1 / 171

Number-Theoretic Notions in Cryptography

Explore foundational concepts in number theory, including prime and composite numbers, common divisors, and greatest common divisor (GCD). Discover how these concepts are applied in the field of cryptography.

kimberlye
Download Presentation

Number-Theoretic Notions in Cryptography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 00 Introducing Foundations

  2. Elementary Number-Theoretic Notions • An important application of number-theoretic algorithms is in cryptography • - the discipline concerned with encrypting a message sent from one party to another, such that someone who intercepts the message will not be able to decode it. • Let the set Z = { …., -2, -1, 0, 1, 2, 3, ….} of integers. • Let the set N = {0, 1, 2, 3, ….} of natural numbers. • The notation d | a (read “d divides a”) means that a = k*d for some integer k, (i.e., a is k multiple of d).

  3. Prime and Composite Numbers • Definition: • An integer a > 1 is prime if, and only if for all integers m and n, if a = mn, then either m = 1 and n = a or m = a and n = 1. • Or, equivalently, an integer a > 1, whose only divisors are the trivial divisors 1 and a, is said to be a prime number (or, more simply, a prime). • Note: • A prime number has no factors. • The first 20 primes, in order, are • 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71. • There are infinitely many primes (prove!).

  4. Prime and Composite Numbers • Definition: • An integer a > 1 is composite if, and only if there exists integers m and n such that a = m*n where 1 < m, n < a. • An integer a > 1 that is not prime is said to be a composite number (or more simply, a composite). • For example: • 39 is a composite because 3 | 39 and 13 | 39. • That is, it is because 39 has the divisors 3 and 13. • A composite number has at least one factor. • Exceptions: • The integer 1 is said to be a unit and is neither prime nor composite. • The integer 0 and all negative integers are neither prime nor composite.

  5. Common Divisors and Greatest Common Divisor (GCD) Definition: An integer n is the common divisor of x and y if, and only if n is a divisor of x (denoted n | x) and n is also divisor of y (denoted n | y). Example: The common divisors of 24 and 30 are 1, 2, 3 and 6. x but not vice versa

  6. Common Divisors and Greatest Common Divisor (GCD) An important property of common divisors is that n | x and n | y implies that n | (x + y) and n | (x – y). (a0.2) Proof: n | x implies that x = n * q; n | y implies that y = n * Q. Then (x + y) = (n * q + n * Q) = n * (q + Q) which is divisible by n toyield the product (q + Q). Thus n | (x + b). x but not vice versa

  7. The following statement will be used in Theorem 0.4. If x | y, then either |x| ≤ |y| or y = 0, and x | y and y | x implies that x = y. (a0.4) Proof: If x | y then either |x| ≤ |y| or y = 0. If y | x then either |y| ≤ |x| or x = 0. This implies that {|x| ≤ |y| and |y| ≤ |x|} or {y = 0 and x = 0} which both implies x = + y.

  8. Definition: Let x and y are integers that are not both zero. Then the greatest common divisor of x and y, denoted gcd(x, y) is the largest integer d that divides both of them. i.e., d | x and d | y. Note: The integer d has the following properties: d is a common divisor of both x and y, i.e., d | x and d | y. For all integers c, if c is a common divisor of both x and y (i.e., c | x and c | y), then c d.

  9. Example 0.29: The positive divisors of 24 are 1, 2, 3, 4, 6, 8, 12 and 24. The positive divisors of 30 are 1, 2, 3, 5, 6, 10, 15 and 30. So the common positive divisors of 24 and 30 are 1, 2, 3 and 6. The value of gcd(24, 30) is 6.

  10. We define gcd(0, 0) = 0. This definition is necessary to make standard properties of the gcd function (such as gcd(x, 0) = |x| ) universally valid. The following are elementary properties of the gcd function: gcd(a, b) = gcd(b, a), gcd(a, b) = gcd(-a, b), gcd(a, b) = gcd(|a|, |b|), gcd(a, 0) = |a|, and gcd(a, ka) = |a|, for k ɛ Z = { …., -2, -1, 0, 1, 2, …} of integers.

