arxiv: v1 [cs.dm] 1 Jul 2016

Similar documents
Euclid's Algorithm. MA/CSSE 473 Day 06. Student Questions Odd Pie Fight Euclid's algorithm (if there is time) extended Euclid's algorithm

1 Elementary number theory

Integers and Mathematical Induction

Calculation of extended gcd by normalization

Algorithms and Data Structures, or

PAijpam.eu A NOTE ON KNUTH S IMPLEMENTATION OF EXTENDED EUCLIDEAN GREATEST COMMON DIVISOR ALGORITHM Anton Iliev 1, Nikolay Kyurkchiev 2, Angel Golev 3

arxiv: v3 [cs.ds] 18 Apr 2011

Using Templates to Introduce Time Efficiency Analysis in an Algorithms Course

Lecture Notes on Contracts

CS 310 Advanced Data Structures and Algorithms

Algorithmic number theory Cryptographic hardness assumptions. Table of contents

VISUALIZING NP-COMPLETENESS THROUGH CIRCUIT-BASED WIDGETS

- 0 - CryptoLib: Cryptography in Software John B. Lacy 1 Donald P. Mitchell 2 William M. Schell 3 AT&T Bell Laboratories ABSTRACT

Reading 8 : Recursion

COP 4516: Math for Programming Contest Notes

Chapter 4. Number Theory. 4.1 Factors and multiples

X Std. Topic Content Expected Learning Outcomes Mode of Transaction

CS3110 Spring 2017 Lecture 18: Binary Search Trees

COMP6700/2140 Recursive Operations

Nested Intervals Tree Encoding with Continued Fractions

DISCRETE MATHEMATICS

Math Introduction to Advanced Mathematics

Thomas H. Cormen Charles E. Leiserson Ronald L. Rivest. Introduction to Algorithms

The p-sized partitioning algorithm for fast computation of factorials of numbers

Discrete Mathematics Lecture 4. Harper Langston New York University

Know the Well-ordering principle: Any set of positive integers which has at least one element contains a smallest element.

! Addition! Multiplication! Bigger Example - RSA cryptography

A GRAPH FROM THE VIEWPOINT OF ALGEBRAIC TOPOLOGY

Programming Techniques in Computer Algebra

Assertions & Verification & Example Loop Invariants Example Exam Questions

CS2 Algorithms and Data Structures Note 1

Chapter 18 out of 37 from Discrete Mathematics for Neophytes: Number Theory, Probability, Algorithms, and Other Stuff by J. M. Cargal.

AXIOMS FOR THE INTEGERS

SCHOOL OF ENGINEERING & BUILT ENVIRONMENT. Mathematics. Numbers & Number Systems

1 Elementary number theory

Introduction to Programming in C Department of Computer Science and Engineering\ Lecture No. #02 Introduction: GCD

Data Structures and Algorithms

Lecture 3 Algorithms with numbers (cont.)

A Simplified Correctness Proof for a Well-Known Algorithm Computing Strongly Connected Components

x = 12 x = 12 1x = 16

BEng (Hons) Telecommunications. Examinations for / Semester 2

A Survey of Mathematics with Applications 8 th Edition, 2009

CS Network Security. Nasir Memon Polytechnic University Module 7 Public Key Cryptography. RSA.

Solutions to the Second Midterm Exam

The Distributive Property and Expressions Understand how to use the Distributive Property to Clear Parenthesis

Advanced Algorithms and Data Structures

Course Learning Outcomes for Unit I. Reading Assignment. Unit Lesson. UNIT I STUDY GUIDE Number Theory and the Real Number System

Working with Algebraic Expressions

THE DESIGN AND ANALYSIS OF COMPUTER ALGORITHMS

Algebra 1 Review. Properties of Real Numbers. Algebraic Expressions

Algorithms (III) Yu Yu. Shanghai Jiaotong University

Algorithms (III) Yijia Chen Shanghai Jiaotong University

Assertions & Verification Example Exam Questions

Algorithms and Data Structures

Algorithms (III) Yijia Chen Shanghai Jiaotong University

Introduction to Algorithms Third Edition

Key Terms. Writing Algebraic Expressions. Example

Bulldozers/Sites A B C D

Channel Coding and Cryptography Part II: Introduction to Cryptography

CS1800 Discrete Structures Fall 2017 October 25, CS1800 Discrete Structures Midterm Version B

