3, 5, 7, 11, 13, 17, 19, 23, 29

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

Greatest Common Divisor

If h|m and h|n then h is called a common divisor

A common divisor is a number that is a factor of both numbers
The greatest common divisor is the largest factor for both numbers
This is denoted gcd�n,m)
For example gcd�12,15) = 3

For any two integers n and m where m �= 0 the quotient is given by

q = �n/m�
The remainder r of dividing n by m is given by
r = n − qm

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

Greatest Common Divisor �cont)

Let n and m be integers, not both 0 and let
d = min � in + jm such that i,j ∈ Z and in + jm > 0}
That is, d is the smallest positive linear combination of n and m
For example we know gcd�12, 8) = 4,
the smallest linear combination is
4 = 3�12) + �−4)8

Now suppose we have n ≥ 0 and m > 0 and r = n mod�m) then

gcd�n , m) = gcd�m , r)
so gcd�64 , 24) = gcd�24, 16)
= gcd�16, 8)
= gcd�8, 0)
=8

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

Prime Factorization

Two integers are relatively prime because the gcd of them is 1

For example gcd�12, 25) = 1 so they are relatively prime
If h and m are relatively prime and h divides nm, then h divides m.
That is gcd�h,m) = 1 and h|nm implies h|n

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

Prime Factorization �cont)

Every integer X > 1 can be written as a unique product of primes

That is X = pk11 * pk22 * ... * pknn
Where p1 <p2 <...pn and this representation of n is unique
Example being 22,275 = 34 * 52 * 11

To solve gcd�3,185,325, 7,276,500) we know

3,185,325 = 34 52 112 131
7,276,500 = 22 33 53 72 111
We then take the common divisors and take the lower power to
create the gcd
so gcd�3,185,325, 7,276,500) = 33 52 111 = 7,425

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

Least Common Multiple

For n and m where they are both nonzero, the least common
multiple is denoted lcm�n,m)
For example lcm�6,9) = 18 because 6|18 and 9 |18
The lcm�n,m) is a product of primes that are common to m and n,
where the power of each prime in the product is the larger of its
orders in n and m
So 12 = 22 31 and 45 = 32 51
so lcm�12,45) = 22 32 51 = 180

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

Euclid’s Algorithm

Euclid’s Algorithm gives us a straight forward way to find the gcd

of two numbers
int gcd�int n, int m)
�
if�m == 0)
return n;

else
return gcd�m, n mod m);
}

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

Extension to Euclid’s Algorithm

void Euclid �int n, int m, int gcd, int i, int j)�

if �m == 0) �
gcd = n; i = 1; j = 0;
}
else �
int iprime, jprime, gcdprime;
Euclid �m, n mod m, gcdprime, iprime, jprime);
gcd = gcdprime;
i = jprime;
j = iprime -�n/m� jprime ;
}
}

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

Time Complexity

Basic Operation: one bit manipulation in the computation of the

remainder.
Input Size: The number of bits it takes to encode the input
s = �lgn� + 1
t = �lgm� + 1
We will analyze when 1 ≤ m < n. If m = n then there will be no
recursive calls
If m > n, the first recursive call will be gcd�m,n) instead to keep
the first element larger
It has been shown that the worst case calls Wcalls�s� t) ∈ θ�t)

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

Time Complexity �cont)

For each recursive call we compute one remainder which in the

worst case number of bit manipulations is bounded from above by
c��1 + lgq)lgm� where q is the quotient of dividing n by m and c is
a constant
For r > 0 the worst case number of bit manipulations is
c��1 + lgn)lgm − lgm × lgr �
Now with worst case number of bit manipulations considered we
know q = �n − r )/m and 1 ≤ r < m
1 + lgq = 1 + lg ��n − r )/m)
≤ 1 + lg ��n − r )/r )
≤ 1 + lg �n − r )
≤ 1 + lgn − lgr

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

Time Complexity �cont)

This last equality combined with the worst case for number of bit
manipulations and recursive calls results is bounded from above by
= c�lgn × lgm + lgm + lgr + lg �mmodr ) + . . . � Since
n > m > r > mmodr > . . . where the dots denote the remaining
terms.
We conclude W �s� t) ∈ ��st)

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

Why Use the Other Algorithm?