  11. Lemma 0.1.1 If x is a positive integer, then gcd(x, 0) = x. Proof: Suppose x is a positive integer. Certainly x is a common divisor of both x and 0 because x divides itself (i.e., x | x) and also x divides 0 (i.e., x | 0). Also no integer greater than x can be a common divisor of x and 0, (since no integer greater than x can divide x). Hence x is the greatest common divisor of x and 0. QED

  12. Lemma 0.1.2 If x and y are any integers not both zero, and if q and r are any integers such that x = y * q + r, then GCD(x, y) = GCD(y, r). Proof: [The proof is divided into two parts: (1) proof that gcd(a, b) gcd(b, r), and (2) proof that gcd(b, r) gcd(a, b). Since each gcd is less than or equal to the other, the two must be equal.] Note that r = x mod y.

  13. Proof of Lemma 0.1.2: • 1. gcd(a, b) gcd(b, r): • [We will first show that any common divisor of a and b is also a • common factor of b and r.] • Let a and b be integers, not both zero, and let c be a common • divisor of a and b Then c|a and c|b, and by definition of divisibility, • a = nc and b = mc, for some integers n and m. • Now substitute into the equation • a = bq + r • to obtain • nc = (mc)q + r. • Then solve for r: • r = nc- (mc)q = (n – mq)c. • But n – mq is an integer, and so, by definition of divisibility, c|r. • Because we already know that c|b, we can conclude that c is a • common divisor of b and r [as was to be shown].

  14. Proof of Lemma 0.1.2: • 1. gcd(a, b) gcd(b, r): • [Next we show that gcd(a, b) gcd(b, r).] • By part(a), every common divisor of a and b is a common divisor of • b and r. It follows that the greatest common divisor of a and b is • defined since a and b are not both zero, and it is a common divisor • of b and r. But then gcd(a, b) (being one of the common divisors • of b and r) is less than or equal to the greatest common divisor of b • and r: • gcd(a, b) gcd(b, r). • 2. gcd(a, r) gcd(a, b): • The second part of the proof is very similar to the first part. It is left as • an exercise. • QED

  15. Example 0.30: According to the previous Lemma 0.1.2, gcd(64, 24) = gcd(24, 16), because 16 = 64 mod 24 or 64 = 2 * 24 + 16. We can continue in this manner to determine gcd(64, 24). That is, give a = 64, b = 24, a = q*b + (a mod b), gcd(64, 24) = gcd(24, 16) for 64 = 2 * 24 + 16 = gcd(16, 8) for 24 = 1*16 + 8 = gcd(8, 0) for 16 = 2 * 8 + 0 = 8 for 8 = 0 * 0 + 8. Note that gcd(24, 64) = gcd(64, 24)

  16. Example 0.31: gcd(60, 24) = gcd(24, 12) = gcd(12, 0) = 12. gcd(17, 15) = gcd(15, 2) = gcd(2, 1) = gcd(1, 0) = 1 gcd(37, 8) = gcd(8,5) = gcd(5,3)= gcd(3, 2) = gcd(2, 1) = gcd(1,0) = 1 gcd(37,10) = gcd(10, 7) = gcd(7,3 )= gcd(3, 1) = gcd(1,0)=1

  17. Given two integers a and b with a > b 0, The Euclidean Algorithm computes GCD(a, b) based on two facts: GCD(a, b) = GCD(b, a mod b), where a = b * q + r , 0 r < b, and r = a mod b. 2. GCD(a, 0) = a.

  18. Algorithm Euclid (m, n) //Compute gcd(m, n) by Euclidean algorithm Input: two non-negative m and n, not both zero integers Output: the greatest common divisor of m and n while n ≠ 0 do { if (n = = 0) r ← m mod n; then return m m ← n; else Euclid(n, m mod n) n ← r;} return m.

