Probabilistic Algorithms
|
|
- Edwin Haynes
- 5 years ago
- Views:
Transcription
1 Probabilistic Algorithms Klaus Sutner Carnegie Mellon University Fall Some Probabilistic Algorithms Probabilistic Primality Testing RP and BPP Where Are We? 3 Examle 1: Order Statistics 4 We have an aarently correct abstract definition of randomness, regrettably but necessarily one that excludes comutability. On the other hand, there are methods to get reasonably random bits by iteration (Mersenne twister) or via uantum hysics (Quantis card). We can use these seudo-random bits to seed u algorithms. It remains to identify comlexity classes that corresond to these randomized algorithms, and check how they relate to traditional classes. We are given a list A a 1,..., a n and some index k, 1 k n. The roblem is to find the k-smallest element in the list: ord(k, A) a k where a 1, a 2,..., a n is the sorted version of the list. For simlicity, assume all elements are distinct, so there is a uniue solution. Secial cases: k 1: min, k n: max, k n/2: median. Verifying in Linear Time 5 Remember: QuickSort 6 The obvious answer is: sort the damn seuence. Alas, this is overkill and does more than the roblem secifies. For small values of k we could also use a buffer. Here is a different idea: if someone gave us an alleged solution b, we could easily verify that b is the right answer: count the elements less than b and check that there are exactly k 1 of them. b ord(k, A) { i a i < b } k 1. Of course, verification is not enough, we need get our hands on b. So we need to ick the element b that is larger than exactly k 1 others. Insight: This looks vaguely (OK, very vaguely) like the artitioning techniue from uick sort. < > Suose we ick some ivot at random and artition. If in fact ord(k, A) then the left block will have size k 1.
2 Partitioning 7 A Beautiful Theorem 8 Of course, in general ord(m, A) for some m k and the left block will have size m 1. Let s write (B,, C) for the result of artitioning with ivot and let m be the osition of after artitioning. If m k: return. If m > k reeat with (B, k). If m < k reeat with (C, k m). If we are out of luck, this will lead to bad slits and linear recursion deth. But if we ick the ivot at random this method is very fast on average. For uite some time it was believed that order statistics was as difficult as sorting and could not be done in less than log-lin time for the worst case (assuming that that only full comarisons between one item and another are ossible). In fact, eole tried to show that sorting could be reduced to order statistics. It was a huge surrise when finally divide-and-conuer algorithm was found that runs in a linear time. Unfortunately, the constants are so bad that the algorithm is of no ractical imortance. Partitioning solves the order statistics roblem in exected linear time. Theorem (Blum, Floyd, Pratt, Rivest, Tarjan 1973) Order statistics can be handled in linear time. Examle 2: Polynomial Identities 9 Counting Roots 10 Problem: Polynomial Zero Testing (PZT) Instance: A olynomial P (x 1,..., x n) with integer coefficients. Question: Is P identically 0? Wait, this is totally trivial... Yes, but there is a glitch: P need not be given in exlicit form as a cofficient vector. For examle, we could have P P 1 P 2... P r where the P i are olynomials. Of course, we can obtain the exlicit form by multilying out, but that is a otentially exonential oeration. In fact, we should think of the olynomial as given in form of a straight-line rogram or an arithmetic circuit using oerations {+,, }. Let F be a field (such as the rationals, reals, comlexes). (Schwartz-Ziel 1980) Let P F[x 1,..., x n] be of degree d and S F a set of cardinality s. If P is not identically zero, then P has at most d s n 1 roots in S. Proof. The roof is by induction on n, the number of variables. The case n 1 is clear. For n > 1, define d 1 and P 1(x 2,..., x n) to be the degree of x 1 in P and the coefficient, resectively. Hence P (x 1,..., x n) x d 1 P 1(x 2,..., x n) + stuff. Suose a 2,..., a n S is a root of P 1, by induction we know there are at most s n 1 (d d ) such roots. Then a, a 2,..., a n could be a root for P for all a S. Otherwise, there are at most d such roots. Adding, we get the claim. Schwartz s Method, II 11 Examle 3: Perfect Matchings 12 The set S F here could be anything. For examle, over Q we might choose S {0, 1, 2,..., s 1}. The main alication of the lemma is to give a robabilistic algorithm to check whether a olynomial is identically zero. Suose P is not identically zero and has degree d. Choose a oint a S n uniformly at random and evaluate P (a). Then Pr[P (a) 0] d s So by selecting S of cardinality 2d the error robability is 1/2. Note that the number of variables lays no role in the error bound. To lower the error bound, we can reeat the basic ste (relying on indeendence), or we can increase s. Some combinatorial roblems can be translated relatively easily into PZT. For examle, suose G {1, 2,..., n}, E is a undirected grah. Define its Tutte matrix by x ij if (i, j) E and i < j, A(i, j) x ij if (i, j) E and i > j, 0 otherwise. The determinant of this matrix is a olynomial in u to n 2 variables x ij. Theorem (Tutte 1947) G has a erfect matching iff its Tutte matrix has non-zero determinant.