This other algorithm will give us integers i and j as well

So, gcd = in + jm
For Example Euclid�42, 30, gcd, i, j) outputs
gcd = 6, i = -2 and j = 3
6 = -2�42) + 3�30)

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

Proof Extended Algorithm

Induction Base: In the last recursive call m = 0, which means

gcd�n, m) = n
Since the values of i and j are assigned values 1 and 0 respectively
we have
in + jm = 1n + 0m = n = gcd �n� m)

Induction Hypothesis: Assume in the kth recursive call the values

determined for i and j are such that
gcd�n,m) = in + mj
Then the values returned by that call for i’ and j’ are values such
that
gcd�m, n mod m) = i’m + j’n mod m

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

Proof Extended Algorithm �cont)

Induction Step: We have for the �k - 1)st call that

in + mj = j’n + �i’ - �n/m� j’)m
= i’m + j’�n - �n/m�m)
= i’m + j’n mod m
= gcd�m, n mod m)
= gcd�n,m)
The second to last equality is due to the induction hypothesis

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

Group Theory

A closed binary operation * on a set S is a rule for combining two

elements of S to yield another element of S.
This operation must be associative
Must have an identity element for each element in S
For each element in S there must exist an inverse for that element
For example with integers ∈ Z with addition constitute a group.
The identity element is 0 and the inverse of a is -a
A group is said to be finite if S contains a finite number of elements
A group is said to be commutative �or abelian) if for all a, b ∈ S
a∗b =b∗a

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

Congruency Modulo n

Let m and k be integers and n be a positive integer. If n|�m - k)

we say m is congruent to k modulo n, and this is written by
m ≡ kmo�n
For Example
Since 5|�33 - 18), 33 ≡ 18mo�5

The integers 2, 5, 9 are pairwise prime and

184 ≡ 4mo�2
184 ≡ 4mo�5
184 ≡ 4mo�9
Since 2 ∗ 5 ∗ 9 = 90 this implies 184 ≡ 4mo�90
Congruency modulo n is an equivalence relation on the set of all
integers.

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

Equivalence Class Modulo n Containing m

The set of all integers congruent to m modulo n is called the
equivalence class modulo n containing m
For example the equivalence class modulo 5 containing 13 is
�. . . � −7� −2� 3� 8� 13� 18� 23� 28� 33� . . . }
Equivalence classes modulo n containing m are represented by [m]n
So for our previous example we would represent it by [3]5

The set of all equivalence classes modulo n is denoted �n

�n = �[0]n � [1]n � ...� [n − 1]n }
Example of Addition using �5 = �[0]5 � [1]5 � [2]5 � [3]5 � [4]5 }
[2]5 + [4]5 = [6]5 = [1]5
For every positive integer n, ��n � +) is a finite commutative group
Every element has an additive inverse so we know the identity
element is [0]n
Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms
 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

Equivalence Class Modulo n Containing m �cont)

Using �5 = �[0]5 � [1]5 � [2]5 � [3]5 � [4]5 }

For multiplication [2]5 ∗ [4]5 = [8]5 = [3]5
This isn’t always the case though because not every element in
��n � ) has a multiplicative inverse
For example we consider �9
Suppose [6]9 has a multiplicative inverse [k]9 . Then
[6]9 [k]9 = [6k]9 = [1]9
Which means there exists an integer i such that
1 = 6k + 9i which implies gcd�6,9) = 1 which is not the case

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

Equivalence Class Modulo n Containing m �cont)

This will work if we only include the relatively prime numbers for
example
z9∗ = �[1]9 � [2]9 � [4]9 � [5]9 � [7]9 � [8]9 }
Using �z9∗ � ×) we have the following multiplicative inverses
[1]9 ∗ [1]9 = [1]9
[2]9 ∗ [5]9 = [10]9 = [1]9
[4]9 ∗ [7]9 = [28]9 = [1]9
[8]9 ∗ [8]9 = [64]9 = [1]9
The number of elements ∗
� �in zn is given by Euler’s totient function
ϕ �n) = n p:p�n 1 − p1 For example
�
� �
ϕ �60) = 60 p:p�60 1 − p1 = 60 1 − 12 1 − 13 1 − 15 = 16
� � �� �� �

If the number is prime the totient function is simply ϕ �p) = p − 1

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

SubGroups

If G = �S, ×) is a group, S’ ⊆ S, and G’ = �S’, ×) is a group then

G’ is said to be a subgroup of G. It is a proper subgroup if S’ �= S
For E, the set of even integers and Z the set of integers.
�E, +) is a proper subgroup of �Z, +)

Suppose we have a finite group G = �S, ×) and a ∈ S.

