Extended Euclidean Algorithm: backward and forward form

Question

I'm confused about how to do the extended algorithm. For example, here's the gcd part gcd(8000,7001)

$$\begin{align}8000 &= 7001\cdot1 + 999\\ 7001&=999\cdot 7+8\\ 999&=8\cdot 124+7\\ 8&=7\cdot 1+1\\ 7&=1\cdot 7+0\\ \gcd(8000,7001)&=1\end{align}$$

Now, the extended algorithm

$$\begin{align}1 &= 8 - 1\cdot7\\ &= 8 - 1\cdot(999 - 8\cdot124)\\ &= -1\cdot999 + 8\cdot125\end{align}$$

How do you get this 8*125 from the previous line?

Answer 1

$\begin{eqnarray}\!\text{By the distributive law} && \, \ \color{#0af}8\:\!\ \overbrace{\ -\, 1\cdot(999\,-\,8\cdot 124)}^{\textstyle\ \ {-}1\,(a\!-\!b) = -a\! +\! b\ }\\[.2em] &=&\,\ \color{#0af}8\cdot\color{#c00}1\ \ -\ \ 999\, +\, 8\cdot\color{#c00}{124}\\[.2em] &=&\,\ 8\cdot\color{#0a0}{ 125} - 999,\ \ \,{\rm by}\,\ \ \color{#c00}{124 + 1} = \color{#0a0}{125}\end{eqnarray}$

The key idea that governs this back-substitution process is explained in detail in the note below. This common "$\rm\color{#90f}{back}$-substitution" extended Euclidean gcd algorithm is notoriously error-prone. Better, this $\rm\color{#90f}{forward}$ method is simpler to compute and easier to remember. It keeps track of each remainder's expression as a linear combination of the gcd arguments. Here we get the table below, where each line $\,\ a\ \ b\ \ c\ \,$ means $\ a = 8000\, b + 7001\, c.\ $

$\qquad\quad\, \begin{array}{rrr} [\![1]\!]\ \ \ \ 8000 & 1 & 0\\ [\![2]\!]\ \ \ \ 7001 & 0 & 1\\ [\![1]\!]\:\!\ -\:\!\ 1\,[\![2]\!]\,\to\,[\![3]\!] \ \ \ \ \ \ 999 & 1 & -1\\ [\![2]\!]\ \:\!-\:\!\ 7\,[\![3]\!]\,\to\,[\![4]\!]\ \ \ \ \ \ \ \ \ \ 8 & -7& 8\\ [\![3]\!]\!-\!125\,[\![4]\!]\,\to\,[\![5]\!]\ \ \ \ \ \ \ {-}1 & \!\!\color{#c00}{876} & \!\!\!\color{#0a0}{-1001}\\ \end{array}$

Thus the final line implies that: $\,-1 = \color{#c00}{876}(8000)\!\color{#0a0}{-\!1001}(7001)\,\ $ [= negated Bezout equation]

---

Another example: $ $ we compute $\rm\ gcd(141,19)\,$ as above, with the equations written explicitly

$\qquad\qquad\rm\begin{eqnarray} [\![1]\!]\ \ \ \, \color{#C00}{141}\!\ &=&\,\ \ 1&\cdot& 141\, +\ 0&\cdot& 19 \\ [\![2]\!]\quad\ \color{#C00}{19}\ &=&\,\ \ 0&\cdot& 141\, +\ 1&\cdot& 19 \\ \color{#940}{[\![1]\!]-7\,[\![2]\!]}\, \rightarrow\, [\![3]\!]\quad\ \ \ \color{#C00}{ 8}\ &=&\,\ \ 1&\cdot& 141\, \color{darkorange}{-\ 7}&\cdot& 19 \\ \color{#940}{[\![2]\!]-2\,[\![3]\!]}\,\rightarrow\,[\![4]\!]\quad\ \ \ \color{#C00}{3}\ &=& {-}2&\cdot& 141\, + \color{#90f}{15}&\cdot& 19 \\ \color{#940}{[\![3]\!]-3\,[\![4]\!]}\,\rightarrow\,[\![5]\!]\quad \color{#C00}{{-}1}\ &=&\,\ \ 7&\cdot& 141\, -\color{#0A0}{ 52}&\cdot& \color{#0A0}{19} \\ {\rm negating}\ \Rightarrow\ \ \ \ \ \ {1}\ &=& {-}7&\cdot& 141\, +\color{#0A0}{ 52}&\cdot& \color{#0A0}{19}\ \ \ \rm [Bezout\ equation] \end{eqnarray}$

The prior Bezout equation $\Rightarrow 141^{-1}\equiv \color{c00}{-7}\pmod{\!19},\,$ & $\,\color{#0a0}{19^{-1}\!\equiv 52}\pmod{\!141}\,$ by reducing the Bezout equation $\bmod19\,$ and $\bmod 141\,$ resp., cf. here. Thus we see that using the extended Euclidean algorithm to compute the gcd Bezout equation yields one method of computing modular inverses (and fractions). See here & here for more examples of this and related methods.

