Download Document

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
Document related concepts
no text concepts found
Transcript 
Computability and Complexity
27-1
Primes
Computability and Complexity
Andrei Bulatov
Computability and Complexity
27-2
The Problem
Primes
Instance: A positive integer k.
Question: Is k prime?
The complement of Primes, the Composite problem, belongs
to NP. Therefore Primes is in coNP
Recently M.Agarwal et al. Proved that Primes can be solved in polynomial
time
(see http://www.cse.iitk.ac.in/news/primality.html)
However, the probabilistic algorithm we are going describe is far more efficient
Computability and Complexity
27-3
Residues
For a positive integer n, we denote
•
Z n the set {0,1,2,…,n –1}
•
Z n the set {1,2,…,n – 1}
• ,, x y addition, multiplication and exponentiation modulo n
Z n together with these operations is called the set of residues modulo n
Every integer m, positive or negative, has a corresponding residue —
m mod n
For example,
17 mod 5 = 2
20 mod 5 = 0
-1 mod 5 = 4
Computability and Complexity
27-4
Complexity of Arithmetic
Given two integers, a and b, we can compute
• a + b in O(max(log a, log b))
• a  b in O(log a  log b)
a b cannot be computed in polynomial time, because the size of this
number is blog a
It is possible modulo n
Let b1b2 bk be the binary representation of b (k = log b)
Then b  b0 20  b1 21    bk 2k that implies
0
k
1
a b (mod n )  a b0 2  a b1 2   a bk 2
20
21
2k
First, we consecutively compute a , a ,, a in
Then we compute the product again in O ( k log 2 n )
Computability and Complexity
Prime and Coprime
Integers a and b are called coprime if their greatest common divisor is 1
For example, 16 and 27 are coprime, and 15 and 18 are not
Theorem (Chinese Remainder Theorem)
If p and q are coprime then, for any a and b, there is x
such that
x  a (mod p )
x  b(mod q)
For example, if p = 5, q = 3, and a = 2, b = 1, then x can be
chosen to be 7
27-5
Computability and Complexity
Fermat’s Theorem
Theorem (Fermat’s Little Theorem)
If p is prime then, for any a  Z p we have a p1  1(mod p )
If the converse were true, we could use it for a probabilistic primality test:
• Choose k residues modulo n;
• Compute their n –1 powers;
• Accept if all results are 1 (mod n), reject otherwise
27-6
Computability and Complexity
Carmichael Numbers
Unfortunately, the converse is true just “almost”
Definition
A number n passes Fermat’s test if a p1  1(mod p ) for all a
coprime with n
A number that passes Fermat’s test is called pseudo-prime

One can straightforwardly check that, for any a  Z561
, coprime with 561,
a 560  1(mod 561)
561 is a Carmichael number
n is said to be a Carmichael number if, for any prime divisor p of n,
p –1 | n – 1
Pseudo-prime = Prime + Carmichael
27-7
Computability and Complexity
Roots of 1
A square root of 1 modulo n is a number a such that a 2  1(mod n )
Clearly, 1 and -1 (that is n – 1) are always roots of 1, but if n is
composite, then it may have more than two roots of 1
For example,
8 has four roots of 1: 1, -1, 3, and 5
561 has eight: 1, -1, 188, 373 (find the remaining four)
Lemma
Any Carmichael number has at least 8 roots of 1
27-8
Computability and Complexity
27-9
Algorithm
On input n
• if n is even, then if n = 2 accept, otherwise reject
• select randomly a1 , a2 ,, ak  Z n
• for i = 1 to k do
- if ain1  1(mod n) then reject
- let n – 1 = st where s is odd and t  2 h is a power of 2
s20
i
- compute the sequence a
s2 j
i
- if a
s21
i
,a
s2h
i
,, a
 1 then
let j be the maximal with this property
if ais2
• accept
j 1
 1 then reject
modulo n
Computability and Complexity
Analysis
First we show that the algorithm does not give false negatives, that is
it accepts all prime numbers
If n = 2 then n is accepted. Let n be an odd prime number
Then n passes Fermat test
n cannot be rejected in the last line, because n has only two roots of 1
27-10
Computability and Complexity
27-11
Next we show that if n is composite, then Pr[n accepted]  2k
A number a  Z n such that a does not pass either Fermat test or the
square root test, is called a witness
It is enough to prove that Pr[a is a witness]  1/2, or, in other words,
that at least half of the elements of Z n are witnesses
For every nonwitness d we find a witness d´ such that if d1  d 2
then d '1  d ' 2
s20
For a nonwitness a the sequence a , a
1s only, or it contains -1 followed by 1s
s21
, , a
s2h
either contains
Nonwitnesses of both types are present: 1 is a nonwitness of the first
type, and -1 is a nonwitness of the second type
Computability and Complexity
27-12
Let d be a nonwitness of the second type such that the –1 appears in the
largest position in the sequence
Let d s2  1 and d s2
j
j 1
1
Since n is composite, n = qr for some coprime q and r
Note that
1  1(mod q)
1  1(mod r )
and
 1  1(mod q)
 1  1(mod r )
By the Chinese Reminder Theorem, there is t such that
t  d (mod q)
t  1(mod r )
s2 j
t  1(mod q)
s2 j
t  1(mod r )
therefore
Hence t is a witness, because t s2  1(mod p ) but t s2
j
j 1
 1(mod p )
Computability and Complexity
27-13
Now, for every nonwitness a we set a´ = a · t
• a´ is a witness, because a s2  1(mod p ) and
j
(a' )
(a' )
s2 j
 ( at )
s2 j 1
s2 j
 ( at )
 t
s2 j 1
s2 j
t
 1(mod p )
s2 j 1
but
 1(mod p )
• if a1  a2 then a '1  a ' 2
Assume the contrary
a '1  a ' 2 (mod p )
ta1  ta2 (mod p )
Then, since t s2
j 1
 1(mod p ) we have t s2
Finally, we have
a1  t s2
j 1
1
 t  a1  t s2
j 1
1
 t  a2  a2
j 1
1
 t  1(mod p )
Related documents