  19. Let us rewrite the iterative Euclid algorithm as follows: • Input: A, B [integers with A > B 0] • Algorithm: • a := A; b := B; r := B; • while (b 0) { • r := a mod b; • a := b; • b := r; • } //end while; • gcd := a; • Output: gcd. a := A; b := B; r := B; b 0 r := a mod b; a := b; b := r; gcd := a;

  20. Recall: • Several characteristics of Algorithms: • … • The same algorithm can be represented in several different ways. [Different ways for specifying an algorithm]Euclidean algorithm can be defined recursively or non-recursively. Another example is nth Fibonacci Term which can be computed recursive and iterative. • Algorithms for the same problem can be based on very different ideas and can solve the problem with dramatically different speeds. [Various Speeds of different Algorithms for solving the same problem.] For m > n > 0, the number of recursive calls for Euclid algorithm is O(log n). For the worse one, it has 2n recursive calls.

  21. Example 0.32: Find the greatest common divisor of two integers, 7,276,500 and 3,185,325. gcd(7,276,500, 3,185,325) = gcd(3,185,325, 905,850) = gcd(905,850, 467,775) = gcd(467,775, 438,075) = gcd(438,075, 29,700) = gcd(29,700, 22,275) = gcd(22,275, 7,425) = gcd(7,425, 0) = 7,425 It requires 7 recursive calls to get the solution 7,425. Let n = 3,185,325 log n = 21 For the worse case, the number of recursive calls is about 21 times.

  22. gcd(222…, 7425) gcd(72.., 318…) gcd(318…, 905) gcd(7425, 0) Euclid’s Algorithm 7425 gcd(318.., 905…) gcd(7425, 0) gcd(222…, 7425) gcd(905…, 467…)

  23. Input: A, B [integers with A > B 0] • Algorithm: • m := A; • n := B; • r := B; • while (n 0) { • r := m mod n; • m := n; • n := r; • } //end while; • gcd := m; • Output: gcd. • Definition: An algorithm is said to be correct if, for every input instance, it halts with the correct output. • The algorithm will eventuallyhalt: • The new value of n on the next iteration is m mod n, which is always smaller than n (since 0 ≤ r < n, for r = m mod n). The value of the second number of the pair (m, n), (which is gcd(m ← n, n ← r), r = m mod n) eventually becomes 0 and it cannot become negative. The algorithm stops.

  24. Algorithm Euclid (m, n) //Compute gcd(m, n) by Euclid’s algorithm Input: two non-negative m and n, not both zero integers Output: the greatest common divisor of m and n Pre-condition: {m > n 0} while n ≠ 0 do { if (n = = 0) r ← m mod n; then return m m ← n; else Euclid(n, m mod n) n ← r;} return m.

  25. Correctness if the Euclidean Theorem • Input: A, B [integers with A > B 0] • Algorithm: • [pre-cond: A and B are integers with A > B 0, • a = A, b = B, r = B] • a := A; b = B; r = B; • [I(n): gcd(a, b) = gcd(A, B), 0 b < a] • while (b 0) { • r := a mod b; • a := b; • b := r; • } //end while; • [post-cond: a = gcd(A, B)] • gcd = a; • Output: gcd. a := A; b := B; r := B; b 0 r := a mod b; a := b; b := r; gcd := a;

  26. {I and G} S {I} {I} while G do S end {Q} Correctness if the Euclidean Theorem Proof: To prove the correction of the loop, let the invariant be I(n): gcd(a, b) = gcd(A, B), 0 b < a. The guard of the while loop is G: b 0. Basic Property: [I(0) is true before the first iteration of the loop] Need to show: I(0) is gcd(A, B) = gcd(a, b) and 0 b < a. According to the pre-condition, a = A, b = B, r = B, and 0 B < A. Hence gcd(A, B) = gcd(a, b).Since 0 B < A, b = B and a = A, then 0 b < a. Hence I(0) is true. Inductive Property: [if G ˄ I(k) is true before an iteration of the loop (where k 0), then I(k+1) is true after iteration of the loop]. … I(0): gcd(A, B) = gcd(a, b), 0 b < a. a := A; b := B; r := B; {P} {I}