1 / 43. Today. Finish Euclid. Bijection/CRT/Isomorphism. Fermat s Little Theorem. Review for Midterm.

r=1 The Binomial Theorem. 4 MA095/98G Revision

Twelve Simple Algorithms to Compute Fibonacci Numbers

Outline. Introduction. 2 Proof of Correctness. 3 Final Notes. Precondition P 1 : Inputs include

International Journal of Scientific & Engineering Research, Volume 4, Issue 7, July ISSN

Algorithms and Data Structures. Algorithms and Data Structures. Algorithms and Data Structures. Algorithms and Data Structures

ELEMENTARY NUMBER THEORY AND METHODS OF PROOF

Lecture 6: Overview of Public-Key Cryptography and RSA

overview overview who practicalities introduction data structures and algorithms lecture 1 sorting insertion sort pseudo code merge sort

CPSC 467b: Cryptography and Computer Security

Matrices. Chapter Matrix A Mathematical Definition Matrix Dimensions and Notation

D.Abhyankar 1, M.Ingle 2. -id: 2 M.Ingle, School of Computer Science, D.A. University, Indore M.P.

Computable Euclidean Domains

Algorithms (7A) Young Won Lim 4/10/17

Today. Finish Euclid. Bijection/CRT/Isomorphism. Review for Midterm.

AMS526: Numerical Analysis I (Numerical Linear Algebra)

CLASS-ROOM NOTES: OPTIMIZATION PROBLEM SOLVING - I

LAB 2: Linear Equations and Matrix Algebra. Preliminaries

RSA System setup and test

Mathematics 4330/5344 #1 Matlab and Numerical Approximation

And Now From a New Angle Special Angles and Postulates LEARNING GOALS

Cryptography and Network Security

Chapter 1: Number and Operations

Outline. Computer Science 331. Desirable Properties of Hash Functions. What is a Hash Function? Hash Functions. Mike Jacobson.

Lecture 8 Mathematics

MA651 Topology. Lecture 4. Topological spaces 2

About the Author. Dependency Chart. Chapter 1: Logic and Sets 1. Chapter 2: Relations and Functions, Boolean Algebra, and Circuit Design

A survey of loop invariants

Admin ENCRYPTION. Admin. Encryption 10/29/15. Assignment 6. 4 more assignments: Midterm next Thursday. What is it and why do we need it?

Formal Methods. CITS5501 Software Testing and Quality Assurance

Lecture 2 Algorithms with numbers

Towards a better way to teach dynamic programming

15-122: Principles of Imperative Computation (Section G)

CS1800 Discrete Structures Fall 2017 October 25, CS1800 Discrete Structures Midterm Version B

Plan of the lecture. Quick-Sort. Partition of lists (or using extra workspace) Quick-Sort ( 10.2) Quick-Sort Tree. Partitioning arrays

One of the most important areas where quantifier logic is used is formal specification of computer programs.

Lecture 6: Arithmetic and Threshold Circuits

Names and Functions. Chapter 2

STRUCTURE EXITS, NOT LOOPS

Advanced Algorithms and Data Structures

Transcription:

