Notebook 04a: Divisibility, GCD, and the Euclidean Algorithm

Module 04. Number Theory and RSA

Motivating Question. Computing $\gcd(1000000007,\; 999999937)$ by listing all divisors of each number would require checking up to a billion candidates for each. Is there a shortcut that finds the answer in just a handful of steps?

The Euclidean algorithm, over 2300 years old, answers yes. It is one of the oldest algorithms still in daily use, and it sits at the heart of RSA key generation.

Prerequisites. You should be comfortable with:

• Modular arithmetic and residues (Module 01)

• The idea of units in $\mathbb{Z}/n\mathbb{Z}$ (Module 01/02): an element $a$ is a unit iff it has a multiplicative inverse mod $n$

Learning objectives. By the end of this notebook you will be able to:

1. State the definition of divisibility and verify its key properties.

2. Compute the GCD of two integers using the Euclidean algorithm by hand and in SageMath.

3. Explain why the algorithm works (the key invariant).

4. Relate coprimality ($\gcd(a,n)=1$) to the existence of modular inverses.

5. Appreciate why the Euclidean algorithm is efficient: $O(\log(\min(a,b)))$ steps.

1. Divisibility

Definition. Let $a, b \in \mathbb{Z}$ with $a \neq 0$. We say $a$ divides $b$, written $a \mid b$, if there exists an integer $k$ such that $$b = k \cdot a.$$

Equivalently, $b$ is a multiple of $a$, or $a$ is a factor (divisor) of $b$.

Examples:

• $3 \mid 12$ because $12 = 4 \cdot 3$.

• $7 \mid 0$ because $0 = 0 \cdot 7$. (Every nonzero integer divides 0!)

• $5 \nmid 13$ because there is no integer $k$ with $13 = 5k$.

Key properties:

Checkpoint 1. Before running the cell below, predict: does $12$ divide $144$? Does $12$ divide $150$? What are the divisors of $28$?

2. Common Divisors and the GCD

Definition. A common divisor of integers $a$ and $b$ is any integer $d$ such that $d \mid a$ and $d \mid b$.

The greatest common divisor $\gcd(a, b)$ is the largest positive common divisor.

Example. Let $a = 48$, $b = 18$.

• Divisors of 48: $\{1, 2, 3, 4, 6, 8, 12, 16, 24, 48\}$

• Divisors of 18: $\{1, 2, 3, 6, 9, 18\}$

• Common divisors: $\{1, 2, 3, 6\}$

• $\gcd(48, 18) = 6$

This "list all divisors" approach works for small numbers. But what about $\gcd(1000000007, 999999937)$? Listing a billion divisors is not practical. We need something smarter.

3. The Euclidean Algorithm

3.1 The Key Insight

The Euclidean algorithm rests on a single, beautiful fact:

Theorem. For any integers $a, b$ with $b > 0$: $$\gcd(a, b) = \gcd(b, \; a \bmod b).$$

Why does this work? Write $a = qb + r$ where $r = a \bmod b$. We claim that $a$ and $b$ have exactly the same set of common divisors as $b$ and $r$.

• Forward direction: Suppose $d \mid a$ and $d \mid b$. Then $d \mid (a - qb) = r$. So $d \mid b$ and $d \mid r$.

• Backward direction: Suppose $d \mid b$ and $d \mid r$. Then $d \mid (qb + r) = a$. So $d \mid a$ and $d \mid b$.

Since the set of common divisors is identical, the greatest common divisor is the same. And crucially, $r < b$, so the numbers get strictly smaller each step.

3.2 The Algorithm

Repeatedly apply $\gcd(a,b) = \gcd(b, a \bmod b)$ until the remainder is 0. The last nonzero remainder is the GCD.

Misconception alert. "The Euclidean algorithm tries all possible divisors." No! It never tests a single divisor. It uses division (specifically, the remainder) to shrink the problem at each step. That is why it is so fast.

3.3 Worked Example: $\gcd(252, 105)$

Let us trace every step by hand first:

The last nonzero remainder is $\mathbf{21}$, so $\gcd(252, 105) = 21$.

Notice how the chain of equalities shows: $$\gcd(252, 105) = \gcd(105, 42) = \gcd(42, 21) = \gcd(21, 0) = 21.$$

Only 3 steps, no trial division needed!