  27. To prove the correction of the loop, let the invariant be I(n): gcd(a, b) = gcd(A, B), 0 b < a. The guard of the while loop is G: b 0. Inductive Property: [if G ˄ I(k) is true before an iteration of the loop (where k 0), then I(k+1) is true after iteration of the loop]. Suppose k is a nonnegative integer such that G ˄ I(k) is true before an iteration of the loop. [We must show that I(k+1) is true after iteration of the loop.] Since G is true, bold 0 and the loop is entered. And since I(k) is true, immediately before statement “r := a mod b;” is executed. gcd(aold, bold) = gcd(A, B), 0 bold < aold. ………………… (E.01) After execution of statement “r := a mod b;” , rnew := aold mod bold . Thus, by the quotient-remainder theorem, aold = bold * q + rnew for some integer q {I and G} S {I}

  28. and rnewhas the property that • 0 rnew < bold. …………………..(E.02) • By Lemma 0.1.2, • gcd(aold, bold) = gcd(bold, rnew). • So by the equation of (E.01) gcd(aold, bold) = gcd(A, B), 0 bold < aold. , • gcd(bold, rnew) = gcd(A, B), ..………………….(E.03) • When statements “a := b; b := r;” are executed, • anew = bold and bnew = rnew . ..………………….(E.04) • Substituting equations (E.04) into equation (E.03) and inequality (E.02) yields • gcd(anew, bnew ) = gcd(A, B), ..………………….(E.05) • and 0 bnew < anew ..…………………..(E.06) • respectively. Hence, after the iteration of the loop, by equations (E.05) and (E.06), • gcd(a, b) = gcd(A, B), 0 b < a, • which is I(k+1). [This is what we need to show.]

  29. III. Eventual Falsity of the Guard: [after a finite number of iterations of the loop, G becomes false.] Each value of obtained by repeated iteration of the loop is nonnegative and less than the previous value of b. Thus, by the well-ordering principle, there is a least value bmin. The fact is that bmin = 0. [If bmin is not 0, then the guard is true, and so the loop is iterated another time. In this iteration a value of r is calculated that is less than the previous value of b, bmin. Then the value of b is changed to r, which is less than bmin. This contradicts the fact that bminis the least value of b obtained by repeated iteration of the loop. Hence bmin= 0.] Since bmin= 0, the guard is false immediately following the loop iteration in which bminis calculated. The loop terminates

  30. IV. Correctness of the Post-Condition. [If N is the least number of iterations after which G is false and I(N) is true, then the values of the algorithm variables will be as specified in the post-condition.] Suppose that for some nonnegative integer N, G is false and I(N) is true. [We must show the truth of the post-condition: a = gcd(A, B).] Since G is false, b = 0, and since I(N) is true, gcd(a, b) = gcd(A, B). …………(E.07) Substituting b = 0 into equation (E.07) give gcd(a, 0) = gcd(A, B). But by Lemma 0.1.1, gcd(a, 0) = a. Hence, a = gcd(A, B) [as was to be shown.] {I and G} {Q}

  31. Lemma 0.0: If a ≥ b, then a mod b < a/2. • Proof: Consider a ≥ b. Then • b a/2 a • a mod b • or • a/2 b a • a mod b • By observation, either b ≤ a/2 or b > a/2. These two cases are shown in the figure above. • Case 1: If b ≤ a/2, then we have a mod b < b ≤ a/2, since 0 ≤ a mod b < b. • Case 2: If b > a/2, then a mod b = a – b < a/2. [Since a mod b = a – q*b, then q = 1 for b > a/2. Therefore a – b < a/2.] QED. e.g., 84 mod 30 = 24 < 84/2 e.g., 84 mod 60 = 84-60 < 84/2

