Prime Numbers

9.1 Tour of “grammar-school” methods 445
where δn is 0 for n odd, else x2 n/2 for n even. It is clear that each column
component wn involves about half the size-B multiplies required for the
general multiplication algorithm. Of course, final carry operations must be
performedonthewn, togetthefinaldigitsznof the product z = x2 , but
in most practical instances, this squaring is indeed roughly twice as fast as a
multiple-precision multiply. There exist in the literature some very readable
expositions of the squaring algorithm and related algorithms. See, for example,
[Menezes et al. 1997].
There is an elegant, if simple, argument showing that general multiplication
has no more than twice the complexity of squaring. One invokes the
identity
4xy =(x + y) 2 − (x − y) 2 , (9.4)
which indicates that a multiplication can be effected by two squarings and a
divide by four, this final divide presumed trivial (as, say, a right-shift by two
bits). This observation is not just academic, for in certain practical scenarios
this algebraic rule may be exploited (see Exercise 9.6).
9.1.3 Div and mod
Div and mod operations are omnipresent in prime-number and factorization
studies. These operations often occur in combination with multiplication, in
fact, this symbiosis is exploited in some of the algorithms we shall describe.
It is quite common that one spends computation effort on operations such as
xy (mod p), for primes p, or in factorization studies xy (mod N) whereN is
to be factored.
It is a primary observation that the mod operation can hinge on the
div operation. We shall use, as before, the notation x mod N to denote the
operation that results in the least nonnegative residue of x (mod N), while
the greatest integer in x/N, denoted by ⌊x/N⌋, isthedivresult.(Insome
computer languages these operations are written “x%N” and“x div N,”
respectively, while in others the integer divide “x/N” means just div, while
in yet others the div is “Floor[x/N],” and so on.) For integers x and positive
integers N, a basic relation in our present notation is
x mod N = x − N⌊x/N⌋. (9.5)
Note that this relation is equivalent to the quotient–remainder decomposition
x = qN + r, with q, r being respectively the div and mod results under
consideration. So the div operation begets the mod, and we can proceed with
algorithm descriptions for div.
Analogous to “grammar-school” multiplication is, of course, the elementary
method of long division. It is fruitful to contemplate even this simple
long division algorithm, with a view to enhancements. In the normal execution
of long division in a given base B, the divisor N is first justified to the
left, with respect to the dividend x. Thatistosay,apowerB b of the base
is found such that m = B b N ≤ x