Proving correctness of Euclid's GCD Algorithm through Induction

Question

So I'm completely stuck on how to prove Euclid's GCD Algorithm, given that we know the theorem $\texttt{gcd}(a, b) = \texttt{gcd}(b, a -b)$ as well as $\texttt{gcd}(a, b) = (b, a \bmod b)$

How would we go about proving the correctness of the algorithm, essentially that the GCD returned call it $d$, by $\texttt{gcd}(a, b)$ is correct for all pairs of $(a, b)$?

My instinct is to use induction, but I don't quite understand what we would be using induction on.. I find the two theorems straightforward, but I don't quite understand how to apply them in a manner to begin an induction proof (I'm thinking strong induction) to show that the algorithm correctly computes the GCD for all pairs $(a, b)$ such that $a \in \mathbb{N}$, $b \in \mathbb{N}$ and $a > b$ since if $b > a$ the algorithm will simply switch the two.

I've referred to the CLRS book where they provide proofs of the theorems (but I understand the theorems and don't have to prove these) but am still completely stuck on how to move forward. I imagined starting with some base case such as $$gcd(1,0)$$ or $$gcd(2, 0)$$ or $$gcd(2, 1)$$ but from there I'm not sure what we're using induction on, or what the inductive step really would be. I understand we basically have to show that the algorithm gets down to our base case, that is $a \bmod b $ is $0$, the last remainder stored by the function is returned and that is our gcd.

I also went through some examples with numbers, like $gcd(55, 34)$ and continuously applied the theorem that $gcd(a, b) = gcd(b, a - b)$ to see that the recursive call finally ends in $gcd(1, 1)$ and $1 \bmod 1$ = $0$, so $1$ is returned.

Could someone please shed some light on how to move forward? Have spent significant time trying to attempt this proof.

https://en.wikipedia.org/wiki/Euclidean_algorithm#Proof_of_validity — Maximilian Janisch, Jan 23 '20 at 23:59
Thanks, I'm a bit confused of how we manage to get down to that final non-zero remainder, $r_{n - 1}$ though. How would I go about proving that? I don't think I could come close to giving a two-step argument since it seems I'm lacking the understanding of how to prove it.. — fibonnaci_0_1_1, Jan 24 '20 at 00:06
My (informal) idea is that you recursively construct remainders $r_i$ which satisfy $r_{i}>r_{i+1}$. Since all the $r_i$ are positive integers, it follows that for some $N$ we have $r_N=0$ and there will be no more remainders. (Indeed it is not too hard to prove formally that there is no infinite sequence of integers $r_1>r_2>\dots>0$.) — Maximilian Janisch, Jan 24 '20 at 00:31
Okay, I tried that with an example and definitely see how that works and eventually we get down to a finite number of remainders, like you said, $N$ number of remainders.. I don't understand how to prove this for a general case of all pairs $(a, b)$ though.. Any thoughts? — fibonnaci_0_1_1, Jan 24 '20 at 02:31

CopyPasteIt · Accepted Answer · 2020-01-25T13:23:41.357

The key here, quoting from the section Infinite descent in the wikipedia article on mathematical induction, is

$\quad$ ... there are no infinite decreasing sequences of natural numbers

Here we provide constructions/hints and leave the organization/exposition of the theory to the interested reader.

Recall that we have the first projection mapping $\pi_1$ on $\Bbb Z^{+} \times \Bbb Z^{+}$ defined by:

$\quad \forall \, (m,m) \in \Bbb Z^{+} \times \Bbb Z^{+} : \pi_1(m,n)=m$

Define $P = \{ (m,n) \in \Bbb Z^{+} \times \Bbb Z^{+} \mid m \ge n \} $. Recall that the set $P$ contains the diagonal set

$\quad \quad \quad \Delta_{\mathbb Z^{+}} = \{(d,d) \mid d \in \mathbb Z^{+}\}$.

We define the function $F: P \to P$ as follows

$$ F(m,n) = \left\{\begin{array}{lr} (m,n) & \text{if } m = n\\ (m-n,n) & \text{if } m-n \ge n\\ (n,m-n) & \text{if } m-n \lt n\\ \end{array}\right\} $$

If $(m,n) \in P$ we can apply the $\text{gcd}$ function. Note that for elements $(d,d)$ in the diagonal $\Delta_{\mathbb Z^{+}}$,

$\tag 1 \text{gcd}(d,d) = d$

Now it is well known that

$\tag 2 \text{gcd}(m,n) = \text{gcd}\big(F(m,n)\big)$

For fixed $(s,t)$ in the domain of $F$ we define a sequence

$\tag 3 a_k = \pi_1 \circ F^k(s,t)$

By using the absurdity of an infinite descent, the sequence $(a_k)$ eventually 'stops decreasing and remains constant. That happens precisely when the algorithm $F$ 'hits the diagonal.

So the algorithm $F$ 'gets us' to the diagonal in a finite number of steps, and from there we can just 'read off' greatest common divisor.

Example: Let $m = 28$ and $n = 10$ so that $(m,n)$ belongs to the domain of $F$.

