Extended Euclidean Algorithm Presented by Lidia Abrams Anne Cheng

2 Euclidean Algorithm THEOREM If m and n are any integers, not both zero, then the Greatest Common Divisor of m and n, denoted gcd(m,n) is the largest of the common divisors of m and n. If m and n are any integers, not both zero, then the Greatest Common Divisor of m and n, denoted gcd(m,n) is the largest of the common divisors of m and n.

3 FORMULAFORMULA To compute the gcd of two numbers m and n, let r 0 = m, let r 1 = n, and compute successive quotients and remainders To compute the gcd of two numbers m and n, let r 0 = m, let r 1 = n, and compute successive quotients and remainders r i-1 = q i +1 x r i + r i+1 for i = 1,2,…until some remainder r n+1 is 0. The last nonzero remainder r n is then the greatest common divisor of m and n. for i = 1,2,…until some remainder r n+1 is 0. The last nonzero remainder r n is then the greatest common divisor of m and n.

4 FORMULA – cont. m =q 1 x n + r 1 n =q 2 x r 1 + r 2 r 1 =q 3 x r 2 + r3 r 2 = q 4 x r 3 + r 4. r n-3 = q n-1 x r n-2 + r n-1 r n-2 = q n x r n-1 + r n gcd r n-1 = q n+1 x r n + 0

5 FLOWCHARTFLOWCHART Ensure m ≥ n Find remainder Is r = 0 Interchange Terminate Yes No

6 ALGORITHMALGORITHM //Computes gcd(m, n) by Euclid’s algorithm //Input: Two nonnegative, not-both-zero integers m and n //Output: Greatest common divisor of m and n //***************************************************** 1. If m < n, exchange m and n 2. If n = 0, return m, terminate; else step Divide m by n and let r be the remainder. (0 ≤ r < n) 4. If r = 0, terminate; n is the answer. 5. Set m = n, n = r, and go back to step 3.

7 ALGORITHM -- Pseudocode Euclid(m, n) 1.If n = 0 2. then return m 3. else return Euclid(n, m mod n)

8 EXAMPLEEXAMPLE Calculate: gcd(22, 60) = gcd(60,22) 60 = 2 x = Euclid(22,16) 22 = 1 x = Euclid(16,6) 16 = 2 x = Euclid(6,4) 6 = 1 x gcd = Euclid(4,2) 4 = 2 x = Euclid(2,0) = 2. = 2.

9 Extended Euclid’s Algorithm THEOREM If m and n are any positive integers, not both zero, gcd(m, n) is the smallest positive element of the set If m and n are any positive integers, not both zero, gcd(m, n) is the smallest positive element of the set {am + bn: a,b in Z} of linear combinations of m and n. {am + bn: a,b in Z} of linear combinations of m and n.Thus: am + bn = gcd(m, n) = d am + bn = gcd(m, n) = d

10 FLOWCHARTFLOWCHART S1: m > 0, n >0 S3: am+bn = d, a’m+b’n = c = qd + r, 0 ≤ r < d, gcd(c,d) = gdc(m,n) S2: c = m > 0, d = n > 0, a = b’= 0, a’b = 1. S4: am + bn = f = gcd(m, n). S5: am+bn = d, a’m+b’n = c = qd + r, 0 < r < d m gcd(c,d) = gcd(m,n). c = d, d = r t=a’, a’=a, a= t - qa; t=b’, b’=b, b=t - qb; Start a=0 a’=1 c=m b=1 b’=0 d=n q=quotient(c%d) r=remainder(c%d) r = 0? Stop No Yes S6: am+bn = d, a’m+b’n = c, d > 0, gcd(c,d) = gcd(m,n)

11 ALGORITHMALGORITHM //Input: Two positive integers m and n //Output: Greatest common divisor d and two integers a and b, such that am + bn = d //***************************************************** 1.Set a’ = b = 1, a = b’ = 0, c = m, d = n. 2.Let q, r be the quotient and remainder, respectively, of c divided by d. (We have c = qd + r, 0 ≤ r < d) 3.If r = 0, terminate; we have in this case am + bn = d as desired. 4.Set c = d, d = r, t = a’, a’ = a, a = t – qa, t = b’, b’ = b, b = t – qb, and go back to step 2.

12 ALGORITHM – Pseudocode Extended-Euclid(m, n) 1If n = 0 2 then return (m, 1, 0) 3(d’, a’, b’) = Extended-Euclid(n, m mod n) 4(d, a, b) = (d’, b’, a’ – floor(a/b)b’) 5return (d, a, b)

13 EFFICIENCYEFFICIENCY The number of recursive calls made in Euclid is equal to the number of recursive calls made in Extended-Euclid, the running times of both algorithms are the same, to within a constant factor. For a > b > 0, the number of recursive calls is O(logn).

