sign in sign up
<<
Home , Long division

Greatest common

Robert Friedman

Long

Does 5 divide 34? It is easy to see that the answer is no, for many different reasons:

1. 34 does not end in a 0 or 5.

2. Checking directly by hand, 34 is not equal to a multiple 5n for n ≤ 6, and for n ≥ 7, 7n > 34.

3. The prime factorization of 34 = 2 · 17 does not involve a 5.

34 On the other hand, we can also write 34 = 5 · 5 , so in another sense 5 does divide 34. It depends on what we mean by divides. Given integers a, n, we say that a divides n, written a|n, if there exists an integer q such that n = aq. In this case, we say that a is a factor of n. For example, every integer divides 0, and the only integers which divide 1 are ±1. We can make the same definition for rational numbers, but it is not very interesting: every divides every other rational number (except that 0 does not divide a nonzero rational number). For the record, let us give some notation for the various kinds of numbers:

1. N is the set of natural numbers {1, 2, 3,... }. With this definition, 0 ∈/ N, and the set {0, 1, 2, 3,... } is the set of nonnegative integers.

2. Z is the set of integers {..., −2, −1, 0, 1, 2 ... }.

3. Q is the set of rational numbers {a/b, a, b ∈ Z, b 6= 0}.

4. R is the set of real numbers, which we will not attempt to define here, and C is the set of complex numbers.

In Q, R, and C we can divide by every nonzero number, so the property that one number divides another is not very interesting. We will look at

1 divisibility in Z here; divisibility in N is much the same, but it will be a lot easier for us if we are able to subtract as well as add. When we consider numbers and divisibility we will need the following: we have operations of and multiplication, which satisfy the usual properties: addition and multiplication are associative and commutative, there is an additive identity 0 and additive inverses, multiplication distributes over addition, and there is a multiplicative identity 1. As mentioned above, the cases where there are multiplicative inverses for every nonzero number (Q, R, and C) are not interesting. In fact, in Z, the only numbers with multiplicative inverses are ±1. As a substitute for division, however, we do have the cancellation law: if ab = ac and a 6= 0, then b = c. Of course this would follow if we could multiply both sides by a−1. There is at least one other familiar case where it is interesting to look at divisibility and factorization: . For example, x − 1 does not divide f(x) = x3 − 2x2 + 3x + 4, which we can see as follows: the linear x − 1 divides f(x) if and only if f(1) = 0, but f(1) = 6 6= 0. On the other hand, for g(x) = x3 − 2x2 + 3x − 2, g(1) = 0, and indeed g(x) = (x − 1)(x2 − x + 2). We will also write a(x)|f(x) to mean that the polynomial a(x) divides f(x), i.e. that there exists a polynomial q(x) with f(x) = a(x)q(x). As we shall see in just a moment, this definition depends on the context. As a matter of notation, we will denote by Z[x] the set of all polynomials with coefficients in Z (integer coefficients) and by Q[x] the set of all polyno- mials with coefficients in Q (rational coefficients). The sets R[x], C[x], etc. are defined in a similar way. Addition and multiplication are defined in the usual way. There is also Q[x, y], the set of polynomials in two variables x and y, with all of the possible variations by allowing different coefficients. We now ask if 2x − 2 = 2(x − 1) divides x3 − 2x2 + 3x − 2. Answer: it depends. Clearly, since 2x − 2 = 2(x − 1),

3 2 2 1 2 1 x − 2x + 3x − 2 = (x − 1)(x − x + 2) = (2x − 2)( 2 x − 2 x + 1).

3 2 So if we work in Q[x], 2x − 2 divides x − 2x + 3x − 2, but 2x − 2 does not 3 2 divide x − 2x + 3x − 2 in Z[x]. We return to divisibility for ordinary integers. The basic fact is the following:

Theorem 1 ( with ). Suppose that a, n ∈ Z with a > 0. Then there exist unique integers q, r with 0 ≤ r < a such that n = aq + r.

2 Here, q is the and r is the remainder. Why is this statement true? We must use some basic fact about the inte- gers, or in this case the natural numbers. The fact in question is important enough to have a special name:

Theorem 2 (Well ordering principle). A nonempty subset of N has a smallest element.

