Lehmer's GCD algorithm: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 18:18, 7 January 2015 edit Glrx (talk \| contribs) Extended confirmed users, Pending changes reviewers, Rollbackers 29,708 edits m Reverted edits by 223.223.138.93 (talk) to last version by Yobot ← Previous edit		Latest revision as of 18:19, 11 January 2020 edit undo 122.167.106.26 (talk) No edit summary
(8 intermediate revisions by 8 users not shown)
Line 1: {{short description\|Fast greatest common divisor algorithm}} '''Lehmer's GCD algorithm''', named after [[Derrick Henry Lehmer]], is a fast [[greatest common divisor\|GCD]] [[algorithm]], an improvement on the simpler but slower [[Euclidean algorithm]]. It is mainly used for big integers that have a representation as a string of digits relative to some chosen numeral system [[radix\|base]], say ''β''~~ ~~ =~~ ~~ 1000 or ''β''~~ ~~ =~~ ~~ 2<sup>32</sup>. == Algorithm == Lehmer noted that most of the [[quotient]]s from each step of the division part of the standard algorithm are small. (For example, [[Donald Knuth\|Knuth]] observed that the quotients 1, 2, and 3 comprise 67.7% of all quotients.<ref name="knuth2">[[Donald Knuth\|Knuth]], ''[[The Art of Computer Programming]] vol 2 "Seminumerical algorithms"'', chapter 4.5.3 Theorem E.</ref>) Those small quotients can be identified from only a few leading digits. Thus the algorithm starts by splitting off those leading digits and computing the sequence of quotients as long as it is correct. Say we want to obtain the GCD of the two integers ''a'' and~~ ~~ ''b''. Let ''a''~~ ~~ ≥~~ ~~ ''b''. * If ''b'' contains only one digit (in the chosen [[radix\|base]], say ''β''~~ ~~ =~~ ~~ 1000 or ''β''~~ ~~ =~~ ~~ 2<sup>32</sup>), use some other method, such as the [[Euclidean algorithm]], to obtain the result. * If ''a'' and ''b'' differ in the length of digits, perform a division so that ''a'' and ''b'' are equal in length, with length equal to ''m''. * ''Outer loop:'' Iterate until one of ''a'' or ''b'' is zero: Decrease ''m'' by one. Let ''x'' be the leading (most significant) digit in ''a'', ''x''~~ ~~ =~~ ~~ ''a''~~ ~~ div~~ ~~ ''β''<sup>~~ ~~ ''m''</sup> and ''y'' the leading digit in ''b'', ''y''~~ ~~ =~~ ~~ ''b''~~ ~~ div~~ ~~ ''β''<sup>~~ ~~ ''m''</sup>. Initialize a 2~~ ~~ by~~ ~~ 3 [[matrix (mathematics)\|matrix]] ::<math>\textstyle \begin{bmatrix} A & B & x\\ C & D & y \end{bmatrix} </math> to an extended [[identity matrix]] <math>\textstyle \begin{bmatrix} 1 & 0 & x \\ 0 & 1 & y\end{bmatrix}, </math> :and perform the euclidean algorithm simultaneously on the pairs (''x''~~ ~~ +~~ ~~ ''A'',~~ ~~ ''y''~~ ~~ +~~ ~~ ''C'') and (''x''~~ ~~ +~~ ~~ ''B'',~~ ~~ ''y''~~ ~~ +~~ ~~ ''D''), until the quotients differ. That is, iterate as an ''inner loop'': : Compute the quotients ''w''<sub>1</sub> of the long divisions of (''x'' + ''A'') by (''y'' + ''C'') and ''w''<sub>2</sub> of (''x'' + ''B'') by (''y'' + ''D'') respectively. Also let ''w'' be the (not computed) quotient from the current long division in the chain of long divisions of the euclidean algorithm. * If ''w''<sub>1</sub> ≠ ''w''<sub>2</sub>, then break out of the inner iteration. Else set ''w'' to ''w''<sub>1</sub> (or~~ ~~ ''w''<sub>2</sub>). * Replace the current matrix ::<math>\textstyle \begin{bmatrix} A & B & x \\ C & D & y \end{bmatrix}</math> : with the matrix product :: <math>\textstyle \begin{bmatrix} 0 & 1 \\ 1 & -w \end{bmatrix} \cdot \begin{bmatrix} A & B & x \\ C & D & y \end{bmatrix} = \begin{bmatrix} C & D &y \\ A - wC & B - wD & x-wy \end{bmatrix} </math> :according to the matrix formulation of the extended euclidean algorithm. *If ''B''~~ ~~ ≠~~ ~~ 0, go to the start of the inner loop. If ''B''~~ ~~ =~~ ~~ 0, we have reached a ''deadlock''; perform a normal step of the euclidean algorithm with ''a'' and ''b'', and restart the outer loop. ** Set ''a'' to ''aA''~~ ~~ +~~ ~~ ''bB'' and ''b'' to ''Ca''~~ ~~ +~~ ~~ ''Db'' (again simultaneously). This applies the steps of the euclidean algorithm that were performed on the leading digits in compressed form to the long integers ''a'' and ''b''. If ''b''~~ ~~ ≠~~ ~~ 0 go to the start of the outer loop. ==References== <references/> * [[Kapil Hari Paranjape\|Kapil Paranjape]], [http://www.imsc.res.in/~kapil/crypto/notes/node11.html Lehmer's Algorithm] {{Number-theoretic algorithms}}