  32. Algorithm Euclid(m, n) { if (n = = 0) then return m else Euclid(n, m mod n) } Rationalize: Euclid(n, m mod n), wherem mod n < m/2. Let say, m mod n = m/2. Euclid(n, m mod n) reduces m by one bit through right shift. Euclid(m mod n, n mod (m mod n) ) where n mod (m mod n) < n/2. This reduces n by one bit through right shift. This means,after two consecutive rounds, both arguments, m and n, are at the very least halved in value. This means: Assume that both m and n are of n-bit integers. Then the base case will be reached with 2n recursive calls. i.e., gcd(a, b) = gcd(b, a mod b) = gcd(a mod b, b mod (a mod b)). Then 2n recursive calls are needed. Each requires O(n2 ). That is, the total running time is 2n * O(n2 ) = O(n3 ) .

  33. The overall running time of Euclid is proportional to the number of recursive calls it makes. • Our analysis makes use of the Fibonacci numbers Fk, defined by the following recurrence: • Fi = Fi-1 + Fi-2 for i ≥ 2, • F0 = 0, F1 = 1. • Note that, in the following sequel, • F(k) = F(k-1) + F(k-2), k ≥ 2; F(0) = 0 and F(1) = 1 • is equivalent to write • Fk = Fk-1+ Fk-2 k ≥ 2 and F0 = 0 and F1 = 1.

  34. Lemma 0.1: If m > n ≥ 1 and the invocation Euclid(m, n) performs k ≥ 1 recursive calls, then m ≥ Fk+2 and n ≥ Fk+1, where Fkis the kth number in the Fibonacci sequence. Algorithm Euclid(m, n) { if (n = = 0) then return m else Euclid(n, m mod n) } Example: Fibonacci sequence is: 0 1 1 2 3 5 8 13 21 34 55 89 … where k is: 0 1 2 3 4 5 6 7 8 9 10 11 … Euclid(13, 89) = Euclid(89, 13%89) = Euclid(13, 89%13) = Euclid(11, 13%11) = Euclid(2, 11%2) = Euclid(1, 0) = 1. It requires 5 recursive calls. n = 13 = ≥ F6+1 where k = 6

  35. Proof: The proof is by induction. Induction base: Suppose the call gcd(m, n) results in 1 recursive call. That means, n ≠ 0 and k = 1. Let k = 1. Since n ≥ 1 n ≥ F1+1 = F2 = 1, because F2 = F1 + F0 = 1 + 0 = 1. Since m > n, we have m ≥ 2, which means m ≥ F1+2 = F3 = 2, because F3 = F2 + F1 = 1 + 1 = 2. Since n > (m mod n), in each recursive call the first argument is strictly larger than the second; the assumption that m > n therefore holds for each recursive call.

  36. Induction hypothesis: Assume the lemma is true if k – 1 recursive calls are made. Induction step: We need to show the lemma is true if k ≥ 2 recursive calls are made. That means we need to show m ≥ Fk+2 and n ≥ Fk+1. The first recursive call is gcd(n, m mod n). Since there are k recursive calls in all, this call must require k – 1 recursive calls. Since k ≥ 2, there is at least one more recursive call, which means m mod n ≥ 1. Therefore, since n > m mod n, the conditions of the induction hypothesis are satisfied, which means n ≥ Fk+1 and m mod n ≥ Fk. (e0.1)

  37. So we have arrived at least one of the inequalities we need to show. Towards showing the other, we have m = q*n + m mod n, (e0.2) where q is the quotient of dividing m by n. since m > n, q ≥ 1. Inequality (e0.1) and Equality (e0.2) therefore imply m ≥ n + m mod n ≥ Fk+1+ Fk = Fk+2 . This completes the proof. QED

