 In this lesson we're going to dig a little bit deeper about how to find multiplicative inverses in a more efficient way than what we saw in the last lesson. So computing greatest common divisors in multiplicative inverses isn't really that hard from a mathematical point of view, but it does require factoring numbers down, which takes a long time. And this is the first time we're encountering that in this course, but it is a big idea in modern cryptography, so we'll see it time and time again throughout the course. Computing is a slow process, and it only gets slower as numbers get bigger and bigger. So if a number is twice as large, it might actually take more than twice the time to factor that new number. Luckily, there's some nice mathematics that have made factoring a little bit faster than it would be otherwise. And this is a piece of mathematics that comes from Euclid, Euclid that you've maybe have heard about in a geometry class, more specifically Euclid of Alexandria, who helped develop the Euclidean algorithm, or as maybe better put is known for the Euclidean algorithm. It appeared in his book called Euclid's Elements back around 300 BC, and it can really efficiently compute the greatest common divisor of two numbers, which we'll see is really going to be helpful for our work. In fact, this algorithm is probably not developed by Euclid. He was pretty, pretty well known for often just compiling work by other mathematicians that came before him. And since then, this algorithm was discovered independently from his work in both India and China, although it might have happened to be a century or two later, it's a little bit of a falsehood to say this algorithm truly belongs to Euclid. But what is important is that we know it's been around for over 2000 years, and it's still got some great uses today. So let's see this algorithm in action, and then we'll dig in at why it works. So suppose we've got two numbers, A, which is 707, and B, which is 980, and you're interested in finding the greatest common divisor of those two numbers. Well, what the Euclidean algorithm claims is that instead of solving the original problem, which would involve factoring 707, factoring 980, and looking for all of the common factors to build up that common divisor, the biggest one, we could instead simplify the problem by instead finding the greatest common divisor of 707, the first number, and 980 minus 707, the difference between them. Notice we just subtract the smaller from the biggest, but mathematically this would work either way, but this will get us to our result much faster. So now our problem is to find the greatest common divisor of 707 and 273. Smaller numbers are easier to factor, faster to factor. But why stop at this once? If that rule is true, and we've not proven that it is yet, why would we sell ourselves short? We should do the same trick again. Let's take that 273 and subtract it from 707, and now find the greatest common divisor between 434 and 273, even smaller numbers. But why stop now? Go again. And instead we can find the greatest common divisor between 161 and 273. And we can go back and forth like this, subtracting the smaller number from the largest number, until eventually we get down to either these two numbers or the same, in which case we can pretty easily inspect that the greatest common divisor of 7 and 7 is itself 7. Or if you went one step further, maybe you didn't catch that, one of your two terms would be 0, by which case you know the other number must be the greatest common divisor. So it turns out this is much faster than factoring 707 and 980 down to its component primes, grouping them up to get the greatest common divisor, because this is just a bunch of simple subtractions, which for both a human and a computer are very easy to do. So instead of thinking that goes on, just a process that you can follow. So they're much quicker to do. Let's figure out why this works, though. All hinges on the fact that Euclid poses that instead of finding the greatest common divisor of the two numbers as they are, that instead you can find the greatest common divisor of the smaller number, and then the difference between the bigger and the smaller number, and you'll get the same answer. It turns out you can check that it is true, 7 is the greatest common divisor of 707 and 980, but let's find out why. So let's talk about why the Euclidean algorithm works. Let's start by supposing we have some number n that we define to be the product of d and x. We have a second number m, which we define to be the product of d and y, where d, x, and y are all positive integers, and then therefore n and m are also product integers, positive integers. Notice that d will divide both the numbers n and m, because they both, n and m, have d as a factor. And that's how we define divisibility when we're talking about numbers, that if a number has a second number as one of its factors, that second number divides the first number. So d divides n, d divides m, because d is a factor of both of those numbers. And then one notational note, we're going to start using this notation, this vertical