$\quad F(28,10) = (18, 10)$
$\quad F(18,10) = (10, 8)$
$\quad F(10,8) = (8, 2)$
$\quad F(8,2) = (6, 2)$
$\quad F(6,2) = (4, 2)$
$\quad F(4,2) = (2, 2)$ STOP

Of course if you don't want to stop you can continue to apply $F$. But the points on the diagonal are exactly the fixed points of $F$, so you will quickly lose interest.

The point $(2,2) \in \Delta_{\mathbb Z^{+}}$ and so $\text{gcd}(28,10) = 2$.

Thank you for the help, but unfortunately, I literally cannot follow anything after the first line where you define the cartesian product of $Z^+ \times Z^+$. It seems I lack the requisite knowledge of "projection mapping" and diagonal sets. — fibonnaci_0_1_1, Jan 24 '20 at 04:32
I suggest you keep applying the function $F$ to the ordered pair $(55, 34)$ - should look familiar! — CopyPasteIt, Jan 24 '20 at 12:55
Thanks, I did that and see what it evaluates to (it stops at $gcd(1,1)$) but I still have difficulties in how to translate this into an induction proof. — fibonnaci_0_1_1, Jan 24 '20 at 20:11

score 2 · Answer 2 · answered Jan 24 '20 at 04:05

2

Hint Use (strong) induction on $a+b$. Note that $(a-qb)+b<a+b$ as long as $q \neq 0$, which is always the case when you divide the largest number by the smallest, i.e. $a \geq b$.

answered Jan 24 '20 at 04:05

N. S.

132,525

Thank you! I agree that $(a - qb) + b < a + b$ whenever $q \neq 0$ and we always have $q > 0$ since it must be at least $1$, so $q \geq 1$. Could you possibly give me a hint as to the base cases? I feel like we're basically showing that the last remainder the $n^{th}$ one is $0$, and the last nonzero remainder is the gcd... – fibonnaci_0_1_1 Jan 24 '20 at 04:48
Base case is $(a,b)=(1,0)$. Induction hypothesis: $a\geq b, a+b\leq k, k\geq 1$. Then do the case $a\geq b,a+b=k+1$ by considering two subcases: $b=0$ or $b>0$, where the first subcase is true because $\gcd(a,0)=a$, and the second subcase is reduced to the induction hypothesis, as in the hint. – Pythagoras Jan 24 '20 at 13:27
@fibonnaci_0_1_1 The base case is $a+b=1$ which means $a=1,b=0$, there is nothing to prove here. And as Pythagoras already pointed in the comment, in the inductive step you can assume that $a \geq b$ and discuss the two cases $b=0, b>0$ separately. – N. S. Jan 24 '20 at 14:56
@Pythagoras Thanks! So base case of $(a, b) = (1, 0)$ essentially shows that $gcd(1, 0)$ returns a; i.e., returns 1.
Then for IH, we are assuming $a \geq b$, $a + b \leq k$, $k \geq 1$ and for the first case, when b = 0, we already know that we will return $a$.. If $b > 0$ we will end up with $gcd(a, b) = gcd(b, a - b)$? I don't understand how the second subcase is reduced to the IH... I feel like that's the missing link here maybe? I believe that I'm close but not quite sure.
– fibonnaci_0_1_1 Jan 24 '20 at 17:19
@N.S. how is the second subcase $b > 0$ properly addressed? Is it just showing how the problem keeps reducing, and hit's the base case eventually? I don't know what I'm screwing up here.. – fibonnaci_0_1_1 Jan 24 '20 at 17:24
@fibonnaci_0_1_1 When $b>0$, you have to prove that $a=bq+r$. Now, you have $gcd(b,r)=gcd(b,a-qb)$. Note that the above Lemma applied repeatedly gives $gcd(a-bq,b)=gcd(a,b)$. So, you know that $$gcd(b,r)=gcd(a,b)$$ Since $b+r<a+b$ by the one of the previous steps, the Euclidian algorithm applied to $(b,r)$ gives you the gcd$(b,r)=gcd(a,b)$. To finish, you simply have to observe that the Euclidian algorithm applied to $(a,b)$, after the first step becomes the Euclidian algorith applied to $(b,r)$. – N. S. Jan 24 '20 at 18:44
@fibonnaci_0_1_1 I am assuming that by the EA you mean: divide $a$ to $b$, then $b$ to $r_1$, then $r_1$ to $r_2$ and so on. If you mean replace $(a,b)$ by $(a-b,b)$ the idea is exactly the same, the details of teh proof are slightly different – N. S. Jan 24 '20 at 18:45
@fibonacci_0_1_1 As in N.S’s hint, use the more efficient version $\gcd(a,b)=\gcd(b,r)$, where $r=a-qb$, so necessarily $0\leq r<b$, and of course $r+b<a+b$, which is reduced to IH. – Pythagoras Jan 24 '20 at 19:13
@N.S. yes, I do mean that by mentioning the EA. So you're saying essentially that with $$gcd(a, b)$$ = $$gcd(b, r)$$ where $$r = a - bq$$ we can say that $$gcd(a, k +1)$$ = $$gcd(k + 1, r)$$ where $$k + 1 = rq_0 + r_0$$ so $$gcd(k + 1, r)$$ = $$gcd(r, r_0)$$? – fibonnaci_0_1_1 Jan 24 '20 at 20:01
@Pythagoras is the above using the hint correctly..? I think I'm still screwing this up. – fibonnaci_0_1_1 Jan 24 '20 at 20:02
Because you are making induction on $a+b$, you need to write $b=k+1-a$ in the induction step, namely when $a+b=k+1$, one has $\gcd(a,b)=\gcd(b,r),$ where $b=k+1-a$ and $r=a-qb <b$. Since $b+r\leq k$, $\gcd(b,r)$ (hence $\gcd(a,b)$) can be computed by the induction hypothesis. Hence by the principle of mathematical induction, $\gcd(a,b)$ can be computed for all ordered pairs $(a,b)$ with $a\geq b\geq 0,$ and $a,b$ not both zero. – Pythagoras Jan 24 '20 at 20:26
Thanks again for helping.. Really not getting the whole concept of induction on $a + b$, could we make induction on either $a$, or $b$ or the pair? – fibonnaci_0_1_1 Jan 24 '20 at 20:37
@fibonnaci_0_1_1 To make this clear: Define a new letter $n=a+b$. Do induction by $n$. What does $P(1),.., P(n) \Rightarrow P(n+1)$ means in this situation, it means you know this holeds whenever when $a+b=1$ or $a+b=2$,.., or $a+b=n$ and you need to prove it holds when $a+b=n+1$. – N. S. Jan 24 '20 at 21:14
@fibonnaci_0_1_1 If you want to do induction by the pair $(a,b)$ you need to find a well ordering of ${ (a,b) : 0 \leq b \leq a }$ and do induction by that. This is exactly what CopyPasteIt is saying in his answer. – N. S. Jan 24 '20 at 21:15

