前言
写给马上要考密码学的小伙伴
一、算法理论
1.1 算法
对于给定两个整数
a
a
a和
b
b
b,求其最大公因数
g
c
d
(
a
,
b
)
gcd(a,b)
gcd(a,b)还要求其系数
s
s
s和
t
t
t满足以下公式:
g
c
d
(
a
,
b
)
=
s
⋅
a
+
t
⋅
b
gcd(a,b)=s·a+t ·b
gcd(a,b)=s⋅a+t⋅b
在高等数学中,我们知道要求最大公因式
g
c
d
(
f
(
x
)
,
g
(
x
)
)
gcd(f(x),g(x))
gcd(f(x),g(x))可以连列以下等式:
{ f ( x ) = q 1 ( x ) g ( x ) + r 1 ( x ) g ( x ) = q 2 ( x ) r 1 ( x ) + r 2 ( x ) r 1 ( x ) = q 3 ( x ) r 2 ( x ) + r 3 ( x ) … … … r i − 2 ( x ) = q i ( x ) r i − 1 ( x ) + r i ( x ) … … … r s − 2 ( x ) = q s ( x ) r s − 1 ( x ) + r s ( x ) r s − 1 ( x ) = q s + 1 ( x ) r s ( x ) + 0 \left\{ \begin{aligned}{} f(x)&=q_{1}(x) g(x)+r_{1}(x) \\ g(x)&=q_{2}(x) r_{1}(x)+r_{2}(x) \\ r_{1}(x)&=q_{3}(x) r_{2}(x)+r_{3}(x) \\ &\ldots \ldots\ldots\\ r_{i-2}(x)&=q_{i}(x) r_{i-1}(x)+r_{i}(x) \\ &\ldots \ldots \ldots\\ r_{s-2}(x)&=q_{s}(x) r_{s-1}(x)+r_{s}(x)\\ r_{s-1}(x)&=q_{s+1}(x) r_{s}(x)+0\\ \end{aligned}\right. ⎩⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎨⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎧f(x)g(x)r1(x)ri−2(x)rs−2(x)rs−1(x)=q1(x)g(x)+r1(x)=q2(x)r1(x)+r2(x)=q3(x)r2(x)+r3(x)………=qi(x)ri−1(x)+ri(x)………=qs(x)rs−1(x)+rs(x)=qs+1(x)rs(x)+0
且由此可以得到
(
f
(
x
)
,
g
(
x
)
)
=
(
g
(
x
)
,
r
1
(
x
)
)
=
(
r
1
(
x
)
,
r
2
(
x
)
)
=
.
.
.
=
(
r
s
−
1
(
x
)
,
r
s
(
x
)
)
=
r
s
(
x
)
(f(x),g(x))=(g(x),r_1(x))=(r_1(x),r_2(x))=...=(r_{s-1}(x),r_s(x))=r_s(x)
(f(x),g(x))=(g(x),r1(x))=(r1(x),r2(x))=...=(rs−1(x),rs(x))=rs(x)
如此回推就可以得到
r
s
(
x
)
=
u
(
x
)
f
(
x
)
+
v
(
x
)
g
(
x
)
r_s(x)=u(x)f(x)+v(x)g(x)
rs(x)=u(x)f(x)+v(x)g(x)
通过整理快速计算 u ( x ) u(x) u(x)和 v ( x ) v(x) v(x)的方法,得到了拓展的欧几里得算法:
首先,我们先设计以下形式的矩阵:
(对Katex调整表格格式不是很熟悉,用Latex做了表截图过来了)
对任意临近的三行 i i i, j j j, k k k等式将满足以下等式:
{ q j = ⌊ β i 1 / β j 1 ⌋ β k 1 = β i 1 − q j ⋅ β j 1 β k 2 = β i 2 − q j ⋅ β j 2 β k 3 = β i 3 − q j ⋅ β j 3 \left\{ \begin{aligned}{} q_j&=\lfloor \beta_{i1} / \beta_{j1}\rfloor \\ \beta_{k1}&=\beta_{i1}-q_j·\beta_{j1} \\ \beta_{k2}&=\beta_{i2}-q_j·\beta_{j2} \\ \beta_{k3}&=\beta_{i3}-q_j·\beta_{j3} \\ \end{aligned}\right. ⎩⎪⎪⎪⎪⎨⎪⎪⎪⎪⎧qjβk1βk2βk3=⌊βi1/βj1⌋=βi1−qj⋅βj1=βi2−qj⋅βj2=βi3−qj⋅βj3
该矩阵以
β
s
+
1
,
1
=
0
\beta_{s+1,1}=0
βs+1,1=0 结尾,且每一行的数据满足
{
β
s
+
1
,
1
=
0
β
m
1
=
β
m
2
⋅
a
+
β
m
3
⋅
b
∀
m
∈
[
0
,
s
]
\left\{ \begin{aligned}{} \beta_{s+1,1}&=0 \\ \beta_{m1}&=\beta_{m2}·a+\beta_{m3}·b \quad \forall m \in [0,s] \end{aligned}\right.