line that separates the two numbers d and n as shorthand for saying d divides n. So we'll start seeing that on the next slide, just wanted to prepare you. So one fact that'll be helpful for us to explain why the Euclidean algorithm works the way it does is that if we were to take the difference between those two numbers m and n, so substituting dy for m and dx for n, we could factor the d out, and we're left with a product of d and y minus x, which means that d is a factor of n minus n, because it's a product with another integer, which means that by our definition of divisibility, d is a number that will also divide the difference between m and n. So that might make sense, might not seem very useful yet, but that'll be a very important fact for where we're going next. So let's dig in and see why this Euclidean algorithm must work all of the time. We'll start by defining two things. That d is the greatest common divisor of x and y, and that d prime is the greatest common divider of x and the difference between y and x. Our goal is to prove that those two numbers are actually the same. And if that's true, well, then what Euclid showed us, the algorithm we saw previously must always work. It wasn't just a fluke. Here's how we're going to prove it. It's going to hinge on these two statements here, which maybe seem obvious, but let's reiterate one more time. If d is the greatest common divisor of x and y, it is the largest divisor of x and y. If d prime is the greatest common divisor of x and y minus x, d prime is the largest divisor of those two numbers. There could be other divisors, but if there are, they must be smaller. So let's use this all to our advantage here. Since d is the greatest common divisor of x and y, d must divide both x and y. And as we just saw on the previous slide, that means d must also divide the difference between y and x. So we currently know that d is a divisor of both x and y minus x. Well, we already know that d prime also is a divisor of x and y minus x, but d prime must be the largest divisor of those two numbers. That's why it's the greatest common divisor. So it's all great that d divides both of them too, but it just means that d must be smaller than d prime. Hold on to that thought. Let's work that same kind of logic on the second statement. Let's look at d prime. d prime divides x, d prime divides the difference between y and x. And with a little bit of reasoning, very similar to what we just saw on the last page, that if we were to add x and y minus x together, we could figure out that d prime also divides y. So if d prime divides x and y, just like d does, well, that just means d prime is a divisor of x and y. But it can't be the biggest common divisor between x and y. That prize is already taken by d. So good job, d prime. You divide both of them. But you just got to be a smaller than number than d. But let's look at these two statements we have. How could d both be less than or equal to d prime, but d prime be less than or equal to d? It must mean that the less than part really isn't the important part there. It must mean that those two things are equal. The only way to make both those inequalities that we have proven to be true simultaneously is if the value for d and d prime are, in fact, the same. And that's it. We've proven it. We have proven that the greatest common divisor between x and y and the greatest common divisor between x and y minus x must be the same number. So now we can use the Euclidean algorithm to find greatest common divisors without fear that it's ever going to go haywire and not give us a correct result. We've proven it to be true all of the time. So let's see how we can maybe apply this Euclidean algorithm in a more general sense, which might help us think about how we could program the Euclidean algorithm using Python. So instead of choosing specific values for a and b, let's keep them general and just say they're integers. And our goal now is going to find the greatest common divisor of a and b, which now we know we can just do the greatest common divisor of a and b minus a. So in Python, what we might choose to do is redefine b to be b minus a. So then we can just say, well, I'm going to find the greatest common divisor of a and this new value of b, which we'll find some way to do in code and just say, let's subtract the smaller number a from the bigger number b. And we'll do that for a while. We can repeat this step. Let's always subtract the smaller number of the two from the bigger one. Maybe sometimes it means we're going to have to redefine a, because if we do enough subtractions off of b, maybe b is now, in fact, the smaller one. So we'll need to subtract b from a and then redefine a and do it again and again and again until a and b end up being the exact same values, a is equal to b. And when that's true, since they're the same, we can just look at whatever a or b is. In this case, I've chosen a to figure out our greatest common divisor. So that is going to be our strategy here. We're going to compare a and b, subtract the smaller one from the bigger one and redefine it to where the bigger