We will not attempt to give a proof of the well-ordering principle here; it is closely related to an axiomatic characterization of the natural numbers. It can be paraphrased by saying that there are only finitely many natural numbers less than or equal to a given N. It is also closely connected to the principle of mathematical induction. It is easy to see that the well-ordering principle also holds for the set of nonnegative integers: if X is a nonempty subset of the set of nonnegative integers, then either 0 ∈ X, in which case 0 is the smallest element of X, of 0 ∈/ X, in which case X ⊆ N and X is nonempty, so that X has a smallest element by the well-ordering principle. On the other hand, the well-ordering principle fails for the set of all integers Z, since for example Z itself does not have a smallest element. It also fails for the set of all nonnegative rational numbers, since for example + the set Q of all positive rational numbers does not have a smallest element (there is no smallest strictly positive rational number). Assuming the well-ordering principle (Theorem 2), let us deduce the statement about long division. Consider the set X of all nonnegative integers of the form n − aq for some q ∈ Z. In other words, we look at all integers q such that n − aq > 0. Note that X is not empty. For example, if n is positive, then n = n − a(0) ∈ X. If n ≤ 0, we could take q = (n − 1), so that n −aq = (1 −a)n +a. Since n ≤ 0 and a ≥ 1, so that 1−a ≤ 0, (1 − a)n ≥ 0 and so n − aq = (1 − a)n + a ≥ a > 0. By the well-ordering principle, X has a smallest element, necessarily of the form r = n − aq. Moreover, we claim that 0 ≤ r < a. Clearly, r ≥ 0 since by assumption r is a nonnegative integer. If r ≥ a, then r − a ≥ 0. But then r − a = n − (a + 1)q is a nonnegative integer in X, and it is clearly smaller than r. This contradicts the fact that r is the smallest element of X. Thus we take r = n − aq, with 0 ≤ r < a and n = aq + r as desired. We still need to check that q and r are unique. If also n = aq1 + r1 with 0 ≤ r1 < a, then since n = aq + r = aq1 + r1,

a(q − q1) = r1 − r.

3 In particular a divides r1 − r. But r1 < a, r ≥ 0 so that r1 − r < a. Likewise r1 ≥ 0, r < a implies that r1 − r > −a. Thus a|r1 − r, −a < r1 − r < a, and the only multiple of a strictly between a and a is 0. So r1 − r = 0 and r = r1. Hence a(q − q1) = 0 and a > 0, so q − q1 = 0 and thus q = q1. This shows that q and r are unique. This finishes the proof. In the exercises, you are asked to make the very minor changes in the statement and proof of Theorem 1 in case a < 0. Long division holds in other circumstances as well. For example, long division of polynomials should be familiar. Here we use the degree of a polynomial as a rough measure of its size. Given f(x) and a(x) in Q[x] with a(x) 6= 0, there exist unique polynomials q(x) and r(x) in Q[x] with either r(x) = 0 (in which case deg r(x) is undefined), or 0 ≤ deg r(x) < deg a(x), such that f(x) = a(x)q(x) + r(x). However, long division definitely fails in 3 2 Z[x] or in Q[x, y]. For example, you cannot divide 2x−2 into x −2x +3x−2 in the above sense and keep all of the coefficients integers. (Long division by a(x) does work in Z[x] as long as the leading coefficient of a(x) is 1, though.)

Greatest common divisors

Definition 3. Let a, b ∈ Z, where not both of a, b are zero. A greatest common d of aand b (written d = gcd(a, b)) is a positive integer d such that d|a, d|b, (i.e. d is a common divisor of a and b), and moreover, if e is an integer such that e|a and e|b, then e|d. In other words, d is divisible by every common divisor of a and b. Two integers a and b are relatively prime if gcd(a, b) = 1, i.e. if e|a and e|b then e = 1, or equivalently the only factors a and b have in common are ±1.

If d and d1 are two greatest common divisors of a and b, then d|d1 and d1|d, and then it is easy to see that d = d1. Thus greatest common divisors are unique, if they exist. But nothing we have said up to this point indicates that greatest common divisors do exist. That is the point of the next theorem.

Theorem 4 (Existence of gcds). Let a, b ∈ Z, where not both of a and b are zero. Then there exists a unique gcd d of a and b. Moreover, there exist integers x0, y0 such that d = ax0 + by0.

