# 数学代写|现代代数代考Modern Algebra代写|(Non-)Uniqueness of the gcd

The nonuniqueness of the gcd is a harmless nuisance from a mathematical point of view. But in software, we have to implement a function gcd with a unique output. In this section, we discuss one way of achieving this.

Since $\mathbb{Q}$ is a field, every nonzero rational number is a unit in $\mathbb{Q}$, and so $u a \sim a$ in $R=\mathbb{Q}[x]$ for all nonzero $u \in \mathbb{Q}$ and all $a \in R$. If we want to define a single element $\operatorname{gcd}(f, g) \in \mathbb{Q}[x]$, which one should we choose? In other words, how do we choose one representative from among all the multiples of $a$ ? A reasonable choice is the monic polynomial, that is, the one with leading coefficient 1 . Thus if $\operatorname{lc}(a) \in \mathbb{Q} \backslash{0}$ is the leading coefficient of $a \in \mathbb{Q}[x]$, then we take normal $(a)=$ $a / \operatorname{lc}(a)$ as the normal form of $a$. (This has nothing to do with the “normal EEA” on page 51.)

To make this work in an arbitrary Euclidean domain $R$, we assume that we have selected some normal form normal $(a) \in R$ for every $a \in R$ so that $a \sim \operatorname{normal}(a)$. We call the unit $u \in R$ with $a=u \cdot \operatorname{normal}(a)$ the leading unit $l u(a)$ of $a$. Moreover, we set $\operatorname{lu}(0)=1$ and $\operatorname{normal}(0)=0$. The following two properties are required:

• two elements of $R$ have the same normal form if and only if they are associate, – the normal form of a product is equal to the product of the normal forms.

These properties in particular imply that the normal form of any unit is 1 . We say that an element $a$ in normal form, so that $\operatorname{lu}(a)=1$, is normalized.

In our two main applications, integers and univariate polynomials over a field, we have natural normal forms. If $R=\mathbb{Z}, \operatorname{lu}(a)=\operatorname{sign}(a)$ if $a \neq 0$ and $\operatorname{normal}(a)=$ $|a|$ defines a normal form, so that an integer is normalized if and only if it nonnegative. When $R=F[x]$ for a field $F$, then letting $\operatorname{lu}(a)=\operatorname{lc}(a)$ (with the convention that $\operatorname{lu}(0)=1)$ and $\operatorname{normal}(a)=a / \operatorname{lc}(a)$ defines a normal form, and a nonzero polynomial is normalized if and only if it is monic.

We start with some applications. The first one is checking programs for correctness. In Part II of this book, we will see extremely fast algorithms for multiplication of large integers. These methods are also considerably more complicated than classical multiplication, and an implementation quite error-prone. So we may want to test correctness on many inputs. We take inputs $a$ and $b$, say positive integers of 10000 words each, and the output $c$ of 20000 words. Can we check that $a \cdot b=c$ without using our own software?

The solution is a modular test. We take a single-precision prime $p$ and check whether $a \cdot b \equiv c \bmod p$ (read ” $a \cdot b$ and $c$ are congruent modulo $p$ “), which means that $a \cdot b-c$ is divisible by $p$, or equivalently, $a \cdot b$ and $c$ have the same remainder on division by $p$. By (1) below, it is sufficient for this purpose to compute the remainders $a^=a$ rem $p, b^=b$ rem $p, c^=c$ rem $p$ and check whether $a^ \cdot b^* \equiv$ $c^* \bmod p$, since $a \cdot b \equiv a^* \cdot b^* \bmod p$. If this fails to hold, then clearly somewhere there is an error. How reliable is this test?

Of course, it can happen that $a b \neq c$ and $a^* b^* \equiv c^* \bmod p$. This happens if and only if $a b-c \neq 0$ is divisible by $p$. If each of our primes is at least $2^{63}$, then the product of $k$ of them at least $2^{63 \cdot k}$. Now $|a b-c|$ is a number with not more than 20000 words, and hence divisible by at most $\log _{2^{63}}\left(2^{64 \cdot 20000}\right) \leq 20318$ different primes. If we have a data base of 40636 single-precision primes and choose $p$ at random from these, then the test will fail to detect a software error with probability at most $1 / 2$ (assuming that the test itself is correctly implemented). There is an abundant supply of primes: over $2 \cdot 10^{17}$ 64-bit primes, and more than $90 \mathrm{mil}$ lion 32-bit primes, by the prime number theorem 18.7 (see also Exercise 18.18).

By standard tricks, such as rerunning the test or choosing a larger data base, this probability can be made arbitrarily small.

The technique can also be used to test equalities like $f \cdot g=h$ for polynomials $f, g, h$, by substituting a random value, or $A \cdot B=C$ for matrices $A, B, C$, by evaluating at a random vector.