one used to be and then check again, which one's bigger. Subtract the small one from the big one, redefine that difference to be where the big one used to be and we're going to keep going and going and going, repeating, repeating, repeating. Sounds like a good case for a loop. We don't know how many times that we're going to have to do this, so it sounds like a good case to use a while loop and we're going to keep doing this process until we find that a is equal to b. So as long as a and b are different numbers, we're going to repeat these operations. Let's take those ideas and turn them into some code. So I've chosen two numbers a and b to be two in 26. And remember, we want to subtract the smaller one from the bigger one until those two numbers are the same. So to get us started, we'll get the header of our while loop here. So we'll say, while does a does not equal b, so basically if a and b are equal, we should stop. But if they're not equal, we should do what's in the loop. Now what did we say we want to do? We want to subtract the small one from the big one, but we don't know which one of those is right away. We have to do some sort of comparison. So we can say, if a is bigger than b, then subtract b from a and then redefine that to be the new value of a. Else, and this is a new Python command for us today, we haven't seen this, else subtract a from b and redefine that to b. What the else statement does is that if your if statement ends up being false, you can give it a secondary line of code to run when that's the condition. So in this case, if a is bigger, subtract b from a, otherwise subtract a from b, and then it's gonna go back up to the top of the loop and it's gonna keep going, going, going until a and b ultimately end up being equal to each other, which means the loop will stop and it will show us the value of a, which is two, which we know is the greatest common divisor of two in 26. Let's real quick look at the visualization of this in code and notice it's only gonna take 40 steps for it to do it, which sounds like a lot, but for a computer goes really quickly. All right, let's take a look at this code run. So we'll step through and define our values for a and b to be two and 26 and we jump into the loop. So it's gonna compare those two and as long as they're not equal, which they are not, it will run the code. So it's gonna go to this if statement next and see if a is bigger than b, that's not true. So we're gonna hop over line five and we're gonna go to the content of the else statement instead. So it's going to do b minus a and store that back to b. So we should see b decreased by two when we run that next line of code. And it does and it goes back up to the top of the loop and checks are they equal yet? Nope, they're not. So we're gonna keep on going. Is a bigger than b? Nope, go to the else statement and this is gonna go on for a while. So we're gonna keep stepping through this code. We can see b continuing to be incrementing lower and lower until eventually it hits two. And now when we get to this while loop, it says while a is not equal to b, but they are equal. This is no longer a true statement. So we get out of the loop and we run the final line of code line nine, which will print to the screen our greatest common divisor. Take another look with slightly different numbers to see how it affects the runtime. So we can see here that a is a slightly bigger number now seven, all the rest of the code is exactly the same. And as we step through, we can see the same thing start at first. And if we increment until b is now smaller than a and now when we go to the next step, the if statement resolves to be true. So we're gonna run line five. So we're gonna subtract b from a and now a is the smaller one. So we're gonna run the else statement and now a is still smaller. We're on the else statement once more. B is now smaller. We'll run it again. And now the two are equal and it turns out we jump out of our loop and our greatest common divisor is one, which is true since a is prime. The biggest divisor it must have a 26 is one since b equals 26 does not have seven as a factor. That only took 25 steps even shorter. So certain conditions for a and b will cause us to run faster or slower, but we'll see it's not that many steps for the computer to do to get a greatest common divisor. That's the beauty of this algorithm. It operates very efficiently. We can see here that if we redo the example of 707 and 980 and find their greatest common divisor of seven, it only took 37 steps. It's actually less than two in 26 in order for the computer to do it. And if you put in really big numbers, so 765,873 and 3,945,934 only takes the computer 148 steps in order to do that to find that those two are actually relatively prime. They share no factors besides one. We'll continue to work with this algorithm throughout the course and these numbers will only get larger and larger as we do it. It turns out there's even a slightly more efficient way in the computer for us to do this. This is the way Euclid envisioned this algorithm, but we've been able to update it with modern