To see this, let Y = {ax + by : x, y ∈ Z}. In other words, Y is the set of all integers which are a multiple of a plus a multiple of b; we call such an expression a linear combination of a and b. For example, a = a(1)+b(0) ∈ Y ,

4 as is −a = a(−1) + b(0); likewise b and −b are in Y . Other elements of Y are a + b, 5a − 28b, and so on. The key properties of Y are:

(i) Y is closed under addition and subtraction: if ax1 + by1 and ax2 + by2 are two elements of Y , then

(ax1 + by1) ± (ax2 + by2) = a(x1 ± x2) + b(y1 ± y2), and this is of the form a times an integer plus b times an integer and hence is in Y . (ii) Y is closed under multiplication by an arbitrary integer: if ax + by ∈ Y and n ∈ Z, then n(ax + by) = a(nx) + b(ny), and, again, this is of the form a times an integer plus b times an integer and hence is in Y . Now Y contains at least one positive integer, since at least one of a, b is nonzero and hence at least one of a, −a, b, −b is positive. Thus, by the well-ordering principle, Y contains a smallest positive element, say d. So d > 0, and since d ∈ Y , d is of the form ax0 + by0 for some integers x0, y0. We claim that every element of Y is a multiple of d. To see this, let n ∈ Y . Applying long division by d, n = dq + r, where r is an integer and 0 ≤ r < d. By assumption, n ∈ Y . Since d ∈ Y , dq ∈ Y as well (by (ii) above) and thus n − dq = r ∈ Y since Y is closed under subtraction (by (i)). But 0 ≤ r < d and d was chosen to be the smallest positive element of Y . This is only possible if r = 0. But then n = dq is a multiple of d. We have thus showed that every element n of Y is a multiple of d. We now show that d is a gcd of a and b. Since a and b are in Y , they are multiples of d, hence d|a and d|b. On the other hand, d = ax0 + by0. If e|a and e|b, then it is easy to see () that e|ax0 + by0 = d. So d is a gcd (necessarily unique) of a and b. This finishes the proof of the theorem.

Remark 5. 1) The last part of the proof actually shows that, if d = ax0+by0 is a linear combination of a and b with d > 0, and d|a and d|b, then d = gcd(a, b). 2) A slightly more careful argument shows the following: let I be a nonempty subset of Z which is closed under addition and subtraction, i.e. Property (i) for Y above holds. Then one can check directly that (ii) also holds, and that there exists some integer d ≥ 0 such that I is the set of all integer multiples of d.

5 Now that we know that gcds exist, we would like to be able to compute them. One standard method is to factor both a and b into primes, and then prime factors of d = gcd(a, b) are the primes appearing in both the prime factorization of a and of b, raised to the smaller power. For example, gcd(40, 100) = 20, from 40 = 235, 100 = 2252, and so the gcd is 225. In practice, this procedure is very inefficient, because it is a hard problem for a human or computer to factor a large number into a product of primes. We shall describe a much more efficient method at the end. Let us give some consequences of the existence of gcds: Corollary 6. Suppose that a and b are integers, not both zero, and n is an integer. Then the linear equation ax + by = n has a solution in integers x and y if and only if d = gcd(a, b) divides n. To see this, suppose first that d = gcd(a, b) divides n, and let n = dk for some integer k. Then by the theorem we can write d = ax0 + by0 for some integers x0, y0. Thus

n = dk = akx0 + bky0 = ax + by, with x = kx0 and y = ky0. Conversely, if d is any divisor of a and b, then d|ax+by, so if n = ax+by, then n is divisible by the gcd of a and b. Corollary 7. Suppose that a and b are relatively prime integers, or equiv- alently that gcd(a, b) = 1. If a|bc, then a|c. To see this, since gcd(a, b) = 1, there exist integers x and y such that 1 = ax + by. Then c = acx + bcy. By assumption, a|bc and hence a|bcy; also, clearly a|acx. Thus a divides the sum acx + bcy = c. Recall that a prime number p is a positive integer p > 1 such that, if d|p, d > 0, then either d = 1 or d = p. (The number 1 is not a prime number.) Equivalently, a positive integer p > 1 is a prime number if and only if, for all a ∈ Z, either gcd(a, p) = 1, in which case a and p are relatively prime, or gcd(a, p) = p, in which case p divides a. Corollary 8. Let b and c be integers and let p be a prime number. If p|bc, then either p|b or p|c. In other words, if a prime divides a product, it divides one of the factors. In fact, suppose that p|bc. If p|b we are done. So we can assume that p does not divide b. Thus, by the above remarks, p and b are relatively prime. Since p|bc, Corollary 7 implies that p|c.