1 A Note on Extended Euclid s Algorithm arxiv:1607.00106v1 [cs.dm] 1 Jul 2016 Hing Leung Department of Computer Science New Mexico State University Las Cruces, NM 88003, USA Abstract Starting with the recursive extended Euclid s algorithm, we apply a systematic approach using matrix notation to transform it into an iterative algorithm. The partial correctness proof derived from the transformation turns out to be very elegant, and easy to follow. The paper provides a connection between recursive and iterative versions of extended Euclid s algorthm. 1 Introduction In teaching computer algorithms, many textbooks favor recursive over iterative versions. While the correctness of recursive algorithms can be relatively easy to establish, students may sometimes findit difficulttoconnect it tothe more efficient iterative versions. An example is the extended Euclid s algorithm from which we compute multiplicative inverses in modular arithmetic. In the textbooks, either the recursive [3, 4, 5, 6] or iterative [1, 2, 8, 9, 10] version is presented, but not both. Moreover, the recursive and iterative versions of extended Euclid s algorithm look drastically different. Computing multiplicative inverses efficiently is of great importance as it is an indispensible component in the implementation of RSA cryptosystem. As the numbers involved are of hundred of bits in length, it is without doubt that a recursive algorithm may be unacceptably slow. In this paper, starting with the recursive extended Euclid s algorithm, we apply a systematic approach to transform it into an iterative algorithm. Using matrix notation, and making use of the associative property of matrix multiplication, one obtains an iterative algorithm. The partial correctness proof turns out to be very clean with the loop invariant expressed using matrices. The paper thus provides a connection between recursive and iterative versions of extended Euclid s algorthm.

Hing Leung 2 Recursive versions of extended Euclid s algorithm are provided in textbooks [3, 4, 5, 6]. The textbook [5] by Epp provides a detailed account of the recursive ideas, supplemented with demonstrations by hand calculations. In [1], an iterative extended Euclid s algorithm is presented while the recursive version is missing. Using mathematical induction, the correctness proof of the iterative algorithm is established in [1] through insightful observation of the properties of the numbers computed during the execution of the algorithm. Then in [2], matrices are used 1 to present the extended Euclid s algorithm iteratively. However, the development of the iterative codes requires good insights in mathematics, and does not originatrom the recursive algorithm, which the book does not give either. Also, the way the iterative codes are given in [2] is not suitablor the construction of a partial correctness proof. Knuth establishes in [8] (Section 1.2.1) the partial correctness proof of the iterative extended Euclid s algorithm [8, 9] through a flow chart program labeled with assertions. In fact, the non-trivial correctness proof was the only example that Knuth gives in Chapter 1 on basic concepts of his classic book [8] for demonstrating how partial correctness proof can be performed. Even though Knuth s proof is not difficult to follow, it is still quite mysterious with no indication of how the loop invariant is derived or developed. In contrast, our partial correctness proof is logically developed and step-by-step justified; and the proof s succinctness and elegantness are appealing, not intimidating. In this paper, we do not consider variants [7, 9, 11] of iterative extended Euclid s algorithms for improved efficiency. 2 Recursive Extended Euclid s Algorithm We give in this section a quick review of the design of the recursive extended Euclid s algorithm [3, 4, 5, 6]. Below is Euclid s algorithm for computing the greatest common divisor of a and b, where a b 0: 1 In fact, matrices are introduced in [1], not for the presentation of the extended Euclid s algorithm, only for the development of an algorithm for computing the greatest common divisor for polynomials over a field.

Hing Leung 3 GCD(a,b): // assume a b 0 if (b 0) return a return GCD(b,a%b) Euclid s algorithm can be extended to return integers x and y such that GCD(a,b) ax + by. One can develop the extended Euclid s algorithm by first taking a leap of faith that such an algorithm EGCD(a,b) can be constructed by extending GCD(a,b) to return (d,x,y) where d GCD(a,b) and d ax+by. The algorithm is thus organized as follows: EGCD(a,b): // assume a b 0 if (b 0) return (a,1,0) // a a 1 + b 0 (base case) (d,x,y ) EGCD(b,a%b) // d b x + (a % b) y (hypothesis) /* steps are needed to compute x and y */ return (d,x,y) // d a x + b y (goal) We need to determine the steps to compute x and y. From the hypothesis, we deduce that d bx +(a%b)y, which can be rewritten as d bx +(a a/b b)y ay + b(x a/b y ). By letting x y and y x a/b y, the algorithm is finalized as follows: EGCD(a,b): // assume a b 0 if (b 0) return (a,1,0) // a a 1 + b 0 (base case) (d,x,y ) EGCD(b,a%b) // d b x + (a % b) y (hypothesis) (x,y) (y,x - a/b y ) return (d,x,y) // d a x + b y (goal) Rewriting a%b as a a/b b, the algorithm can be given as follows: EGCD(a,b): // assume a b 0 if (b 0) return (a,1,0) // a a 1 + b 0 (base case) (d,x,y ) EGCD(b,a - a/b b) // d b x + (a % b) y (hypothesis) (x,y) (y,x - a/b y ) return (d,x,y) // d a x + b y (goal) 3 From Recursion to Iteration We notice the similariy between the computing of (y,x a/b y ) from (x,y ) and the computing of (b,a a/b b) from (a,b). [ We can] capture the computation using matrix multiplication. Let A. Then