  38. Note that the induction step also can be written as follows: Assume that the lemma is true if k – 1 recursive calls are made. We shall then prove that it is true for k recursive calls. Since k > 0, we have n > 0, and Euclid(m, n) calls Euclid(n, m mod n) recursively, which in turn makes k -1 recursive calls. The inductive hypothesis then implies that n ≥ Fk+1 (thus proving part of the lemma), and (m mod n) ≥Fk. We have n + (m mod n) = n + (m – └ m / n ┘ * n) ≤ m. Since m > n > 0 implies └ m / n ┘ ≥ 1. Thus, m ≥ n + (m mod n) ≥ Fk+1+ Fk = Fk+2

  39. The following theorem is an immediate corollary of Lemma 0.1. Theorem 0.5 (Lame’s Theorem): For any integer k ≥ 1, if m > n ≥ 1 and n < Fk+1 then the call Euclid(m, n) makes fewer than k recursive calls. Example: Fibonacci sequence is: 0 1 1 2 3 5 8 13 21 34 55 89 … where k is: 0 1 2 3 4 5 6 7 8 9 10 11 … Let n = 13. 13 < F7+1 where k = 7 E(21, 13) = E(13, 21mod13 = 8) = E(8, 13mod8 = 5) = E(5, 8mod5 = 3) = E(3, 5mod3 = 2) = E(2, 3mod2 = 1) = E(1, 2mod1 = 0) = 0. It needs 6 recursive calls, fewer than k = 7 where 13 < F7+1 = 21.

  40. Theorem 0.5 (Lame’s Theorem): For any integer k ≥ 1, if m > n ≥ 1 and n < Fk+1 then the call Euclid(m, n) makes fewer than k recursive calls. Proof: when k = 1, we do not have F2 > F1 for F(2) = F(1) = 1. Therefore we begin k = 2. For the base, k = 2, the call Euclid(F3, F2) = Euclid(2, 1) = Euclid(1, 2 mod 1) makes exactly one recursive call to Euclid(1, 0). By induction, we can show, for k > 2, we have Fk > Fk-1 > 0 and Fk+1 = Fk + Fk-1 and therefore we have Fk+1 mod Fk = Fk-1 . Thus we have Euclid(Fk+1, Fk) = Euclid(Fk, Fk+1 mod Fk) = Euclid(Fk, Fk-1) Therefore the call Euclid(Fk+1, Fk) recurses one time more than the call Euclid(Fk, Fk-1), or exactly k – 1 times, assuming that Euclid(Fk, Fk-1) makes exactly k - 2 recursive calls. QED

  41. Complexity of Euclid’s algorithm: • By Lame’s theorem you find a first Fibonacci number larger than n. If it is Fk+1 there are fewer than k recursive calls. Thus the number of the recursive calls in Euclid is O(log n), assuming n = 2k. • If m > n 0, we can show Euclid(m, n) makes at most 1 + logn recursive calls. Since Fk, where is the golden ratio , the number of recursive calls in Euclid is O(log n). • Thus, if we call Euclid on two -bit numbers, then it performs O() arithmetic operations and O(3) bit operations (assuming that multiplication and division of -bit numbers take O(2) bit operations). • Anyway the worst-case number of recursive calls for input size m, n • isO((log m)(log n)) bit operations.

  42. Consecutive integer checking algorithm for computing gcd(m,n) Principle: Let t = min{m, n} to be the possible common divisor for the given numbers m and n. Test whether t | m. If not reduce t by one, then test the new t = t – 1 | m. Repeat this process until the new t | m. (The new t = t – 1). Then we test whether the new t | n. If yes, then t is the common divisor of m and n. Otherwise, repeat the same process for the smaller t (at least one less than the current t) as the possible common divisor for the given number m and n.