Equivalently $\!\bmod 141\!:\ \dfrac{0}{\color{#c00}{141}}\overset{\large\frown}\equiv\dfrac{1}{\color{#c00}{19}}\overset{\large\frown}\equiv\dfrac{\color{darkorange}{-7}}{\color{#c00}8}\overset{\large\frown}\equiv\dfrac{\color{#90f}{15}}{\color{#c00}{3}}\overset{\large\frown}\equiv\dfrac{\color{#0a0}{-52}}{\color{#c00}{-1}}\Rightarrow \color{#0a0}{19^{-1}\equiv 52},\,$ where we used a succinct fractional form of the above extended Euclidean algorithm, which boils down to viewing the above equations $\!\bmod 141.$

---

Note $ $ Back-substitution for $\,d=\gcd(r_1,r_2)\,$ works as follows: denote the Euclidean remainder sequence by $\,r_i,\,$ where $\,r_{k+1} := r_{k-1}\bmod r_k = r_{k-1} - q_k r_k.\,$ When the algorithm terminates it yields the gcd as an (obvious) linear combination of the final two remainders $\,r_k$ and $r_{k+1}.\,$ But we want the gcd as a linear combination of the initial "remainders" $\,r_1\,$ and $\,r_2\,$ (the gcd arguments). We achieve this by iteratively eliminating the highest index (least magnitude) remainder as follows. Starting with the gcd as a linear combination of the final two remainders $\,r_k\,$ and $\,r_{k+1},\,$ we substitute $\,r_{k+1} = r_{k-1} - q_k r_k\,$ which yields the the gcd as a linear combination of smaller indexed remainders $\,r_{k-1}\,$ and $\,r_k.\,$ Iterating this process of decrementing the indices we eventually express the gcd as a linear combination of $\,r_1\,$ and $\,r_2,\,$ which is the Bezout identity.

For example let's trace the back substitution process for the problem at hand:

$$ \begin{align} r_1 = 8000&\,=\,1\cdot 7001+\color{#90f}{999}\\ r_2 = 7001&\,=\,7\cdot 999+\color{#0a0}8\\ r_3\ =\ 999&\,=\,124\cdot 8+\color{#c00}7\\ r_4\ \ \ =\ \ \ \color{#0af}8&\,=\color{#0af}{1\cdot7+1}\\ r_5\ \ \ = \ \ \ 7&\,=\, 7\cdot1 + 0 \end{align}\qquad\qquad$$

The remainder sequence $\,r_i\,$ is $\,8000, 7001, 999,8,7.\,$ The 2nd last step $\, \color{#0af}{8 = 1\cdot 7 + 1}\,$ yields the gcd as a linear combination of the final two remainders, namely $\, 1 = 8-1\cdot 7,\,$ which we write as $\,1 = {\rm lc}(8,7).\,$ Substituting into this $\,\color{#c00}7 = 999-124\cdot 8\,$ yields $\,1 = {\rm lc}(999,8).\,$ Substituting into this $\,\color{#0a0}8 = 7001-7\cdot 999\,$ yields $\,1 = {\rm lc}(7001,999).\,$ Substituting $\,\color{#90f}{999} = 8000-1\cdot 7001,\,$ yields $\,1 = {\rm lc}(8000,7001),\,$ which yields the sought Bezout identity.

Answer 2

$$ \begin{align} 8000&=7001\cdot1+999\\ 7001&=999\cdot7+8\\ 999&=8\cdot124+7\\ 8&=7\cdot1+1\\[12pt] 1 &=8-7\cdot1\\ &=8-1(999-8\cdot124)\\ &=8\cdot125-1\cdot999\\ &=125(7001-7\cdot999)-1(8000-7001\cdot1)\\ &=126\cdot7001-1\cdot8000-875\cdot999\\ &=126\cdot7001-1\cdot8000-875\cdot(8000-7001)\\ &=1001\cdot7001-876\cdot8000 \end{align} $$ As Bill Dubuque mentions, the back-substitution method is hard to follow, and therefore, error-prone. There is also Euclid-Wallis version of the Extended Euclidean Algorithm: $$ \begin{array}{r} &&1&7&124&1&7\\\hline \color{#C00000}{1}&0&1&-7&869&\color{#C00000}{-876}&7001\\ 0&\color{#00A000}{1}&-1&8&-993&\color{#00A000}{1001}&-8000\\ \color{#C00000}{8000}&\color{#00A000}{7001}&999&8&7&\color{#0000FF}{1}&0\\ \end{array} $$ Which gives $1001\cdot7001-876\cdot8000=1$