Hing Leung 4 [x y] [x y ]A and [b a a/b b] [a b]a. Our goal is to derive an iterative extended Euclid s algorithm EGCD. But, for technical convenience, for the moment we reduce thunctionality of EGCD to egcd, which performs the same as before except that it no longer returns d, the greatest common divisor of a and b. Furthermore, egcd takes vectors for both input and output. Using matrix notation, we derive the codes for egcd([a b]) which returns [x y] such that gcd(a,b) ax+by as follows: egcd([a b]): // assume a b 0 if (b 0) return [1 0] return egcd ( [ ]) [ ] [a b] As the recursion progresses, the recursion stack remembers the sequence of 2 2 matrices generated. It is only when the recursion halts that we start multiplying the result[1 0] with the sequence of matrices in the reverse order of their generations. However, since matrix multiplication is associative, we can indeed multiply the 2 2 matrices as they are generated. That is, we no longer need to remember all the matrices generated until the program halts. This insight allows us to derive an iterative algorithm. Each time the program advances to the next round, the matrix is multiplied to the [ left side ] of the product of 2 2 matrices generated so far. In addition, is multiplied to the right side of [a b] to give the new [a b]. By maintaining the product of 2 2 matrices generated as [ c e d f ], the codes for egcd([a, b]) becomes:

Hing Leung 5 egcd([a b]): [ ] c e d f [ ] 1 0 while (b! 0) [ ] [ ] [ ] c e c e d f d f [a b] [a b] [ ] c e return [1 0] d f As the matrix is the transpose of itself, we have [ ] Next, we give the codes of egcd([a,b]) in a compact way as follows: egcd([a, b]): [ ] 1 0 while (b! 0) a b a b c d c d return [c, e] By the logic of the original Euclid s algorithm, the greatest common divisor is given by the value of a when the program GCD halts. It turns out that the same is truor the program egcd. We therefore obtain iterative codes for EGCD by augmenting egcd to return (a,c,e). Furthermore, the current codes of egcd are treating the input parameters a and b as working variables, which values change over the execution of the program. By separating the input parameters from the working variables, we obtain the iterative EGCD algorithm as follows:

Hing Leung 6 EGCD(α,β): a b α β c d 1 0 while (b! 0) a b a b c d c d return (a,c,e) Note that the codes above are the same as that given in Knuth s Algorithm X in page 342 of [9] except that we are using matrix notations whereas Kunth uses vectors. 4 Partial Correctness Proof In this section, we prove the partial correctness of the iterative EGCD algorithm. First, we need to determine[ the loop ] invariant. During the execution c d of the iterative EGCD algorithm, is the product of the 2 2 matrices of thorm generated so far in the while loop. On the other hand, [a b] is [[α β] ] multiplied withthesamesequenceof [ ] 2 2 matrices. Thus, c d [a b] [α β]. Next, since [a b] [b a%b] and recall that GCD(a,b) GCD(b,a%b) by the logic of Euclid s algorithm, the greatest common divisor of the current values of a and b must equal the greatest common divisor of the previous values of a and b, which in turn must equal the greatest common divisor of the initial values of a and b, which are α and β respectively. Therefore, GCD(a, b) GCD(α, β). We propose the loop invariant to consist of the two relationship [a b] [α β] and GCD(a,b) GCD(α,β). Next, we will complete the partial correctness proof step by step. We need to verify that the the loop invariant holds when the while loop is first entered. After the initial assignment statement before the while loop

