binary GCD algorithm

The binary GCD algorithm, also known as Stein's algorithm or the binary Euclidean algorithm, is an algorithm that computes the greatest common divisor of two nonnegative integers. Stein's algorithm uses simpler arithmetic operations than the conventional Euclidean algorithm; it replaces division with arithmetic shifts, comparisons, and subtraction.

Although the algorithm in its contemporary form was first published by the Israeli physicist and programmer Josef Stein in 1967, it may have been known by the 2nd century BCE, in ancient China.

Algorithm

The algorithm reduces the problem of finding the GCD of two nonnegative numbers ''v'' and ''u'' by repeatedly applying these identities:

# gcd(0, ''v'') = ''v'', because everything divides zero, and ''v'' is the largest number that divides ''v''. Similarly, gcd(''u'', 0) = ''u''.
# gcd(''2u'', ''2v'') = 2·gcd(''u'', ''v'')
# gcd(''2u'', ''v'') = gcd(''u'', ''v''), if ''v'' is odd (2 is not a common divisor). Similarly, gcd(''u'', ''2v'') = gcd(''u'', ''v'') if ''u'' is odd.
# gcd(''u'', ''v'') = gcd(, ''u'' − ''v'', , min(''u'', ''v'')), if ''u'' and ''v'' are both odd.

Implementation

While the above description of the algorithm is mathematically-correct, performant software implementations typically differ from it in a few notable ways:
* eschewing trial division by 2 in favour of a single bitshift and the count trailing zeros primitive; this is functionally equivalent to repeatedly applying identity 3, but much faster;
* expressing the algorithm iteratively rather than recursively: the resulting implementation can be laid out to avoid repeated work, invoking identity 2 at the start and maintaining as invariant that both numbers are odd upon entering the loop, which only needs to implement identities 3 and 4;
* making the loop's body branch-free except for its exit condition (''v

0''): in the example below, the exchange of ''u'' and ''v'' (ensuring ''u ≤ v'') compiles down to conditional moves; hard-to-predict branches can have a large, negative impact on performance.

Following is an implementation of the algorithm in Rust exemplifying those differences, adapted from ''uutils'':

pub fn gcd(mut u: u64, mut v: u64) -> u64

Efficiency

The algorithm requires O(''n'') steps, where ''n'' is the number of bits in the larger of the two numbers, as every 2 steps reduce at least one of the operands by at least a factor of 2. Each step involves only a few arithmetic operations (O(1) with a small constant); when working with word-sized numbers, each arithmetic operation translates to a single machine operation, so the number of machine operations is on the order of log₂(max(''u'', ''v'')), i.e. ''n''.

However, the asymptotic complexity of this algorithm is O(n²), as those arithmetic operations (subtract and shift) each take linear time for arbitrarily-sized numbers (one machine operation per word of the representation). This is the same as for the Euclidean algorithm, though a more precise analysis by Akhavi and Vallée proved that binary GCD uses about 60% fewer bit operations.

Extensions

The binary GCD algorithm can be extended in several ways, either to output additional information, deal with arbitrarily-large integers more efficiently, or to compute GCDs in domains other than the integers.

The ''extended binary GCD'' algorithm, analogous to the extended Euclidean algorithm, fits in the first kind of extension, as it provides the Bézout coefficients in addition to the GCD, i.e. integers ''a'' and ''b'' such that ''a·u + b·v'' = gcd(''u'', ''v'').

In the case of large integers, the best asymptotic complexity is O(log ''n'' M(''n'')), with M(''n'') the cost of ''n''-bit multiplication; this is near-linear, and vastly smaller than the O(n²) of the binary GCD algorithm, though concrete implementations only outperform older algorithms for numbers larger than about 64 kilobits (''i.e.'' greater than 8×10¹⁹²⁶⁵). This is achieved by extending the binary GCD algorithm using ideas from the Schönhage–Strassen algorithm for fast integer multiplication.

The binary GCD algorithm has also been extended to domains other than natural numbers, such as Gaussian integers, Eisenstein integers, quadratic rings, integer rings of number fields, and arbitrary unique factorisation domains.

Historical description

An algorithm for computing the GCD of two numbers was known in ancient China, under the Han dynasty, as a method to reduce fractions:

The phrase "if possible halve it" is ambiguous,
* if this applies when ''either'' of the numbers become even, the algorithm is the binary GCD algorithm;
* if this only applies when ''both'' numbers are even, the algorithm is similar to the Euclidean algorithm.

See also

* Euclidean algorithm
* Extended Euclidean algorithm
* Least common multiple

References

, answer to exercise 39 of section 4.5.2

.

Further reading

*
Covers the extended binary GCD, and a probabilistic analysis of the algorithm.

*
Covers a variety of topic, including the extended binary GCD algorithm which outputs Bézout coefficients, efficient handling of multi-precision integers using a variant of Lehmer's GCD algorithm, and the relationship between GCD and continued fraction expansions of real numbers.

*
An analysis of the algorithm in the average case, through the lens of functional analysis: the algorithms' main parameters are cast as a dynamical system, and their average value is related to the invariant measure of the system's transfer operator.

External links

NIST Dictionary of Algorithms and Data Structures: binary GCD algorithm

Cut-the-Knot: Binary Euclid's Algorithm
at cut-the-knot

''Analysis of the Binary Euclidean Algorithm''
(1976), a paper by Richard P. Brent, including a variant using left shifts

{{DEFAULTSORT:Binary Gcd Algorithm
Number theoretic algorithms
Articles with example C code