times and operations that maybe Euclid was not quite aware of at the moment. So we can do a little bit better, but we'll save that for another lesson. Turns out there's an extension to this algorithm. We could even do better than just finding the greatest common divisor. If we just keep track, we do a little bookkeeping as we work through our algorithm. We can actually figure out not only what the greatest common divisor is, but if that greatest common divisor is one, we can actually find the multiplicative inverse, which is really why we care about this in this course, is that we're trying to find multiplicative inverses for our various sized alphabets. So what this extended Euclidean algorithm allows you to do is solve equations very efficiently that are in the form. The greatest common divisor between two numbers equals the first number times x plus the second number b times y. So we're gonna look for x's and y's that solve this equation and we'll see why that's important to us to finding multiplicative inverses in just a moment. When we can find that the greatest common divisor between our two numbers is one, and once you know x and y, you can mod by a or b in order to get the following equations or maybe more specifically the following equivalencies. You could see that one is going to be congruent to by mod a, because if I mod by a, if you look at our equation, well, they're in the middle of the screen, it says b y plus some multiple of a. So if I mod by a, the a x part is equivalent to a zero. It's just we're adding on some multiple of a, some multiple of our modulus. So it actually doesn't impact our congruent statement. Likewise, if we were to mod by b and get a congruent statement here, well, we're just left with a x because the original equation was a x plus b y, so multiple of b. So if we mod by b, those multiples are equivalent to adding zero once we get it down to our congruent statement. Why is that important? Well, if we know that two numbers are congruent to one in a particular modulus, then we know those two numbers are actually inverses of each other, multiplicative inverses of each other, which is what we're trying to do, find the multiplicative inverse in a particular modulus. Let's see how this all works out. Say we wanna find the multiplicative inverse of seven in mod 26. You might remember from a previous lesson what that is, but I'm not gonna tell you, see if you remember, and then we're gonna go ahead and figure it out. Our goal is to obtain some equation in the form of the greatest common divisor of a and b, such that it's equal to a x plus b y. So for these specific numbers, the greatest common divisor of seven and 26, we know is one, we just saw it, and we're looking for that one to be equal to seven x plus 26 y. So a in this case is our seven, our key, and 26 is our m or our modulus or the size of our alphabet. So this is the goal. We wanna get our equation to look like this so we can figure out what x and y are, and then once we get it into this form, we'll be able to find our inverse. Let's get to work. So to get there, we have to start with these equations, and they're gonna seem pretty obvious and maybe not very useful at first, but trust me, we're gonna put them to good use in just a moment. Equation one is just specifying that 26 is equal to seven times zero plus 26 times one. The second equation is that seven is equal to seven times one plus 26 times zero. While these aren't inherently helpful quite yet, they are somewhat in the form of what we're trying to get to. A number on the left is equal to seven times a multiple plus 26 times a multiple. And we're gonna keep rearranging this pair of equations and try and work our way to that equation form that we're hoping for, which is a one on the left, seven times a number plus 26 times a number on the right. And we can do that by subtracting off multiples of equation two from equation one. This is just like our Euclidean algorithm we saw earlier. So I could subtract off seven from 26, but I can see I could probably do that a few times. I'm gonna speed it up. I'm gonna subtract off three times the second equation from the first equation. So three times seven is 21. 21 subtracted from 26 gives me the five on the left-hand side of the equation and our third equation down here at the bottom. Seven times zero, subtracting off three times seven times one is gonna give me seven times negative three. And I'm gonna keep it in that form. I know that's the same thing as negative 21, but I'm gonna keep it in this form to help keep track of how many multiples of seven there are since that's the form of our goal equation. And we're gonna do the same thing with a 26. One times 26 minus three times zero times 26 is still just one times 26 on the right-hand side of the plus sign. So we now have a new equation. The left-hand side is five, it's not one, but five is closer to one than either seven or 26 was. And in fact, let's do the same thing again with these two new equations. We'll rename equation two to equation one and we'll name that new equation we just got to be our new equation two. And you