Defn: Let a and b be positive integers. We say that a divides b or a is a
divisor of b (written a|b) if b = ma for some positive integer m.
Useful Facts: Let a, b and c be positive integers.
1. If c|a or c|b, then c|ab.
2. If c|a and c|b, then c divides a + b.
3. If c is prime and c|ab, then c|a or c|b.
Defn: Let a and b be positive integers. The greatest common divisor of a
and b (written gcd(a, b), or sometimes (a.b)) is the largest integer which is a
divisor of a and b.
The Euclidean Algorithm is an efficient method for finding the gcd. This
method is based on the Division Algorithm:
Theorem (Division Algorithm): Let a and b be nonnegative integers.
There exist nonnegative integers q and 0 ≤ r < a such that
b = aq + r
Here, q is the quotient and r is the remainder.
Euclidean Algorithm (EA): Let a and b be positive integers. Iteratively apply the Division Algorithm until the remainder is 0: Set
r−1 = b, r0 = a
r−1 = r0 q0 + r1 ,
r0 = r1 q1 + r2 ,
r1 = r2 q2 + r3 ,
...
ri−1 = ri qi + ri+1 ,
...
rj−2 = rj−1 qj−1 + rj ,
rj−1 = rj qj
Theorem: gcd(a, b) = rj .
1
0 < r1 < r0
0 < r2 < r1
0 < r3 < r2
...
0 < ri+1 < ri
...
0 < rj < rj−1
Example: Let a = 657 and b = 963.
963
657
306
45
36
=
=
=
=
=
657 · 1 + 306
306 · 2 + 45
45 · 6 + 36
36 · 1 + 9
9·4
Thus, gcd(657, 963) = 9.
Proof of Theorem:
Let d be a common divisor of a and b. We will first show, by induction,
that d is a common divisor of ri−1 and ri for all i = 0, . . . , j. The base
case, i = 0, is true by assumption. For the inductive step, observe that since
ri−2 = ri−1 qi−1 + ri , if d is a common divisor of ri−2 and ri−1 then it is a
divisor of ri and thus a common divisor of ri−1 and ri . This completes the
induction. In particular, d divides rj , and so rj is at least as large as any
common divisor of a and b.
It remains only to show that rj itself is a common divisor of a and b. From
the last equation, we see that rj divides rj−1 , and so rj is a common divisor of
itself and rj−1 . Then, from the next-to-last equation, we see that rj divides
rj−2 , and so rj is a common divisor of rj−2 and rj−1 . Now run backwards
through the steps of the Euclidean Algorithm, to see, by induction, that for
i = j, . . . , 0, rj is a common divisor of ri and ri−1 . In particular, rj divides
r0 = a and r−1 = b, as desired.
Bezout’s Identity: Let a and b be positive integers and let g = (a, b).
Then there exist integers m, n (not necessarily positive) such that
am + bn = gcd(a, b)
We can use the Euclidean Algorithm to not only prove Bezout’s Identity,
but to explicitly find a m and n. The idea is to run backwards through the
Euclidean Algorithm. As an example, we work through the Example above.
2
9 =
=
=
=
=
=
=
=
45 − 36
45 − (306 − 45 · 6)
−306 + 45 · 7
−306 + (657 − 306 · 2) · 7
657 · 7 − 306 · 15
657 · 7 − (963 − 657) · 15
−963 · 15 + 657 · 22
657 · 22 − 963 · 15
So, m = 22 and n = −15.
To see that this always works, we show:
Proposition: For each i = j − 1, . . . , 0, there are integers mi and ni such
that
ri mi + ri−1 ni = rj
(1)
Note that the case i = 0 yields Bezout’s identity.
We prove the Proposition by induction.
For the base case, i = j − 1, set mi = −qj−1 and ni = 1. For the inductive
step, note that since ri−2 = ri−1 qi−1 + ri , we have ri = ri−2 − ri−1 qi−1 .
Substitute this expression for ri into (1) to obtain
rj = ri mi + ri−1 ni = (ri−2 − ri−1 qi−1 )mi + ri−1 ni = ri−1 (ni − qi−1 mi ) + ri−2 mi
which we write as
ri−1 mi−1 + ri−2 ni−1
Thus, (1) holds for all i.
Note that the m and n in Bezout’s Identity are by no means unique. For
example, let a = 2 and b = 3, with gcd = 1. Then 1 = 2·(−1)+3·1 = 2·2−3·1.
Finally, we apply EA and Bezout to find inverses in Zq when q is prime.
First, observe that if q is prime and a ∈ Zq and a 6= 0 mod q, then gcd(a, q) =
1. By Bezout, there exist integers m, n such that am+qn = 1. Thus, am = 1
mod q, and so a−1 = m mod q. Use EA and Bezout to explicitly find m.
3