LogoLogo
LogoLogo
  • Introduction
    • About Us
    • Notations & Definitions
      • MPC
      • ZK
    • Contribute to this Site!
  • Primitives
    • Multiplication
      • Karatsuba Multiplication
      • Toom-Cook Multiplication
    • NAF (Non-adjacent form)
    • Chinese Remainder Theorem (CRT)
    • Euclidean Algorithm
      • Extended Euclidean Algorithm
      • Binary Euclidean Algorithm
      • Extended Binary Euclidean Algorithm
    • Coding Theory
      • Linear Code
    • Number Theoretic Transform
    • Abstract Algebra
      • Group
        • -Morphisms
        • Batch Inverse
      • Elliptic Curve
        • Weierstrass Curve
          • Coordinate Forms
          • Fast Elliptic Curve Arithmetic and Improved WEIL Pairing Evaluation
        • Edwards Curve
          • Coordinate Forms
          • Twisted Edwards ↔ Short Weierstrass Transformation
        • Batch Inverse for Batch Point Additions
        • Scalar Multiplication
          • Double-and-add
          • GLV Decomposition
        • MSM
          • Pippenger's Algorithm
          • Signed Bucket Index
          • CycloneMSM
          • EdMSM
          • cuZK
        • 2-Chain and 2-Cycle of Elliptic Curves
    • Encryption Scheme
      • ElGamal Encryption
    • Modular Arithmetic
      • Modular Reduction
        • Barrett Reduction
        • Montgomery Reduction
      • Modular Inverse
        • Bernstein-Yang's Inverse
    • Multiset Check
    • Sumcheck
    • Commitment Scheme
      • Fflonk
      • SHPlonk
      • Zeromorph
  • MPC
    • Yao's Garbled Circuits
    • GMW
    • BMR
  • ZK
    • Arithmetization
      • R1CS
      • PLONK
      • AIR
    • Folding
      • LatticeFold
      • Nova
        • Nova over Cycles of Curves
    • Lookup
      • Lasso
      • LogUp-GKR
    • SNARK
      • Groth16
      • HyperPlonk
      • Spartan
        • SPARK
    • STARK
      • Additive NTT
      • Basefold
      • Binius
      • Brakedown
      • CircleSTARK
      • FRI
        • FRI Security Features and Optimizations
      • DEEP FRI
      • STIR
      • WHIR
    • Distributed ZK
      • Ryan's Trick for Distributed Groth16
  • Application
    • zkLogin
    • zkHoldem
    • zkTLS
      • DECO
      • Proxying is enough
  • zkVM
Powered by GitBook
On this page
  • Objective
  • Code
  • Proof
Export as PDF
  1. Primitives

Euclidean Algorithm

PreviousChinese Remainder Theorem (CRT)NextExtended Euclidean Algorithm

Last updated 1 month ago

Objective

The Euclidean Algorithm efficiently computes the Greatest Common Divisor (GCD) of two integers AAA and BBB.

The core idea is based on the following identity:

gcd⁡(A,B)=gcd⁡(B,A mod B)\gcd(A, B) = \gcd(B, A \bmod B)gcd(A,B)=gcd(B,AmodB)

Code

def gcd(a, b):
    if b == 0:
        return a
    else:
        return gcd(b, a % b)

Proof

Let G=gcd⁡(A,B)G = \gcd(A, B)G=gcd(A,B). Then, we can write A=aGA=aGA=aG, B=bGB=bGB=bG, where aaa and bbb are coprime integers.

Dividing AAA by BBB gives:

Then:

Proving the reverse is trivial, so we don't prove it here.

A=Bq+RA = Bq + RA=Bq+R
R=A−Bq=(a−bq)G=rGR = A - Bq = (a - bq)G = rGR=A−Bq=(a−bq)G=rG

So R=rGR = rGR=rG, and we want to prove that gcd⁡(B,R)=G\gcd(B, R) = Ggcd(B,R)=G is true if and only if bbb and rrr are coprime.

Suppose, for contradiction, that bbb and rrr are not coprime. Then there exists a common divisor m>1m > 1m>1 such that:

b=mb′,r=mr′b = mb', \quad r = mr'b=mb′,r=mr′

where b′b'b′ and r′r'r′ are coprime. Then:

a=bq+r=mb′q+mr′=m(b′q+r′)\begin{align*} a &= bq + r \\ &= mb'q + mr' \\ &= m(b'q + r') \end{align*}a​=bq+r=mb′q+mr′=m(b′q+r′)​

This means aaa is also divisible by mmm, implying aaa and bbb share a common factor mmm, contradicting the assumption that aaa and bbb are coprime. Thus, bbb and rrr must be coprime.

Written by from

A41
ryan Kim