3 Comuting the Determinant 13 Unimressed? 14 The idea behind the roof is that in the standard reresentation of the determinant M sign(π) M i,π(i). π i This result holds for general grahs, not just biartite ones. The roof is significantly harder in the general case. In the end, one obtains an O(n 2 e) algorithm, but it s tricky. erfect matchings π contribute a term, but nothing else does. Hence, in exlicit form, M can be exonentially large. But we can use Schwartz s lemma to determine whether it is zero in olynomial time, with small error robability. J. Edmonds Paths, Trees, and Flowers Canad. J. Math. 17(1965) Background: Quadratic Residues 16 Some Probabilistic Algorithms The multilicative subgrou of Z m is Z m { x Z m gcd(x, m) 1 } 2 Probabilistic Primality Testing Definition (Quadratic Residues) a Z m is a uadratic residue modulo m if x 2 a (mod m) has a solution over Z m, and a uadratic non-residue otherwise. RP and BPP Thus Z m can be artitioned into QR m and QNR m. For examle QR 7 {1, 2, 4} QNR 7 {3, 5, 6} Another Examle 17 Legendre Symbol 18 Here are the 2 uadratic residues a for m 20, a comosite modulus, together with the solutions to x 2 a (mod m). a : x 1 : 1, 9, 11, 19 9 : 3, 7, 13, 17 The non-residues are 3, 7, 11, 13, 17, 19. This was done by brute-force comutation (comute suares mod m). Is there a way to check efficiently whether a number is a uadratic residue? Suose is an odd rime and z Z. The Legendre symbol LS (z, ) is defined by: { +1 if z is a uadratic residue, LS (z, ) 1 otherwise. Proosition LS (z, ) z ( 1)/2 (mod ). Write M(k) for the number of stes needed in multilying two k-bit numbers. Then the roosition rovides an O(lg M(lg )) algorithm to comute LS (z, ): use a fast exonentiation algorithm modulo. Unfortunately, we need to be an odd rime here.
4 Jacobi Symbol 19 Key Proerties 20 Suose 1... r where the i are ( odd) rimes, not necessarily distinct, z relatively rime to. The Jacobi symbol is defined by: ( ) z LS (z, 1) LS (z, 2)... LS (z, r) { 1, +1}. If we knew the i then we could easily comute the Jacobi symbol according to its definition. But what if all we know is? The following roerties of the Jacobi symbol will hel in finding an algorithm. The roof is uite elementary. z ( ) z ( ) z1 z 2 ( ) 1 1 ( ) z mod ( ) z1 ( ) z2 ( ) { 1 1 if 3 (mod 4), +1 otherwise. ( ) { 2 1 if 3, 5 (mod 8), +1 otherwise. Law of Quadratic Recirocity 21 Jacobi Symbol Algorithm 22 We need one more ingredient for the algorithm. This is one of Gauss s favorite results, he gave several roofs for it. Theorem (C. F. Gauss 1798) Let, be two odd rimes. Then we have ( ) ( ) if 3 (mod 4), ) + otherwise. ( The theorem together with the roosition makes it ossible to aly mods to cut down the size of the numbers (much like in the comutation of the GCD). We may safely assume 0 < <. sign 1; while( > 0 ) { while( even ) { // eliminating even art / 2; if( mod 8 3, 5 ) sign -sign; } swa and ; // uadratic recirocity if(, 3 mod 4 ) sign -sign; mod ; } if( 1 ) return sign else return 0; // corimality broken Analysis 23 Jacobi Examle 24 First note that the algorithm maintains the invariant: 0 < <, both odd. If both numbers are corime, they will stay so during the execution of the loo (we return 0 if it turns out that corimality is violated). Correctness now follows from the mentioned roerties of the Jacobi symbol. For running time, note that all the numbers have at most k bits where k is the length of and. Hence, all the arithmetic oerations are olynomial time. The same argument that shows that Euclidean algorithm is olynomial time can be used to show that the loo executes no more than 2k times. With a little more effort one can show that the algorithm runs in time O(log log ). The following table shows the comutation for 117 and 271. Result: 1. sign
5 Who Cares? 25 Solovay-Strassen 26 The Jacobi symbol is an extension ) of the Legendre symbol in the sense that whenever is rime we have LS (, ). Note, however, that ( ( ) +1 no longer imlies that is a QR modulo. For examle, ( 2 9 ) ( 2 3 ) 2 1 but 2 QNR 9. Hence we now have two different ways to comute the Legendre symbol for rime. This is the basic ( idea ) behind the Solovay-Strassen algorithm: ick z at random and comute in two ways, say, with results LS 1 and LS 2. z If LS 1 LS 2 then is not rime; if LS 1 LS 2 then is rime with a certain high robability. Solovay-Strassen Primality Testing Algorithm Inut: n ick z at random, 1 < z < n if gcd(z, n) > 1 then return NO LS 1 z (n 1)/2 (mod n) LS 2 ( ) z n if LS 1 LS 2 then return NO else return YES? Correctness 27 It s a Grou 28 Theorem (Solovay-Strassen) If n is rime, the Solovay-Strassen test returns YES?; otherwise, the test returns NO with robability at least 1/2. The running time is O(log n M(log n)). Proof. Suose n is comosite and consider the set S of bad choices for our algorithm where we get a false ositive: { ( S z Zn z (n 1)/2 z ) n } (mod n). Claim: S Z n /2. First note the S is a subgrou because of the multilicativity roerty of the Jacobi symbol. It remains to show that S is roer. Assume otherwise, so that in articular z n 1 1 (mod n) for all z Z n. Consider the rime factor e of n with maximal exonent e and set m n/ e. Pick a generator g for the multilicative subgrou of Z e (which is known to exist). By the CRT, there is an element a Zn such that a g (mod e ) and a 1 (mod m). From our assumtions, a n 1 1 (mod n), and therefore g n 1 1 (mod e ), so that ord(g; Z e) n 1. Proof, Cont d 29 If e > 1 then we have ord(g; Z e) e 1 ( 1) n 1, a contradiction. If e 1( then ) n must be suare-free and contain ( at ) least two rime factors. Clearly 1 since g is a generator, and 1 for all the other rime a factors of n. Hence a (n 1)/2 ( a n ) 1 (mod n). But that contradicts a 1 (mod m). It follows that n is comosite then the robability of the Solovay-Strassen algorithm returning NO is at last 1/2. a Some Probabilistic Algorithms Probabilistic Primality Testing 3 RP and BPP Note that Solovay-Strassen shows that Comosite is in NP (also shown by V. Pratt in 1975 using a different method).