score 0 · Answer 3 · answered Jan 26 '20 at 02:54

Here we give a complete proofs accepting the following as true,

Proposition 1: For any two distinct integers $a,b \in \Bbb Z^{+}$ with $a \gt b$,

$\tag 1 \text{gcd}(a,b) = \text{gcd}(a-b,b)$

Define $P = \{ (m,n) \in \Bbb Z^{+} \times \Bbb Z^{+} \mid m \ge n \} $. Recall that the set $P$ contains the diagonal set

$\quad \quad \quad \Delta_{\mathbb Z^{+}} = \{(d,d) \mid d \in \mathbb Z^{+}\}$.

To avoid any confusion define the function $G: P \to \mathbb Z^{+}$ as follows

$\tag 2 (a,b) \mapsto \text{gcd}(a,b)$

Note that no calculations are necessary to compute $G(z)$ when $z \in \Delta_{\mathbb Z^{+}}$.

We also define the function $F: P \to P$ as follows

$$\tag 3 F(a,b) = \left\{\begin{array}{lr} (a,b) & \text{if } a = b\\ (a-b,b) & \text{if } a-b \ge b\\ (b,a-b) & \text{if } a-b \lt b\\ \end{array}\right\} $$

Note that a point $z \in P$ is a fixed point of the function $F$ if and only if $z \in \Delta_{\mathbb Z^{+}}$.

Proposition 2: For every $z \in P$ and integer $k \ge 1$ the following holds

$\tag 4 G(z) = G(F^k(z))$ Proof
We prove the proposition using simple induction.
Base Case $k=1$:
If $z \in \Delta_{\mathbb Z^{+}}$ then obviously $G(z) = G(F(z))$.
Otherwise, we simply translate proposition 1 to this setting.
Step Case: Assume $\text{(4)}$ is true.
If $F^k(z) \in \Delta_{\mathbb Z^{+}}$ then $G(F^{k+1}(z)) = G(F^{k}(z)) = G(z)$, so that has been addressed.
Otherwise, we simply translate proposition 1 to this setting while using the transitivity property of the equality relation. $\quad \blacksquare$

Proposition 3: For every $z \in P$ there exist a $k \ge 1$ such that $F^k(z) \in \Delta_{\mathbb Z^{+}}$.
Proof
We shall use Fermat's method of descent.
Assume the statement

$\tag 5 Q(n) : n := a + b \land (a,b) \in P \land [\forall k \ge 1, \, F^k(a,b) \notin \Delta_{\mathbb Z^{+}}]$

is true.
Letting $\pi_1$ and $\pi_2$ denote the first and second projection mappings defined on $\mathbb Z^{+} \times \mathbb Z^{+}$ (see definitions here), we define

$\quad a' = \pi_1(F(a,b)) \text{ and } b' = \pi_2(F(a,b))$

and can then write as true

$\tag 6 Q(m) : m := a' + b' \land (a',b') \in P \land [\forall k \ge 1, \, F^k(a',b') \notin \Delta_{\mathbb Z^{+}}]$

where $m \lt n$.

By reductio ad absurdum, $\text{(5)}$ must rejected. $\quad \blacksquare$

Proving correctness of Euclid's GCD Algorithm through Induction

3 Answers3

Linked