14 EXAMPLEEXAMPLE m = 2 x n + 16 n = 1 x = 2 x = 1 x = 2 x = m – 2n 6 = n – 1 x 16 = n – 1 x (m – 2n) = -m + 3n 4 = 16 – 2 x 6 = (m – 2n) – 2 x ( -m + 3n) = (3m – 8n) 2 = 6 – 1 x 4 = (-m + 3n) – 1 x (3m – 8n) = -4m + 11n

15 Example – cont m n r q a b Next a = next-to-last a - q*(last a) a = 1 - 2*0 = 1 Next b = next-to-last b - q*(last b) b = 0 - 2*1 = -2

16 Example – cont m n r q a b a = 0 - 1*1 = -1 b = 1 - 1*(-2) = 3

17 Example – cont m n r q a b a = 1 - 2*(-1) = 3 b = *3 = -8

18 Example – cont m n r q a b a = *3 = -4 b = 3 - 1*(-8) = 11

19 Euclid’s Game !! The game is really very simple. It helps clarify the Euclid's algorithm and the notion of the Greatest Common Divisor of two integers. The difference of any two numbers is divisible by their gcd. Assuming the two original numbers are N and M and N>M (In the applet they are never equal.) Then the only numbers that could be obtained by taking differences are the multiples of gcd(N,M). Furthermore, all such numbers will eventually appear on the board regardless of the sequence of moves (why?). Therefore, the total number of integers that will be written on the board equals N/gcd(N,M). From here you may calculate whether it's preferable to start or let the computer make the first move.Euclid's algorithmGreatest Common Divisorwhy?

20 CRYPTOGRAPHY-- RSA Background: RSA was developed by 3 MIT researchers: Ronald Rivest, Adi Shamir, and Leonard Adleman Background: RSA was developed by 3 MIT researchers: Ronald Rivest, Adi Shamir, and Leonard Adleman Searching for a more complete Public Key Cryptography approach than Diffie-Hellman. Published in 1977 and Patented in September sets of keys, public and private keys. Strength of RSA comes from the difficulty of factoring large prime numbers. RSA algorithm is based on the fact that there is no efficient way to factor very large numbers. Deducing an RSA key, therefore, requires an extraordinary amount of computer processing power and time. RSA PROVING: mgt.com.au/rsa_theory.html

21 RSA Concepts M = message C = encrypted message Encryption:: P(M)– public key pair (e,n) C = P(M), where C = M e mod n e = public exponent, which is relative prime number to (p-1)(q-1) Decryption:: S(m)– private key pair (d,n). S(C ) = M, where M = C d mod n d = private exponent, which is any integer satisfies (ed-1)/ (p- 1)(q-1) is an integer.

22 RSA– Steps to encrypt data 1)Select 2 prime numbers: p & q. 2)Find the n = p*q, where n is the public and private key pairs 3)Find e. e must be relative prime to (p-1)(q-1) 4)Find d. d must be chosen so (ed-1)/(p-1)(q-1) is an integer by using Extended Euclidean Algorithm. If d satisfies the equation, then d will be the multiplicative inverse 4)Find d. d must be chosen so (ed-1)/(p-1)(q-1) is an integer by using Extended Euclidean Algorithm. If d satisfies the equation, then d will be the multiplicative inverse of e. 5) 5)Discard p and q. only the public key(e,n) and private(d,n) are needed now.

23 How to get Key pairs??? 1)Select 2 prime numbers: p = 11, q = 3 2)Find n = p*q : n = 11*3=33 3)Find e, relative prime, to (11-1)*(3-1) = 20: e = 3 4)Find d, making (ed-1)/(p-1)(q-1) is an integer.  (3d-1)/10 = k, where k is an integer  become  3d -1 = 10k  3d + (-10) k = 1  using Extended Euclidean Algorithm to find integer d, k  d = 7 k = 2, it satisfies the eqn  (3*7-1)/10 = 2 (=k) is an integer. 5)Discard p,q: public pair(e,n) vs. private pair(d,n)  public(3,33) vs. private(7,33)  public(3,33) vs. private(7,33)

24 How to encrypt data “G” now??? Since we have the public key pairs(3,33) and private key pairs(7,33), we can encrypt our data now. For example, we want to encrypt “GO.” In alphabet, G = 7 and O = 15. First, we encrypt “G.” We know: C = P(M) = encrypted data. Thus, M = 7 and find C? C = P(7) = M e mod n = 7 3 mod 33 = 13  C = 13

25 How to decrypt data “G” now?? Since we have C = 13 and private key pair is (7,33), M = S( C)= C d mod n.We can apply: M = 13 7 mod 33 =  M = 7. Then, according to alphabet, M = 7 is the location of “G” Note: a = bc mod n = (b mod n) * (c mod n)

26 To encrypt vs. decrypt “O” Public(e,n) = public(3,33) Private(d,n) = private(7,33) To encrypting: C = M e mod n O = 15  M C = P(M) = P(15) = 15 3 mod 33 = 9 To decrypting: M = C d mod n M = 9 7 mod 33 = sa.html

27Issue?? The n is 33. there are 0-32 n’s maps to a unique code C in the same range in a sort of random manner. In this case, we have 9 values of m to the same value of C – these are know as unconcealed message. We always have the issue of M=0 or M = 1 no matter how large n is. However, in practice, higher values shouldn’t be a problem when we use large values of n.

28 RSA Conclusion Bigger is Better: In practice, large values for p and q should be used to create keys of about 100 digits, or even more. The larger the key strings are, the more difficult By convenient accident, the program doesn’t echo the values of p and q. That is just as well, because those two numbers must never be revealed. After you have your key numbers, you no longer need p and q, so all traces of those two numbers can and probably should be erased. To do the encryption (C = m e mod n) is very easy, but it is very difficult to decrypt M = c d mod n.

29 QUESTIONS & ANSWERS