6 Probabilistic Classes 31 Probabilistic Turing Machines 32 These examles and many more make it temting to exand our comlexity zoo a bit: there should be comlexity classes corresonding to robabilistic algorithms. For anyone familiar with nondeterministic classes like NP this is not much of a stretch: we already have comutation trees Technically, it is convenient to define a robabilistic Turing machine (PTM) M to be a Turing machine accetor with two transition functions δ 0 and δ 1. At each ste in the comutation, M chooses δ 0/1 with robability 1/2 (and, of course, indeendently of all other choices). Write M(x) 2 for the random variable that indicates accetance/rejection. We say that M runs in time t(n) if it halts in at most t( x ) stes regardless of the random choices made. So there may be as many as 2 t(n) branches in the comutation tree of M on an inut x of length n. All we need to do is imose additional conditions on acceting branches. Bounding Error 33 BPP 34 The critical art of any argument here will be a bound on errors. There are two tyes of errors that are a riori indeendent. We would like M(x) L(x) for some language L 2. Alas... False Positives We may have x / L but M(x) 1. Remedy: Pr[ M(x) 1 x / L ] small. False Negatives We may have x L but M(x) 0. Remedy: Pr[ M(x) 0 x L ] small. We get different robabilistic classes by imosing different constraints on false ositives/negatives. Let t : N N be a reasonable running time and L 2 a language. Definition (Bounded Error Probabilistic Polynomial Time) A PTM M decides L in time t(n) if for all x 2, M on x halts in at most t( x ) stes (regardless of random choices) and Pr[M(x) L(x)] 2/3 BPP is the class of all languages decided by a PTM in time O(oly). BPP seems to cature the intuitive notion of a roblem efficiently solvable by a feasible (ossibly robabilistic) algorithm very well. BPP, Again 35 The Old Classic 36 To be clear: by Pr[M(x) L(x)] 2/3 we mean x L Pr[M(x) 1] 2/3 x / L Pr[M(x) 0] 2/3 So the machine can make errors in both directions, but the robability of false ositives/negatives is at most 1/3. This is uite different from classes like NP where there are no errors when x / L. Prime, the roblem of determining whether a number is rime, is obviously in co-np. V. Pratt showed that Prime is in NP by constructing short witnesses to rimality, a clever use of basic number theory. Alas, his method does not yield a BPP algorithm. Probabilistic rimality testing algorithm showed Prime to be in BPP, but it was not known to be in P. Then in 2002 Agrawal, Kayena and Saxena ruined everything by showing that Prime is in P (using no more than high school arithmetic in the rocess).
7 Projections 37 Truth Amlification (aka Error Reduction) 38 The magic constant 2/3 in these definitions is by no means sacred. As with NP, one can avoid the funky robabilistic Turing machines by invoking witnesses. Theorem L is in BPP iff there is a olynomial time deterministic Turing machine M and a olynomial such that for all x 2 : Pr[M(x, w) L(x) : w 2 ( x ) ] 2/3 Again, this is different from NP in that we reuire not just one witness but lots of them. This shows that BPP EXP: we can simly enumerate the otential witnesses and count the good ones. Define a new class BPP to contain all languages L such that there exists a oly time PTM M such that for some constant c: Theorem BPP BPP Sketch of roof. Pr[M(x) L(x)] 1/2 + x c For any constant d, we can design a new PTM M such that Pr[M (x) L(x)] 1 2 x d M simly runs M 8 x 2c+d times and takes a majority vote. The correctness roof uses a Chernoff bound. Closure 39 Proof 40 BPP is closed under union, intersection and comlement. Proof. Closure under comlementation follows directly from the definitions. To show closure under intersection, suose M i decides L i in BPP, i 1, 2. Build a new machine M that does the following: Comute b i M i(x). Return min(b 1, b 2). We need to show that M is a BPP machine. Case 1: x L 1 L 2 Then Pr[M(x) 1] 2/3 2/3 4/9, which can be fixed by amlifying M 1 and M 2. Case 2: x / L 1 L 2 Pr[M(x) 0] Pr[M 1(x) 0 M 2(x) 0] Pr[M 1(x) 0] + Pr[M 2(x) 0] Pr[M 1(x) 0 M 2(x) 0] 2/3 For the last ste, consider the three cases x / L 1 L 2, x L 1 L 2 and x L 2 L 1. One-Sided Error 41 The Other Side 42 A BPP machine can make errors in both directions. Here is a more restricted version where in the case of a NO-instance the answer is always NO. Definition x L Pr[M(x) 1] 2/3 x / L Pr[M(x) 0] 1 RP is the class of all languages decided by a one-sided error PTM in olynomial time. Similarly one defines co RP, the comlements of all languages in RP. So this means no false negatives, but otentially false ositives. PZT via Schwartz-Ziel and Solovay-Strassen are both in co RP (or in RP if you fli the uestion). There is a similar truth amlification result as for BPP. So RP roduces no false ositives, but may roduce false negatives, with low robability. It follows immediately that RP NP; alas, closure under comlementation vanishes. RP is closed under union and intersection.