6 Remark 9. We can ask if any of the above carries over to factorization in Z[x] or Q[x] or to similar situations. Given two polynomials a(x), b(x), not both 0, we can define a gcd of a(x) and b(x) to be a polynomial d(x) such that d(x)|a(x), d(x)|b(x), and for every polynomial e(x) dividing both a(x) and b(x), e(x)|d(x). Of course, we would expect the existence or the form of d(x) to depend on the type of coefficients (integers, rational numbers, etc.) that we consider. It turns out that in all of the situations we have been considering (Z[x], Q[x], R[x], C[x], Q[x, y]), gcds do exist, In Q[x], R[x], C[x], the gcd of a(x) and b(x) can be written as a(x)f(x) + b(x)g(x) for some polynomials f(x), g(x), in other words the gcd of a(x) and b(x) is a linear combination of a(x) and b(x). It is not unique, since if d(x)|e(x) and e(x)|d(x), the most we can say is that d(x) and e(x) differ by multiplication by a nonzero constant polynomial. The gcd d(x) can be normalized, however, by requiring that its leading coefficient is 1. In Z[x] and Q[x, y], the gcd of two polynomials a(x) and b(x) cannot usually be written as a linear combination of a(x) and b(x), using polyno- mials of the same type. For example, it is easy to see that the gcd of 2 and x in Z[x] is 1, but we cannot write 1 = a(x)f(x) + b(x)g(x) where both f(x) and g(x) are polynomials with integer coefficients. Finally, there are situations where unique factorization fails, and which we hope to be able to describe by the end of the seminar.

The Euclidean

As promised, we describe a computationally efficient method for finding the gcd of two integers a and b, which at the same time shows how to write the gcd as a linear combination of a and b. Begin with a, b. Write a = bq1 + r1, with integers q1 and r1, 0 ≤ r1 < b. Note that r1 = a + b(−q1) is a linear combination of a and b. If r1 = 0, stop, otherwise repeat this process with b and r1 instead of a and b, so that b = r1q2+r2, with 0 ≤ r2 < r1, and note that r2 = b−r1q2 = b−aq2+bq1q2 is still a linear combination of a and b. If r2 = 0, stop, otherwise repeat again with r1 and r2 instead of b and r1, so that r1 = r2q3 + r3, with 0 ≤ r3 < r2. We can continue in this way to find r1 > r2 > r3 > ··· > rk ≥ 0, with rk−1 = rkqk+1 + rk+1. Since the of the ri decreases, and they are all nonnegative integers, eventually this procedure must stop with an rn such that rn+1 = 0, and hence rn−1 = rnqn+1. The procedure looks as

7 follows:

a = bq1 + r1

b = r1q2 + r2

r1 = r2q3 + r3 . .

rn−2 = rn−1qn + rn

rn−1 = rnqn+1.

We claim that rn is the gcd of a and b. In fact, we shall show

(i) rn divides both a and b;

(i) rn a linear combination of a and b.

(i) Since rn|rn−1, the equation rn−2 = rn−1qn + rn implies that rn|rn−2, and then working backwards from the equation rk−1 = rkqk+1 +rk+1, we see (with reverse induction) that rn|rk−1 for all k < n. The fact that b = r1q2+r2 and that rn divides r1 and r2 implies that rn divides b, and then the equation a = bq1 + r1 implies that rn divides a, too.

(ii) Working the other way, we have seen that r1 and r2 are linear combinations of a and b. By induction, if rk−1 and rk are linear combi- nations of a and b, then the equation rk−1 = rkqk+1 + rk+1 implies that rk+1 = rk−1 − rkqk+1 is also a linear combination of a and b (because as we saw in the proof of Theorem 4 the set of all linear combinations of a and b is closed under addition, subtraction, and multiplication by an integer). Thus rn is a linear combination of a and b as well. But we have seen that if a linear combination of a and b divides a and b and is positive, then it is equal to the gcd of a and b. So rn is the gcd of a and b. The algorithm is easier to carry out than it is to explain! For example, to find the gcd of 34 and 38, we have

38 = 34(1) + 4 34 = 4(8) + 2 4 = 2(2).