�a� = �ak such that k is a positive integer }
Clearly �a� is closed under ×. So, ��a�� ×) is a subgroup of G.
This new group is called the subgroup generated by a.
If the subgroup generated by a is G we call a a generator of G
For example ��6 � +). We have
�[2]6 � = �[2]6 � [2]6 + [2]6 � [2]6 + [2]6 + [2]6 � ...}
= �[2]6 � [4]6 � [0]6 � [2]6 � ...}

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

SubGroups �cont)

When generating a subgroup we can stop once we reach the

identity element
ord�a) is the least positive integer t such that at = e where e is the
identity element
Consider the group ��6 � +). We have
�[3]6 � = �[3]6 � [3]6 + [3]6 } = �[3]6 � [0]6 }
and
�[2]6 � = �[2]6 � [2]6 + [2]6 � [2]6 + [2]6 + [2]6 } = �[2]6 � [4]6 � [0]6 }
Clearly
�[1]6 � = �6

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

SubGroups �cont)

Euler proved for any integer n > 1 for all [m]n ∈ �n

�[]m]n )��n) = [1]n
Consider the group ��
� 20 � ×)� We have that
ϕ �20) = 20 p:p�20 1 − p = 20 1 − 15 1 − 12 = 8
1
� � �� �

and �[3]20 )8 = [6561]20 = [1]20

Also Fermat has shown that if p is prime then for all [m]p ∈ �p
� �p−1
[m]p = [1]p
For example group ��7 � ×). We have that
�[2]7 )7−1 = [64]7 = [1]7

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

Pre Solving Modular Linear Equations

The modular equation

[m]n x = [k]n
for X, where X is an equivalence class modulo n, and m, n > 0.
�[6]�8 = �[0]8 � [6]8 � [4]8 � [2]8 }
the equation
[6]8 x = [k]8
has a solution if and only if [k]8 is [0]8 � [6]8 � [4]8 � or [2]8 For
example, solutions to
[6]8 x = [4]8
are x = [2]8 and x = [6]8

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

Pre Solving Modular Linear Equations �cont)

Consider the group ��n � +) For any [m]n ∈ �n we have that

�[m]n � = �[d]n � = �[0]n � [d]n � [2d]n � . . . � [�nd − 1) d]n }
where d = gcd�n, m). This means
ord�[m]n ) = |�[m]n �| = �n

The equation [m]n x = [k]�

has a solution if and only if d | k where d = gcd�n,m).
Furthermore if the equation has a solution it has d solutions.
There is only a solution for every equivalence class [k]n if and only
if gcd�n,m) = 1

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

Pre Solving Modular Linear Equations Examples

Using the group ��8 � +). Since gcd�8,5) = 1

So, [5]8 x = [k]8 has exactly one solution when solving for any k
that is a member of �[5]�8 . When k = 3 we know that x = [7]8
Using the same group we use 6 instead so gcd�8,6) = 2
So, [6]8 x = [k]8 has exactly two solutions when solving for any k
that is a member of �[6]�8 . When k = 4 we know that x = [6]8
and x = [2]8

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

Solving Modular Linear Equations

Let d = gcd�n,m) and let i and j be integers such that d = in + jm

Suppose
� � further d | k Then the equation [m]n x = [k]n has solution
jk
x= � n For example, consider [6]8 x = [4]8 we have gcd�8,6) = 2
2 = ��1) 8 +� �-1) 6 and 2 | 4 so it must have the solution
−1�4)
x= 2 = [−2]8 = [6]8
8
This is only one solution though to solve the other we use the
equation
j + wn
� �
� n for w = 0� 1� . . . � d − 1
�So for the� other solution we have
6 + 1�8)
2 = [10]8 = [2]8
8

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

Psuedocode For Solving Modular Linear Equations

void solvelinear � int n, int m, int k)

�
index l;
int i, j, d;
Euclid�n,m,d,i,j);
if �d|k) �
for�w = 0; w ≤ �d - 1; w++)� �
jk wn
cout << � + � ;
n
}
}
}

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms

 Number Theory Review
Greatest Common Divisor
Euclid’s Algorithm
Modular Arithmetic
Solving Modular Linear Equations

Time Complexity Analysis

The input size in our linear solver is the number of bits it takes to
encode input
s = �lgn� + 1
t = �lgm� + 1
u = �lgk� + 1
The time complexity for Euclid’s Algorithm is O�st), plus the time
complexity for the for-w loop.
Since d can be as large as m or n, this time complexity is
worst-case exponential in terms of input size.

Jason Pearson and Sam Demorest Chapter 11 Number-Theoretic Algorithms