Checkpoint 2. Before running the next cell, trace $\gcd(546, 182)$ by hand on paper. How many steps does it take? What is the GCD?

3.4 Why It's Fast: $O(\log(\min(a,b)))$ Steps

The Euclidean algorithm is remarkably efficient. The key observation is that every two consecutive steps reduce the larger number by at least half:

After two steps, the pair $(a, b)$ is replaced by a pair where both numbers are strictly less than $b$, and specifically $a \bmod b < b/2$ after at most two remainder operations.

This means the number of steps is at most $2 \cdot \lfloor \log_2(\min(a,b)) \rfloor + 1$, i.e., logarithmic in the input size.

For a 1000-digit number, the algorithm needs at most about 6600 steps, not billions!

The worst case is consecutive Fibonacci numbers. Let us verify experimentally.

Notice that for Fibonacci inputs, the number of steps equals $k-1$: the algorithm peels off one Fibonacci number per step, which is the slowest possible shrinkage. Any other input shrinks faster.

Let us now answer the motivating question.

4. Coprimality and Modular Inverses

Definition. Two integers $a$ and $b$ are coprime (or relatively prime) if $\gcd(a, b) = 1$.

Bridge from Modules 01 and 02. Remember that in Module 01, we saw that the units (invertible elements) of $\mathbb{Z}/n\mathbb{Z}$ are exactly those residues $a$ with $\gcd(a, n) = 1$. In Module 02, we formalised this: coprimality determines unit status in the ring $\mathbb{Z}/n\mathbb{Z}$.

Now we can state this precisely:

Theorem. $a$ has a multiplicative inverse modulo $n$ if and only if $\gcd(a, n) = 1$.

This is why coprimality matters for cryptography. In the next notebook (04b), we will see that the Extended Euclidean Algorithm does not just check coprimality, it actually computes the inverse.

Crypto foreshadowing. In RSA, we pick two large primes $p, q$, set $n = pq$, and compute $\varphi(n) = (p-1)(q-1)$. The public exponent $e$ must satisfy $\gcd(e, \varphi(n)) = 1$ so that $e$ has an inverse $d$ modulo $\varphi(n)$. That inverse $d$ is the private key. The extended Euclidean algorithm (notebook 04b) is what actually computes $d$.

Checkpoint 3. Consider $n = 12$. Which elements of $\{1, 2, \ldots, 11\}$ are coprime to 12? How many units does $\mathbb{Z}/12\mathbb{Z}$ have? Predict first, then run the cell below.

5. SageMath GCD and LCM Toolkit

SageMath provides several built-in functions for divisibility and GCD computations. Let us survey the most useful ones.

6. Exercises

Exercise 1 (Worked): Trace the Euclidean Algorithm

Problem. Compute $\gcd(270, 192)$ by hand, showing each division step. Verify with SageMath.

Solution.

So $\gcd(270, 192) = 6$.

Exercise 2 (Guided): Coprimality Check for RSA

Problem. In a toy RSA setup, suppose $p = 11$, $q = 23$, so $n = pq = 253$ and $\varphi(n) = (p-1)(q-1) = 220$. A common choice for the public exponent is $e = 65537$. Check whether $\gcd(e, \varphi(n)) = 1$ so that $e$ is a valid RSA exponent.

Then find two values of $e$ in $\{2, 3, \ldots, 20\}$ that are coprime to $220$, and two that are not.

Hint: Use gcd() in a list comprehension to filter.

Exercise 3 (Independent): Worst-Case Analysis

Problem.

1. Write a function gcd_with_steps(a, b) that returns a tuple (gcd_value, step_count, step_list) where step_list is a list of strings showing each division step.

2. Use it to compute $\gcd(F_{25}, F_{24})$ where $F_k$ is the $k$-th Fibonacci number.

3. Compare the step count to the theoretical bound $2 \lfloor \log_2(\min(a,b)) \rfloor + 1$. Is the Fibonacci case close to the bound?

Summary

We now have the tool to check coprimality. But for RSA, we need to compute the inverse $d = e^{-1} \bmod \varphi(n)$. That requires the Extended Euclidean Algorithm, which is the subject of the next notebook.

Next: 04b. The Extended Euclidean Algorithm and Modular Inverses