Hing Leung 7 is executed, we have [a b] [α β] and invariant can be easily verified to be valid. [ ] 1 0, for which the loop We now turn the attention to the assignment statement within the while loop. The precondition of the assignment statement is the loop invariant augmented with b 0. Even though the assignment statement involves division by b, it is a safe operation as the precondition guarantees that b is non-zero. From [a b] [α β] of the loop invariant, we can preserve equality by multiplying to each side of the equation the matrix as b 0. Together with thacts that GCD(b,a%b) GCD(a,b) when b 0 (by the logic of Euclid s algorithm) and GCD(a,b) GCD(α,β) (by the loop invariant), we deduce that thollowing holds: [a b] [α β] [ ], and GCD(b,a%b) GCD(a,b) GCD(α,β), and b 0 After performing the assignment statement, the value[a b] isrewrittenasthenew[ab]; isre-writtenasthenew ; [ ][ ] [ ] c d c d GCD(b,a%b) [ is rewritten ] as GCD(a,b) since the new [a b] has taken on the value[ab] [ba%b]; however, thevalueofa%b, whichbecomes the new b value, can no longer be guaranteed to be non-zero. Putting the observations together, the loop invariant again holds after the assignment statement. Finally, we consider the correctness when the loop is exited. Upon exiting the while loop when b 0, the loop invariant still holds. Instantiating b to 0 in the condition GCD(a,b) GCD(α,β) of the loop invariant, we have a GCD(a, [ ] 0) GCD(a, b) GCD(α, β). From the condition [a b] c d [α β] of the loop invariant, we deduce that a αc+βe. Therefore, the return of the triple (a,c,e) by EGCD is correct as a GCD(α,β).

Hing Leung 8 5 Conclusion In this paper, using the leap of faith technique, the recursive extended Euclid s algorithm is first constructed. Taking the original Euclid s algorithm for granted, we do not need any new mathematics insights in extending Euclid s algorithm. Next, applying only simple program transformation technique, and using the associative property of matrix multiplication, we derive the iterative algorithm. The clean process easily pinpoints the loop invariant from which a solid and easy-to-follow partial correctness proof of the iterative algorithm is established. The treatment given in the paper demonstrates the maturity of computer science as a discipline. Relying only on computer science principles, we successfully derive the iterative extended Euclid s algorithm. Our approach complements other developments of the iterative algorithm [1, 2, 8, 9, 10] that require more mathematics insights in their presentations. References [1] A. Aho, J. E. Hopcroft and J. D. Ullman, The Design and Analysis of Computer Algorithms, Addison Wesley, 1974. [2] E. Bach and J. Shallit, Algorithmic Number Theory, Vol. 1: Efficient Algorithms (Foundations of Computing), The MIT Press, 1996. [3] T. Cormen, C. Leiserson, R. Rivest and C. Stein, Introduction to Algorithms, The MIT Press, 2009. [4] S. Dasgupta, C. Papadimitriou and U. Vazirani, Algorithms, McGraw Hill, 2006. [5] S. Epp, Discrete Mathematics with Applications, Brooks/Cole- Thomson, 2004. [6] M. Goodrich and R. Tamassia, Algorithm Design: Foundations, Analysis, and Internet Examples, Wiley, 2001. [7] J. Gordon, Fast Multiplicative inverse in modular arithmetic, in Cryptography and Coding (ed.h.j.beker andf.c.piper), ClarendonPress, Oxford, (1989) 269-279.

Hing Leung 9 [8] D. E. Knuth, The Art of Computer Programming, Volume 1: Fundamental Algorithms, Addison Wesley, 1997. [9] D. E. Knuth, The Art of Computer Programming, Volume 2: Seminumerical Algorithms, Addison Wesley, 1997. [10] T. Koshy, Elementary Number Theory with Applications, Academic Press, 2007. [11] J. Stein, Computational problems associated with Racah algebra, J. Comp. Physics (1967) 397-405.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback