How to Solve

Proposition 2.3 (Extended Euclidean representation) Suppose $a, b\in \mathbb {Z}$ and let $g=\gcd(a,b)$ . Then there exists $x,y\in\mathbb{Z}$ such that

$\displaystyle ax + by = g.$

Proof. [Proof of Proposition 2.3.1] Let $g=\gcd(a,b)$ . Then $\gcd(a/g,b/g)=1$ , so by Proposition 2.1.14 the equation

$\displaystyle \frac{a}{g}\cdot x\equiv 1\left({\rm mod} \hspace{1ex}\frac{b}{g}\right)$

(2.3.1)

has a solution $x\in\mathbb{Z}$ . Multiplying (2.3.1) through by

yields $ax \equiv g \pmod{b}$ , so there exists

such that $b\cdot (-y) = ax-g$ . Then

, as required. $\qedsymbol$

Given

and $g=\gcd(a,b)$ , our proof of Proposition 2.3.1 gives a way to explicitly find

such that

, assuming one knows an algorithm to solve linear equations modulo

. Since we do not know such an algorithm, we now discuss a way to explicitly find

and

. This algorithm will in fact enable us to solve linear equations modulo

--to solve $ax\equiv 1\pmod{n}$ when $\gcd(a,n)=1$ , use the algorithm below to find

and

such that

. Then $ax\equiv 1\pmod{n}.$

Example 2.3 Suppose

and

. The steps of Algorithm 1.1.13 to compute $\gcd(5,7)$ are, as follows. Here we underline certain numbers, because it clarifies the subsequent back substitution we will use to find

and

$\displaystyle \underline{7}$	$\displaystyle =1\cdot \underline{5} + \underline{2}$	so $\displaystyle \underline{2}$	$\displaystyle = \underline{7} - \underline{5}\hfill$
$\displaystyle \underline{5}$	$\displaystyle =2\cdot \underline{2} + \underline{1}$	so $\displaystyle \underline{1}$	$\displaystyle = \underline{5} - 2\cdot \underline{2} = \underline{5} - 2(\underline{7}-\underline{5}) = 3\cdot\underline{5}-2\cdot\underline{7}\hfill$

On the right, we have back-substituted in order to write each partial remainder as a linear combination of

and

. In the last step, we obtain $\gcd(a,b)$ as a linear combination of

and

, as desired.

Example 2.3 That example was not too complicated, so we try another one. Let

and

. We have

$\displaystyle \underline{130}$	$\displaystyle = 2\cdot \underline{61} + \underline{8}$	$\displaystyle \underline{8}$	$\displaystyle = \underline{130}-2\cdot\underline{61}$
$\displaystyle \underline{61}$	$\displaystyle = 7\cdot \underline{8} + \underline{5}$	$\displaystyle \underline{5}$	$\displaystyle = -7\cdot\underline{130}+15\cdot\underline{61}$
$\displaystyle \underline{8}$	$\displaystyle = 1\cdot \underline{5} + \underline{3}$	$\displaystyle \underline{3}$	$\displaystyle = 8\cdot\underline{130}-17\cdot\underline{61}$
$\displaystyle \underline{5}$	$\displaystyle = 1\cdot \underline{3} + \underline{2}$	$\displaystyle \underline{2}$	$\displaystyle =-15\cdot\underline{130}+32\cdot\underline{61}$
$\displaystyle \underline{3}$	$\displaystyle = 1\cdot \underline{2} + \underline{1}$	$\displaystyle \underline{1}$	$\displaystyle = 23\cdot\underline{130}-49\cdot\underline{61}$

Thus

and

is a solution to

Example 2.3 This example is just like Example 2.3.4 above, except we make the notation on the right more compact.

$\displaystyle \underline{130}$	$\displaystyle = 2\cdot \underline{61} + \underline{8}$	$\displaystyle \underline{8}$	$\displaystyle = (1,-2)$
$\displaystyle \underline{61}$	$\displaystyle = 7\cdot \underline{8} + \underline{5}$	$\displaystyle \underline{5}$	$\displaystyle = (-7,15) = (0,1) - 7(1,-2)$
$\displaystyle \underline{8}$	$\displaystyle = 1\cdot \underline{5} + \underline{3}$	$\displaystyle \underline{3}$	$\displaystyle = (8,-17) = (1,-2) - (-7,15)$
$\displaystyle \underline{5}$	$\displaystyle = 1\cdot \underline{3} + \underline{2}$	$\displaystyle \underline{2}$	$\displaystyle = (-15,32) = (-7,15) - (8,-17)$
$\displaystyle \underline{3}$	$\displaystyle = 1\cdot \underline{2} + \underline{1}$	$\displaystyle \underline{1}$	$\displaystyle = (23,-49) = (8,-17) - (-15,32)$

Notice at each step that the vector on the right is just the vector from two steps ago minus a multiple of the vector from one step ago, where the multiple is the cofficient of what we divide by.

SAGE Example 2.3 The SAGE command xgcd(a,b) computes the greatest common divisor

and

along with

such that

sage: xgcd(5,7)
(1, 3, -2)
sage: xgcd(130,61)
(1, 23, -49)

Algorithm 2.3 (Extended Euclidean Algorithm) Suppose and are integers and let $g=\gcd(a,b)$ . This algorithm finds , and such that . We describe only the steps when $a>b\geq 0$ , since one can easily reduce to this case.

[Initialize] Set , , , .
[Finished?] If , set and terminate.
[Quotient and Remainder] Use Algorithm 1.1.12 to write with $0\leq c<b$ .
[Shift] Set and go to step 2. (This shift step is nicely illustrated in Example 2.3.5.)

Proof. This algorithm is the same as Algorithm 1.1.13, except that we keep track of extra variables

, so it terminates and when it terminates $d=\gcd(a,b)$ . We omit the rest of the inductive proof that the algorithm is correct, and instead refer the reader to [#!knuth1!#, §1.2.1] which contains a detailed proof in the context of a discussion of how one writes mathematical proofs. $\qedsymbol$

Algorithm 2.3 (Inverse Modulo

) Suppose and are integers and $\gcd(a,n)=1$ . This algorithm finds an such that $ax\equiv 1\pmod{n}$ .

[Compute Extended GCD] Use Algorithm 2.3.7 to compute integers such that $ax+ny=\gcd(a,n)=1$ .
[Finished] Output .

Example 2.3 Solve $17x \equiv 1\pmod{61}$ . First, we use Algorithm 2.3.7 to find

such that

$\displaystyle \underline{61}$	$\displaystyle =3\cdot\underline{17}+\underline{10}$	$\displaystyle \underline{10}$	$\displaystyle =\underline{61} - 3\cdot\underline{17}$
$\displaystyle \underline{17}$	$\displaystyle =1\cdot\underline{10}+\underline{7}$	$\displaystyle \underline{7}$	$\displaystyle =-\underline{61} + 4\cdot\underline{17}$
$\displaystyle \underline{10}$	$\displaystyle =1\cdot \underline{7}+\underline{3}$	$\displaystyle \underline{3}$	$\displaystyle =2\cdot\underline{61} - 7\cdot\underline{17}$
$\displaystyle \underline{3}$	$\displaystyle =2\cdot\underline{3} +\underline{1}$	$\displaystyle \underline{1}$	$\displaystyle =-5\cdot\underline{61}+18\cdot\underline{17}$