8 Zero-Sided Error 43 Clocking a ZPP Algorithm 44 Here is a wild idea: how about a PTM that never makes a mistake? x L M(x) 1 x / L M(x) 0 Here is the glitch: for some comutations the running time may not be olynomial; the machine is fast only on average. ZPP is the class of all such PTM with exected olynomial running time. These are also called Las Vegas algorithms, as oosed to the more civilized Monte Carlo algorithms. The randomized version of uicksort can be construed as a Las Vegas tye algorithm (though withing oly time): with small robability it will have uadratic running time, on average the running time is log-linear. In reality, we would use a clock to halt the algorithm if it has not returned any (necessarily correct) answer after a olynomial amount of time. In this case we can think of the outut as don t know. A roblem is in ZPP iff it has an always-correct algorithm that has olynomial average-case running time. If we get a don t know we just run the the algorithm again. PP 45 Some Inclusions 46 The most ermissive class of randomized olynomial time comutation is obtained by considering PTM with oly running time and error bounds x L Pr[M(x) 1] > 1/2 x / L Pr[M(x) 1] 1/2 So in this case the error might get arbitrarily close to 1/2 deending on the inut (say, for inut of size n it s 1/2 + 2 n ). This wreaks havoc with arguments based on reeating the algorithm to amlify truth. PP is closed under comlement, union and intersection, but the roofs reuire uite a bit of effort. P ZPP RP co RP RP, co RP BPP PP Some would argue that BPP is a better formalization of the elusive notion of efficiently solvable roblem than P. However, it is not unreasonable to conjecture that P BPP, so there may be no class between the two descritions. One can show that PP PSPACE by counting acceting comutations. And NP? 47 Alas, the relationshi between BPP and NP is currently oen. It is known, though, that BPP Σ 2 Π 2 near the bottom of the olynomial time hierarchy. It follows that P NP imlies P BPP.
Jacobi symbols and application to primality
Jacobi symbols and alication to rimality Setember 19, 018 1 The grou Z/Z We review the structure of the abelian grou Z/Z. Using Chinese remainder theorem, we can restrict to the case when = k is a rime
More informationMATH 2710: NOTES FOR ANALYSIS
MATH 270: NOTES FOR ANALYSIS The main ideas we will learn from analysis center around the idea of a limit. Limits occurs in several settings. We will start with finite limits of sequences, then cover infinite
More informationMATH 361: NUMBER THEORY EIGHTH LECTURE
MATH 361: NUMBER THEORY EIGHTH LECTURE 1. Quadratic Recirocity: Introduction Quadratic recirocity is the first result of modern number theory. Lagrange conjectured it in the late 1700 s, but it was first
More informationMATH342 Practice Exam
MATH342 Practice Exam This exam is intended to be in a similar style to the examination in May/June 2012. It is not imlied that all questions on the real examination will follow the content of the ractice
More informationMath 4400/6400 Homework #8 solutions. 1. Let P be an odd integer (not necessarily prime). Show that modulo 2,
MATH 4400 roblems. Math 4400/6400 Homework # solutions 1. Let P be an odd integer not necessarily rime. Show that modulo, { P 1 0 if P 1, 7 mod, 1 if P 3, mod. Proof. Suose that P 1 mod. Then we can write
More informationPseudorandom Sequence Generation
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Crytograhy and Comuter Security Handout #21 Professor M. J. Fischer November 29, 2005 Pseudorandom Seuence Generation 1 Distinguishability and
More informationA CONCRETE EXAMPLE OF PRIME BEHAVIOR IN QUADRATIC FIELDS. 1. Abstract
A CONCRETE EXAMPLE OF PRIME BEHAVIOR IN QUADRATIC FIELDS CASEY BRUCK 1. Abstract The goal of this aer is to rovide a concise way for undergraduate mathematics students to learn about how rime numbers behave
More informationAdvanced Cryptography Midterm Exam
Advanced Crytograhy Midterm Exam Solution Serge Vaudenay 17.4.2012 duration: 3h00 any document is allowed a ocket calculator is allowed communication devices are not allowed the exam invigilators will
More informationLecture 9: Connecting PH, P/poly and BPP
Comutational Comlexity Theory, Fall 010 Setember Lecture 9: Connecting PH, P/oly and BPP Lecturer: Kristoffer Arnsfelt Hansen Scribe: Martin Sergio Hedevang Faester Although we do not know how to searate
More informationCS 6260 Some number theory. Groups