  43. Consecutive integer checking algorithm for computing gcd(m,n) t = min{5, 0}; r = 5 mod 0 implies that r = 5 – 0 – 0 - … - 0 operates infinitely. Step 1: t ← min{m, n}. Step 2: remainder = m mod t. If the remainder is 0, go to Step 3; Otherwise, go to Step 4. Step 3: remainder = n mod t. If the remainder of n mod t is 0, return t as the answer and stop; otherwise, proceed to Step 4. Step 4: Decrease the value of t by 1. Go to Step 2.

  44. This algorithm does not work correctly when one of the inputs numbers is zero (why? On Step 2: r = (3, 0) = 3, then go to Step 4. t = 0 – 1 = -1. This fails to work!). • This example illustrates why it is so important to specify the range of an algorithm’s input explicitly and carefully. • Definition: An algorithm is said to be correct if, for every input instance, it halts with the correct output.

  45. Several characteristics of Algorithms: • … • The range of inputs for which an algorithm works has to be specified carefully. [Well-specified inputs’ range] Consecutive integer checking algorithm for computing gcd(m, n) does not work correctly when one of the input numbers is zero.

  46. Example 0.33: Find gcd(11, 3). • Let m = 11 and n = 3. • Step 1: t = min{ 11, 3} = 3. • Step 2: r = 11 mod 3 = 2 ≠ 0. • Go to Step 4 • Step 4: t = t -1; that is, t = 3 – 1 = 2. • Go to Step 2. • Step 2: r = 11 mod 2 = 1 ≠ 0. • Go to Step 4. • Step 4: t = t -1; that is, t = 2 – 1 = 1. • Go to Step 2. • Step 2: r = 11 mod 1 = 0. • Then go to step 3 • Step 3: r = n mod t; that is r = 3 mod 1 = 0; • then return t = 1 as the answer and stop.

  47. Example 0.35: Another example for finding gcd(16, 12) • Let m = 16 and n = 12 • Step 1: t = min{16, 12}. • Step 2: r = 16 mod 12 = 4 ≠ 0. Go to Step 4. • Step 4: t = t - 1; that is, t = 12 – 1 = 11. • Go to Step 2. • Step 2: r = 16 mod 11 = 5 ≠ 0. Go to Step 4 • Step 4: t = t - 1; that is, t = 11 – 1 = 10. • Go to Step 2. • Step 2: r = 16 mod 10 = 6 ≠ 0. Go to Step 4. • Step 4: t = t - 1; that is, t = 10 – 1 = 9. • Go to Step 2. • Step 2: r = 16 mod 9 = 7 ≠ 0. Go to Step 4 • Step 4: t = t - 1; that is, t = 9 - 1 = 8. • Go to Step 2.

  48. Step 2: r = 16 mod 8 = 0. Then go to step 3 Step 3: r = n mod t; that is r = 12 mod 8 = 4 ≠ 0. Then, Go to Step 4 {So far, what we find 16 is divisible by 8, but 12 is not divisible by 8. Therefore 8 is not a common divisor. It must be a number which is smaller than 8. So what is the smaller number such that 16 is divisible by the smaller number.} Step 4: t = t - 1; that is, t = 8 - 1 = 7. Go to Step 2.

  49. {Second iteration} Step 2: r = 16 mod 7 = 2 ≠ 0. Go to Step 4. Step 4: t = t - 1; that is, t = 7 – 1 = 6. Go to Step 2. Step 2: r = 16 mod 6 = 4 ≠ 0. Go to Step 4 Step 4: t = t - 1; that is, t = 6 – 1 = 5. Go to Step 2. Step 2: r = 16 mod 5 = 1 ≠ 0. Go to Step 4. Step 4: t = t - 1; that is, t = 5 – 1 = 4. Go to Step 2. Step 2: r = 16 mod 4 = 0. Go to Step 3 Step 3: r = n mod t; that is r = 12 mod 4 = 0; then return t = 4 as the answer and stop.

More Related