gcd (ak-1, ak) = ak, and therefore ak is the desired GCD. This algorithm can be extended [1, p. 302] to yield integers u~ and v~ such that ulal ~- via2 ~- al, i = 1, ... , k. (2) When gcd (al, a~) = 1, it follows that uka~ + vka2 = 1, and therefore uk is an inverse Journal of the Association for Computing Machinery, Vol. 18, No. 4, October 1971

480 w.s. BROWN of al modulo a2, while vk is an inverse of a2 modulo al. If only uk is needed, as in Step (1) of the Chinese remainder algorithm (Section 4.8), then one need not compute v~, • • • , vk ; if al >> a2, the time saved may be substantial. 1.5 THE ALGORITHM FOR POLYNOMIALS. We shall consider two fundamentally different generalizations of Euclid's algorithm (Section 1.4) to domains of poly- nomials. In the classical algorithm (Section 2), we view a multivariate polynomial as a univariate polynomial with polynomial coefficients, and we construct a sequence of polynomials of successively smaller degree. Unfortunately, as the polynomials de- crease in degree, their coefficients (which may themselves be polynomials) tend to grow, so the successive steps tend to become harder as the calculation progresses. If the GCD's of these inflated coefficients are required, the problem is aggravated-- especially in the multivariate case, where the grov¢th may be compounded through several levels of recursion. If the coefficient domain is a field, this same remark ap- plies to any GCD's of numerators and denominators that are required to simplify inflated coefficients. If coefficients in a field are not simplified, then the division steps become harder faster, and the final result, although formally correct, may be prac- tically useless. In the modular algorithm (Section 4) we first project the given polynomials into one or more simpler domains in which images of the GCD can more easily be com- puted. The true GCD is then constructed from these images with the aid of the Chinese remainder algorithm. Since the same method is used for the required GCD computations in the image spaces, it is only necessary to apply Euclid's algorithm to integers and to univariate polynomials with coefficients in a finite field. 1.6 RECENT HISTORY. During the past decade these algorithms have been studied intensively by G. E. Collins, and (mostly in response to Collins' work) by the author. The first major advance was the discovery by Collins [7] of the subresultant PRS algorithm (Section 3.6), which effectively controls coefficient growth without any GCD computations in the coefficient domain or any subdomain thereof. Then, after several years of improvement and consolidation, Collins and the author (working independently but with some communication) discovered the essentials of the modu- lar algorithm (Section 4) which completely eliminates the problem of coefficient growth by using modular arithmetic. With a very few hints from Collins and the author, D. E. Knuth immediately grasped most of the key ideas and published a sketch of a similar algorithm [1, pp. 393-395].