{βs+1,1βm1=0=βm2⋅a+βm3⋅b∀m∈[0,s]
1.2 理解
在扩展的欧几里得算法中的
q
q
q和我们刚才讲到的高等代数中的
q
q
q用法是一样的,
β
i
1
\beta_{i1}
βi1的作用与
r
i
(
x
)
r_i(x)
ri(x)也是一样的,我们以最后
β
s
+
1
,
1
\beta_{s+1,1}
βs+1,1举例,这时实际上满足了
β
s
−
1
,
1
=
q
s
⋅
β
s
1
+
β
s
+
1
,
1
=
q
s
⋅
β
s
1
+
0
\beta_{s-1,1} =q_s· \beta_{s1}+\beta_{s+1,1}= q_s·\beta_{s1}+0
βs−1,1=qs⋅βs1+βs+1,1=qs⋅βs1+0
这与上文的
r
s
−
1
(
x
)
=
q
s
+
1
(
x
)
r
s
(
x
)
+
0
r_{s-1}(x)=q_{s+1}(x) r_{s}(x)+0
rs−1(x)=qs+1(x)rs(x)+0
是一致的,所以本质上拓展的欧几里得算法与我们熟悉的高等代数中的最大公因式的递推是一回事,接下来我们来探究以下等式:
β m 1 = β m 2 ⋅ a + β m 3 ⋅ b ∀ m ∈ [ 0 , s ] \beta_{m1}=\beta_{m2}·a+\beta_{m3}·b \quad \forall m \in [0,s] βm1=βm2⋅a+βm3⋅b∀m∈[0,s]
1.3 证明
可以发现在第0行和第1行,这个等式是显然成立的,那我们用递归法来考虑:
显然m=0和m=1时成立。
对于m>3,假设第
i
i
i行和第
j
j
j行满足等式,即
β
i
1
=
β
i
2
⋅
a
+
β
i
3
⋅
b
β
j
1
=
β
j
2
⋅
a
+
β
j
3
⋅
b
\beta_{i1}=\beta_{i2}·a+\beta_{i3}·b\\ \beta_{j1}=\beta_{j2}·a+\beta_{j3}·b
βi1=βi2⋅a+βi3⋅bβj1=βj2⋅a+βj3⋅b
由
β
k
1
\beta_{k1}
βk1的定义和
β
k
2
\beta_{k2}
βk2,
β
k
3
\beta_{k3}
βk3得到
得
β
k
1
=
β
k
2
⋅
a
+
β
k
3
⋅
b
\beta_{k1}=\beta_{k2}·a+\beta_{k3}·b
βk1=βk2⋅a+βk3⋅b
证毕
(对Katex怎么设置无花括号等号对齐不是很熟悉,在Latex上写完截图过来了)
二、示例
看一个例子:
求 g c d ( 321 , 843 ) gcd(321,843) gcd(321,843)
所以得到最大公因数是3,满足
3
=
(
−
21
)
∗
321
+
8
∗
843
3=(-21)*321+8*843
3=(−21)∗321+8∗843