Let Z = {..., 2, 1, 0, 1, 2,...} denote the set of integers. Let Z+ = {1, 2,...} denote the set of ositive integers and = {0, 1, 2,...} the set of non-negative integers. If a, are integers with > 0 then
More informationRECIPROCITY LAWS JEREMY BOOHER
RECIPROCITY LAWS JEREMY BOOHER 1 Introduction The law of uadratic recirocity gives a beautiful descrition of which rimes are suares modulo Secial cases of this law going back to Fermat, and Euler and Legendre
More informationMA3H1 TOPICS IN NUMBER THEORY PART III
MA3H1 TOPICS IN NUMBER THEORY PART III SAMIR SIKSEK 1. Congruences Modulo m In quadratic recirocity we studied congruences of the form x 2 a (mod ). We now turn our attention to situations where is relaced
More informationSQUARES IN Z/NZ. q = ( 1) (p 1)(q 1)
SQUARES I Z/Z We study squares in the ring Z/Z from a theoretical and comutational oint of view. We resent two related crytograhic schemes. 1. SQUARES I Z/Z Consider for eamle the rime = 13. Write the
More informationCryptanalysis of Pseudorandom Generators
CSE 206A: Lattice Algorithms and Alications Fall 2017 Crytanalysis of Pseudorandom Generators Instructor: Daniele Micciancio UCSD CSE As a motivating alication for the study of lattice in crytograhy we
More informationBy Evan Chen OTIS, Internal Use
Solutions Notes for DNY-NTCONSTRUCT Evan Chen January 17, 018 1 Solution Notes to TSTST 015/5 Let ϕ(n) denote the number of ositive integers less than n that are relatively rime to n. Prove that there
More informationMobius Functions, Legendre Symbols, and Discriminants
Mobius Functions, Legendre Symbols, and Discriminants 1 Introduction Zev Chonoles, Erick Knight, Tim Kunisky Over the integers, there are two key number-theoretic functions that take on values of 1, 1,
More informationx 2 a mod m. has a solution. Theorem 13.2 (Euler s Criterion). Let p be an odd prime. The congruence x 2 1 mod p,
13. Quadratic Residues We now turn to the question of when a quadratic equation has a solution modulo m. The general quadratic equation looks like ax + bx + c 0 mod m. Assuming that m is odd or that b
More informationElementary Analysis in Q p
Elementary Analysis in Q Hannah Hutter, May Szedlák, Phili Wirth November 17, 2011 This reort follows very closely the book of Svetlana Katok 1. 1 Sequences and Series In this section we will see some
More informationMath 261 Exam 2. November 7, The use of notes and books is NOT allowed.
Math 261 Eam 2 ovember 7, 2018 The use of notes and books is OT allowed Eercise 1: Polynomials mod 691 (30 ts In this eercise, you may freely use the fact that 691 is rime Consider the olynomials f( 4
More informationON THE LEAST SIGNIFICANT p ADIC DIGITS OF CERTAIN LUCAS NUMBERS
#A13 INTEGERS 14 (014) ON THE LEAST SIGNIFICANT ADIC DIGITS OF CERTAIN LUCAS NUMBERS Tamás Lengyel Deartment of Mathematics, Occidental College, Los Angeles, California lengyel@oxy.edu Received: 6/13/13,
More informationMath 104B: Number Theory II (Winter 2012)
Math 104B: Number Theory II (Winter 01) Alina Bucur Contents 1 Review 11 Prime numbers 1 Euclidean algorithm 13 Multilicative functions 14 Linear diohantine equations 3 15 Congruences 3 Primes as sums
More informationp-adic Measures and Bernoulli Numbers
-Adic Measures and Bernoulli Numbers Adam Bowers Introduction The constants B k in the Taylor series exansion t e t = t k B k k! k=0 are known as the Bernoulli numbers. The first few are,, 6, 0, 30, 0,
More informationApproximating min-max k-clustering
Aroximating min-max k-clustering Asaf Levin July 24, 2007 Abstract We consider the roblems of set artitioning into k clusters with minimum total cost and minimum of the maximum cost of a cluster. The cost
More informationOn generalizing happy numbers to fractional base number systems
On generalizing hay numbers to fractional base number systems Enriue Treviño, Mikita Zhylinski October 17, 018 Abstract Let n be a ositive integer and S (n) be the sum of the suares of its digits. It is
More informationCryptography. Lecture 8. Arpita Patra
Crytograhy Lecture 8 Arita Patra Quick Recall and Today s Roadma >> Hash Functions- stands in between ublic and rivate key world >> Key Agreement >> Assumtions in Finite Cyclic grous - DL, CDH, DDH Grous
More informationMAS 4203 Number Theory. M. Yotov
MAS 4203 Number Theory M. Yotov June 15, 2017 These Notes were comiled by the author with the intent to be used by his students as a main text for the course MAS 4203 Number Theory taught at the Deartment
More informationOutline. EECS150 - Digital Design Lecture 26 Error Correction Codes, Linear Feedback Shift Registers (LFSRs) Simple Error Detection Coding