see, we can do the same process again. I could subtract off just equation two from equation one. And when I do that seven minus five gives me two on the left, seven times one minus seven times negative three gives me seven times positive four. And then 26 times zero minus 26 times one gives me a plus 26 times negative one. And we can verify this is still correct. Our equation is still true. Two is equals to 28 plus negative 26. And again, it's not exactly the form that I want but the two on the left is getting me closer to that one equals. So let's do this one more time. Same step, new equations. We can subtract off two multiples of equation two from equation one. So five minus two times two gives me the one on the left. Ooh, that's what we're shooting for. We're getting close now. And on the right hand side of the equals if we subtract off seven times negative three and we subtract from that two times seven times four we'll get seven times negative 11. And on the right hand side, same thing with the multiples of 26 we'll obtain 26 times three. And we can verify that this is correct that the number is on the right hand side actually do add up to one. And we're at our goal. We've got our equation into the form that we were hoping for. Now why was that helpful? We got the solutions x is negative 11 and y is three. Let's use them. So remember we have one is equal to seven times negative 11 plus 26 times three. Our goal is to figure out what number seven could be multiplied by in order for it to equal or be congruent to one in mod 26. If we take this equation in mod by 26 that 26 times three is effectively adding by zero. Remember any number that you add multiples of 26 to in this case we've added three multiples of 26 are effectively adding by zero after we're done applying the mod operator in a mod of 26. So we're left with the statement that one is congruent to seven times negative 11 in mod 26. So seven and a negative 11 then meet our requirements to be multiplicative inverses. They multiply together to give you a congruency value of one in mod 26 we did it. Now conventionally we want our inverse keys to be between zero and 25 if we're working in mod 26. So we can just do our mod operator on negative 11 to find out its equivalent is 15 in mod 26. So we would say that seven and 15 are multiplicative inverses in mod 26. And we've now just seen how the extended Euclidean algorithm allows us to quickly compute that took a few steps. But we'll see that this is a nice way to do this because the numbers get larger and larger and larger. 26 possible attempts. Yeah, we could write a little loop to brute force this for us. But when our mod is in the hundreds or thousands of digits, we're not gonna wanna try them all. We won't be able to try them all. But this algorithm will still work relatively efficiently in order to get that same result. We'll learn how to program this algorithm a little bit later on in the course. But for now, we're gonna be doing this by hand. So it might be helpful to find a little shorthand so you don't have to keep writing down all of those computations, all of them. So the way we're gonna do that is we're gonna keep track of, you might have already picked up on this watching the work, all we really need to keep track of are those two numbers that represent the multiples of 26 and seven. So I'm gonna create a little table along the right-hand side here as we copy down the equations that we produced on the previous couple of slides. So far, I've got this first equation 26 and it has one multiple of 26 and zero multiples of seven in order to produce that total of 26. The second equation we have with seven was equal to 26 times zero plus seven times one. So I've marked those coefficients to 26 and seven as zero and one on the table on the right-hand side. Then we had five was equal to 26 times one plus seven times negative three. So I've written the five down the left-hand column and then the one in the negative three to keep track of the multiples of 26 and seven that are indicated in the two columns. And then two, negative one and four become the coefficients in the table for the next equation and then one, three, negative 11 on the last row. And we know that negative 11, the one under the seven column because we've modded by 26, that negative 11 is our inverse and that's how we've got to 15 being our multiplicative inverse. I think that working with these, just these coefficients on the right is gonna be a much quicker process for you. We don't really care about the 26 and the sevens in the equations, we just care about the coefficients that come along for the ride. And we can perform that same difference or subtraction between one row and the next without having to write everything down. I think that's a really speeded up for you. And that's our Euclidean algorithm, what it is, how to use it and why it always works. I think you'll find it to be a very efficient way for you to first verify that a particular number has a multiplicative inverse and a particular modulus and then use the extended version of the algorithm to figure out what that inverse is.