This says that 2 = gcd(34, 38) and that 2 = 34 − 4(8) = 34 − (38 − 34)(8) = 9(34) + (−8)(38). It is often more efficient to choose qk+1 and rk+1 so that rk−1 = rkqk+1 ± rk+1, with rk+1 < rk the sign chosen so that rk+1 is as small as possible.

8 For example, to find the gcd of 7 and 34, we could write 34 = 7(4) + 6 7 = 6(1) + 1, to see that the gcd is 1 and that 1 = 7 − 6 = 7 − (34 − 4(7)) = −34 + 5(7), or we could see directly that 34 = 7(5) − 1. A more complicated example is the following, to find the gcd of 1367 and 298: 1367 = (298)(5) − 123 298 = 123(2) + 52 123 = 52(2) + 19 52 = 19(3) − 5 19 = 5(4) − 1. Thus the gcd is 1, and a little patience shows that 1 = 5(4) − 19 = 11(19) − 4(52) = 11(123) − 26(52) = = (63)(123) − (26)(298) = (−63)(1367) + (289)(298).

Exercises

Exercise 1. Let d be an integer. Show that, if d is an integer dividing a and b, then d divides a + b, d divides ka for every integer k, and in fact d divides every linear combination ax + by, where a and b are integers. Exercise 2. Use the to find the gcd d of a and b and to write d as a linear combination of a and b, where (i) a = 40, b = 100; (ii) a = 105, b = 101; (iii) a = 238, b = 709; (iv) a = 391, b = 1649. Exercise 3. Do there exist integers x and y such that 57x + 93y = 2? Why or why not? If such do exist, find at least one pair. Do the same with the equation 57x + 93y = −6. Exercise 4. Explain how you could use the Euclidean algorithm in the case of Q[x], i.e. of polynomials with rational coefficients. Use this to find the gcd of a(x) and b(x) and to write the gcd as a linear combination of a(x) and b(x), for (i) a(x) = x3 − 4x2 + 5x − 2, b(x) = x2 + x − 2; (ii) a(x) = x2 + 4x + 8, b(x) = x2 + 3x + 6. (For (ii), you should find that 1 1 1 = − 4 (x + 1)a(x) + 4 (x + 2)b(x).)

9 Exercise 5. Given integers a, b, n such that the equation ax + by = n has a solution in integers x and y, we can ask whether or not the solutions x and y are unique. If ax1 + by1 = ax2 + by2 = n, show that u = x2 − x1 and v = y2 − y1 are solutions to the equation au + bv = 0. Conversely, given solutions u and v to the equation au + bv = 0 and x1, y1 such that ax1 + by1 = n, show that, if we set x2 = x1 + u, y2 = y1 + v, then x2, y2 are also such that ax2 + by2 = n. Show that u = −b, v = a is a solution to the equation au + bv = 0. More generally, for every integer t, u = −tb, v = ta is also a solution to the equation au + bv = 0. If a and b are relatively prime, show that every solution to the equation au + bv = 0 is of this form (first show that b divides u). What happens if a and b are not relatively prime?

Exercise 6. Suppose that a and b are both positive integers. In real life, for a positive integer n, we might want to solve the equation ax + by = n for integers x and y which are required to be nonnegative. Clearly this is not always possible, even if a and b are relatively prime. For example, n must be at least the smaller of a and b, and in general there will be a certain number of gaps. However, under the assumption that a and b are relatively prime, show: (i) The integer n = ab − a − b = a(b − 1) + b(−1) = a(−1) + b(a − 1) cannot be written as ax + by where both x and y are nonnegative integers. (ii) Every integer n which is strictly bigger than ab − a − b can be written as ax + by where both x and y are nonnegative integers. (Hint: the idea is to use the preceding exercise to see how it is possible, given one solution to n = ax + by, to change x and y and still get a solution to the equation.)

10