Outline EECS150 - Digital Design Lecture 26 Error Correction Codes, Linear Feedback Shift Registers (LFSRs) Error detection using arity Hamming code for error detection/correction Linear Feedback Shift
More informationThe Hasse Minkowski Theorem Lee Dicker University of Minnesota, REU Summer 2001
The Hasse Minkowski Theorem Lee Dicker University of Minnesota, REU Summer 2001 The Hasse-Minkowski Theorem rovides a characterization of the rational quadratic forms. What follows is a roof of the Hasse-Minkowski
More information#A47 INTEGERS 15 (2015) QUADRATIC DIOPHANTINE EQUATIONS WITH INFINITELY MANY SOLUTIONS IN POSITIVE INTEGERS
#A47 INTEGERS 15 (015) QUADRATIC DIOPHANTINE EQUATIONS WITH INFINITELY MANY SOLUTIONS IN POSITIVE INTEGERS Mihai Ciu Simion Stoilow Institute of Mathematics of the Romanian Academy, Research Unit No. 5,
More informationMersenne and Fermat Numbers
NUMBER THEORY CHARLES LEYTEM Mersenne and Fermat Numbers CONTENTS 1. The Little Fermat theorem 2 2. Mersenne numbers 2 3. Fermat numbers 4 4. An IMO roblem 5 1 2 CHARLES LEYTEM 1. THE LITTLE FERMAT THEOREM
More informationFactorability in the ring Z[ 5]
University of Nebraska - Lincoln DigitalCommons@University of Nebraska - Lincoln Dissertations, Theses, and Student Research Paers in Mathematics Mathematics, Deartment of 4-2004 Factorability in the ring
More informationLecture 24: Randomized Complexity, Course Summary
6.045 Lecture 24: Randomized Complexity, Course Summary 1 1/4 1/16 1/4 1/4 1/32 1/16 1/32 Probabilistic TMs 1/16 A probabilistic TM M is a nondeterministic TM where: Each nondeterministic step is called
More informationThe Graph Accessibility Problem and the Universality of the Collision CRCW Conflict Resolution Rule
The Grah Accessibility Problem and the Universality of the Collision CRCW Conflict Resolution Rule STEFAN D. BRUDA Deartment of Comuter Science Bisho s University Lennoxville, Quebec J1M 1Z7 CANADA bruda@cs.ubishos.ca
More informationA Social Welfare Optimal Sequential Allocation Procedure
A Social Welfare Otimal Sequential Allocation Procedure Thomas Kalinowsi Universität Rostoc, Germany Nina Narodytsa and Toby Walsh NICTA and UNSW, Australia May 2, 201 Abstract We consider a simle sequential
More informationElliptic Curves Spring 2015 Problem Set #1 Due: 02/13/2015
18.783 Ellitic Curves Sring 2015 Problem Set #1 Due: 02/13/2015 Descrition These roblems are related to the material covered in Lectures 1-2. Some of them require the use of Sage, and you will need to
More informationGOOD MODELS FOR CUBIC SURFACES. 1. Introduction
GOOD MODELS FOR CUBIC SURFACES ANDREAS-STEPHAN ELSENHANS Abstract. This article describes an algorithm for finding a model of a hyersurface with small coefficients. It is shown that the aroach works in
More informationMath 5330 Spring Notes Prime Numbers
Math 5330 Sring 208 Notes Prime Numbers The study of rime numbers is as old as mathematics itself. This set of notes has a bunch of facts about rimes, or related to rimes. Much of this stuff is old dating
More informationQUADRATIC RECIPROCITY
QUADRATIC RECIPROCITY JORDAN SCHETTLER Abstract. The goals of this roject are to have the reader(s) gain an areciation for the usefulness of Legendre symbols and ultimately recreate Eisenstein s slick
More informationMATH 371 Class notes/outline October 15, 2013
MATH 371 Class notes/outline October 15, 2013 More on olynomials We now consider olynomials with coefficients in rings (not just fields) other than R and C. (Our rings continue to be commutative and have
More informationTopic: Lower Bounds on Randomized Algorithms Date: September 22, 2004 Scribe: Srinath Sridhar
15-859(M): Randomized Algorithms Lecturer: Anuam Guta Toic: Lower Bounds on Randomized Algorithms Date: Setember 22, 2004 Scribe: Srinath Sridhar 4.1 Introduction In this lecture, we will first consider
More informationCSC 5170: Theory of Computational Complexity Lecture 5 The Chinese University of Hong Kong 8 February 2010
CSC 5170: Theory of Computational Complexity Lecture 5 The Chinese University of Hong Kong 8 February 2010 So far our notion of realistic computation has been completely deterministic: The Turing Machine
More informationt s (p). An Introduction
Notes 6. Quadratic Gauss Sums Definition. Let a, b Z. Then we denote a b if a divides b. Definition. Let a and b be elements of Z. Then c Z s.t. a, b c, where c gcda, b max{x Z x a and x b }. 5, Chater1
