Lecture 11

Here’s the general case:


[Euclid’s algorithm] Suppose we must calculate the greatest common divisor of two positive integers. Call them aa and bb with aba\geq b. If they’re not in the right order, we can swap them over earlier.

By division with remainder, we can write a=qb+ra = qb+r for some integers qq and rr with 0r<b0\leq r<b.

But then we have gcd(a,b)=gcd(qb+r,b)=gcd(r,b)=gcd(b,r),\gcd(a,b) {}= \gcd(qb+r,b) {}= \gcd(r,b) {}= \gcd(b,r), and since bab\leq a and r<br<b we’ve made our numbers smaller.

If we keep doing this repeatedly, we’ll end up making one of the numbers zero and can stop (since gcd(d,0)=d\gcd(d,0) = d).

One might reasonably wonder just how fast Euclid’s algorithm really is. One good answer (not very hard to prove) is that if you’re trying to work out gcd(a,b)\gcd(a,b) and bab\leq a, then the number of steps you need is always less than five times the number of digits of bb.

So working out gcd(123456789,987654321)\gcd(123456789,987654321) will take less than 5×9=455\times 9 = 45 divisions (actually, this one takes a lot less than 4545, if you try it). Compared with the other methods we discussed, this makes it seem really good.

Euclid’s algorithm is in fact even more useful than it looks: using Euclid’s algorithm, if we have gcd(a,b)=d\gcd(a,b) = d, that enables us to write dd in the form ma+nb=dma+nb=d for some integers mm and nn. (We say that we’re writing it as a linear combination of aa and bb). This will be really useful later: I promise!

Let’s see how this works with an example. We saw earlier that gcd(126,70)=14\gcd(126,70)=14, so we expect to be able to find integers mm and nn such that 126m+70n=14126m+70n=14.

Along the way we found that: 126=1×70+56,(1)70=1×56+14.(2)\begin{aligned} {}126 &= 1\times 70 + 56, &\qquad(1)\\ {}70 &= 1\times 56 + 14. &\qquad(2)\end{aligned} Working through that backwards, we get that 14=1×701×56(using (2))=1×701×(1×1261×70)(using (1))=2×701×126.\begin{aligned} {}14 &= 1\times 70 - 1\times 56 \qquad\text{(using (2))}\\ {}&= 1\times 70 - 1\times (1\times 126 - 1\times 70) \qquad\text{(using (1))}\\ {}&= 2\times 70 - 1\times 126.\end{aligned}

Similarly, when we calculated that gcd(556,296)=4\gcd(556,296)=4, we found that: 556=1×296+260,(3)296=1×260+36,(4)260=7×36+8,(5)36=4×8+4.(6)\begin{aligned} {}556 &= 1\times 296+260, &\qquad(3)\\ {}296 &= 1\times 260+ 36, &\qquad(4)\\ {}260 &= 7\times 36+ 8, &\qquad(5)\\ {}36 &= 4\times 8+ 4. &\qquad(6)\end{aligned} This means that 4=364×8(using (6))=364×(2607×36)(using (5))=29×364×260=29×(296260)4×260(using (4))=29×29633×260=29×29633×(556296)(using (3))=62×29633×556.\begin{aligned} {}4 &= 36-4\times 8\qquad\text{(using (6))}\\ {}&= 36-4\times(260-7\times 36)\qquad\text{(using (5))}\\ {}&= 29\times 36-4\times 260\\ {}&= 29\times(296-260)-4\times 260\qquad\text{(using (4))}\\ {}&= 29\times296-33\times260\\ {}&= 29\times296-33\times(556-296)\qquad\text{(using (3))}\\ {}&= 62\times296-33\times556.\end{aligned}

In general, if we have positive integers aa and bb, with a>ba>b, we can start defining a sequence a0,a1,a_0, a_1, \ldots as follows:

This is a decreasing sequence, and eventually we will get ak=0a_k = 0 for some kk; we can’t divide by zero, so we end the sequence there.

We then have gcd(a,b)=gcd(a0,a1)=gcd(a1,a2)==gcd(ak1,0)=ak1.\gcd(a,b)=\gcd(a_0,a_1)=\gcd(a_1,a_2)=\cdots=\gcd(a_{k-1},0)=a_{k-1}.

Let’s write d=gcd(a,b)d=\gcd(a,b) for this.

Now, we have ak3=qk3ak2+ak1a_{k-3} = q_{k-3}a_{k-2} + a_{k-1}, so ak1=ak3qk3ak2a_{k-1} =a_{k-3} - q_{k-3}a_{k-2}, so we can write dd as a linear combination of ak3a_{k-3} and ak2a_{k-2}.

We have ak4=qk4ak3+ak2a_{k-4} = q_{k-4}a_{k-3} + a_{k-2}, so ak2=ak4qk4ak3a_{k-2} =a_{k-4} - q_{k-4}a_{k-3}, so substituting in we can write dd as a linear combination of ak4a_{k-4} and ak3a_{k-3}.

Proceeding in this way, we end up with dd as a linear combination of a0a_0 and a1a_1: in other words, of aa and bb.

We’ve proved the following:


[Bezout’s Lemma] Let aa and bb be two integers with gcd(a,b)=d\gcd(a,b)=d. Then there are integers mm and nn such that ma+nb=dma+nb=d.

In fact, slightly more is true:


Let aa and bb be two integers with gcd(a,b)=d\gcd(a,b)=d. Then, for an integer ee, we can write ee in the form e=ma+nbe=ma+nb if and only if ded\mid e.


The “if” part: We must prove that, if ded\mid e, then we can write ee as a linear combination of aa and bb.

However, since ded\mid e, we can write e=dke=dk for some kk. Also, by the above Proposition we can write d=ma+nbd=ma+nb for some mm and nn. But then e=dk=(mk)a+(nk)b,e = dk = (mk)a + (nk)b, as required.

The “only if” part: We must prove that if e=ma+nbe=ma+nb, then ded\mid e. But, since d=gcd(a,b)d=\gcd(a,b) we have dad\mid a and dbd\mid b, and hence also dmad\mid ma and dnbd\mid nb, and therefore dma+nbd\mid ma+nb as required.