More informationSets of Real Numbers
Chater 4 Sets of Real Numbers 4. The Integers Z and their Proerties In our revious discussions about sets and functions the set of integers Z served as a key examle. Its ubiquitousness comes from the fact
More informationANALYTIC NUMBER THEORY AND DIRICHLET S THEOREM
ANALYTIC NUMBER THEORY AND DIRICHLET S THEOREM JOHN BINDER Abstract. In this aer, we rove Dirichlet s theorem that, given any air h, k with h, k) =, there are infinitely many rime numbers congruent to
More informationQUADRATIC RECIPROCITY
QUADRATIC RECIPROCITY JORDAN SCHETTLER Abstract. The goals of this roject are to have the reader(s) gain an areciation for the usefulness of Legendre symbols and ultimately recreate Eisenstein s slick
More informationDISCRIMINANTS IN TOWERS
DISCRIMINANTS IN TOWERS JOSEPH RABINOFF Let A be a Dedekind domain with fraction field F, let K/F be a finite searable extension field, and let B be the integral closure of A in K. In this note, we will
More informationAlmost All Palindromes Are Composite
Almost All Palindromes Are Comosite William D Banks Det of Mathematics, University of Missouri Columbia, MO 65211, USA bbanks@mathmissouriedu Derrick N Hart Det of Mathematics, University of Missouri Columbia,
More informationSolution sheet ξi ξ < ξ i+1 0 otherwise ξ ξ i N i,p 1 (ξ) + where 0 0
Advanced Finite Elements MA5337 - WS7/8 Solution sheet This exercise sheets deals with B-slines and NURBS, which are the basis of isogeometric analysis as they will later relace the olynomial ansatz-functions
More informationComputational Complexity Theory
Computational Complexity Theory Marcus Hutter Canberra, ACT, 0200, Australia http://www.hutter1.net/ Assumed Background Preliminaries Turing Machine (TM) Deterministic Turing Machine (DTM) NonDeterministic
More informationMultiplicative group law on the folium of Descartes
Multilicative grou law on the folium of Descartes Steluţa Pricoie and Constantin Udrişte Abstract. The folium of Descartes is still studied and understood today. Not only did it rovide for the roof of
More informationMATH 3240Q Introduction to Number Theory Homework 7
As long as algebra and geometry have been searated, their rogress have been slow and their uses limited; but when these two sciences have been united, they have lent each mutual forces, and have marched
More informationNUMBER SYSTEMS. Number theory is the study of the integers. We denote the set of integers by Z:
NUMBER SYSTEMS Number theory is the study of the integers. We denote the set of integers by Z: Z = {..., 3, 2, 1, 0, 1, 2, 3,... }. The integers have two oerations defined on them, addition and multilication,
More informationSection 0.10: Complex Numbers from Precalculus Prerequisites a.k.a. Chapter 0 by Carl Stitz, PhD, and Jeff Zeager, PhD, is available under a Creative
Section 0.0: Comlex Numbers from Precalculus Prerequisites a.k.a. Chater 0 by Carl Stitz, PhD, and Jeff Zeager, PhD, is available under a Creative Commons Attribution-NonCommercial-ShareAlike.0 license.
More informationProof Nets and Boolean Circuits
Proof Nets and Boolean Circuits Kazushige Terui terui@nii.ac.j National Institute of Informatics, Tokyo 14/07/04, Turku.1/44 Motivation (1) Proofs-as-Programs (Curry-Howard) corresondence: Proofs = Programs
More informationAdleman Theorem and Sipser Gács Lautemann Theorem. CS422 Computation Theory CS422 Complexity Theory
Adleman Theorem and Sipser Gács Lautemann Theorem CS422 Computation Theory CS422 Complexity Theory Complexity classes, N, co N, SACE, EXTIME, H, R, RE, ALL, Complexity theorists: "Which is contained in
More information#A64 INTEGERS 18 (2018) APPLYING MODULAR ARITHMETIC TO DIOPHANTINE EQUATIONS
#A64 INTEGERS 18 (2018) APPLYING MODULAR ARITHMETIC TO DIOPHANTINE EQUATIONS Ramy F. Taki ElDin Physics and Engineering Mathematics Deartment, Faculty of Engineering, Ain Shams University, Cairo, Egyt
More informationHENSEL S LEMMA KEITH CONRAD
HENSEL S LEMMA KEITH CONRAD 1. Introduction In the -adic integers, congruences are aroximations: for a and b in Z, a b mod n is the same as a b 1/ n. Turning information modulo one ower of into similar
More informationAnalysis of some entrance probabilities for killed birth-death processes
Analysis of some entrance robabilities for killed birth-death rocesses Master s Thesis O.J.G. van der Velde Suervisor: Dr. F.M. Sieksma July 5, 207 Mathematical Institute, Leiden University Contents Introduction
More informationCDH/DDH-Based Encryption. K&L Sections , 11.4.
CDH/DDH-Based Encrytion K&L Sections 8.3.1-8.3.3, 11.4. 1 Cyclic grous A finite grou G of order q is cyclic if it has an element g of q. { 0 1 2 q 1} In this case, G = g = g, g, g,, g ; G is said to be
More informationPractice Final Solutions
Practice Final Solutions 1. True or false: (a) If a is a sum of three squares, and b is a sum of three squares, then so is ab. False: Consider a 14, b 2. (b) No number of the form 4 m (8n + 7) can be written
More informationCSCI 1590 Intro to Computational Complexity
CSCI 1590 Intro to Computational Complexity Randomized Computation John E. Savage Brown University April 15, 2009 John E. Savage (Brown University) CSCI 1590 Intro to Computational Complexity April 15,
More information-bit integers are all in ThC. Th The following problems are complete for PSPACE NPSPACE ATIME QSAT, GEOGRAPHY, SUCCINCT REACH.
CMPSCI 601: Recall From Last Time Lecture 26 Theorem: All CFL s are in sac. Facts: ITADD, MULT, ITMULT and DIVISION on -bit integers are all in ThC. Th The following problems are complete for PSPACE NPSPACE
More information4. Score normalization technical details We now discuss the technical details of the score normalization method.
SMT SCORING SYSTEM This document describes the scoring system for the Stanford Math Tournament We begin by giving an overview of the changes to scoring and a non-technical descrition of the scoring rules
More informationPrimes - Problem Sheet 5 - Solutions
Primes - Problem Sheet 5 - Solutions Class number, and reduction of quadratic forms Positive-definite Q1) Aly the roof of Theorem 5.5 to find reduced forms equivalent to the following, also give matrices
More informationCMSC 425: Lecture 4 Geometry and Geometric Programming
CMSC 425: Lecture 4 Geometry and Geometric Programming Geometry for Game Programming and Grahics: For the next few lectures, we will discuss some of the basic elements of geometry. There are many areas
More informationThe Arm Prime Factors Decomposition
The Arm Prime Factors Decomosition Arm Boris Nima arm.boris@gmail.com Abstract We introduce the Arm rime factors decomosition which is the equivalent of the Taylor formula for decomosition of integers
More informationRANDOM WALKS AND PERCOLATION: AN ANALYSIS OF CURRENT RESEARCH ON MODELING NATURAL PROCESSES
RANDOM WALKS AND PERCOLATION: AN ANALYSIS OF CURRENT RESEARCH ON MODELING NATURAL PROCESSES AARON ZWIEBACH Abstract. In this aer we will analyze research that has been recently done in the field of discrete
More informationVerifying Two Conjectures on Generalized Elite Primes
1 2 3 47 6 23 11 Journal of Integer Sequences, Vol. 12 (2009), Article 09.4.7 Verifying Two Conjectures on Generalized Elite Primes Xiaoqin Li 1 Mathematics Deartment Anhui Normal University Wuhu 241000,
More informationCERIAS Tech Report The period of the Bell numbers modulo a prime by Peter Montgomery, Sangil Nahm, Samuel Wagstaff Jr Center for Education
CERIAS Tech Reort 2010-01 The eriod of the Bell numbers modulo a rime by Peter Montgomery, Sangil Nahm, Samuel Wagstaff Jr Center for Education and Research Information Assurance and Security Purdue University,
More informationRandomized Computation
Randomized Computation Slides based on S.Aurora, B.Barak. Complexity Theory: A Modern Approach. Ahto Buldas Ahto.Buldas@ut.ee We do not assume anything about the distribution of the instances of the problem
More informationChapter 3. Number Theory. Part of G12ALN. Contents
Chater 3 Number Theory Part of G12ALN Contents 0 Review of basic concets and theorems The contents of this first section well zeroth section, really is mostly reetition of material from last year. Notations:
More information2 Asymptotic density and Dirichlet density
8.785: Analytic Number Theory, MIT, sring 2007 (K.S. Kedlaya) Primes in arithmetic rogressions In this unit, we first rove Dirichlet s theorem on rimes in arithmetic rogressions. We then rove the rime
More information2 Asymptotic density and Dirichlet density
8.785: Analytic Number Theory, MIT, sring 2007 (K.S. Kedlaya) Primes in arithmetic rogressions In this unit, we first rove Dirichlet s theorem on rimes in arithmetic rogressions. We then rove the rime
More information1-way quantum finite automata: strengths, weaknesses and generalizations
1-way quantum finite automata: strengths, weaknesses and generalizations arxiv:quant-h/9802062v3 30 Se 1998 Andris Ambainis UC Berkeley Abstract Rūsiņš Freivalds University of Latvia We study 1-way quantum
More informationLecture Examples of problems which have randomized algorithms
6.841 Advanced Complexity Theory March 9, 2009 Lecture 10 Lecturer: Madhu Sudan Scribe: Asilata Bapat Meeting to talk about final projects on Wednesday, 11 March 2009, from 5pm to 7pm. Location: TBA. Includes
More information15-451/651: Design & Analysis of Algorithms October 23, 2018 Lecture #17: Prediction from Expert Advice last changed: October 25, 2018
5-45/65: Design & Analysis of Algorithms October 23, 208 Lecture #7: Prediction from Exert Advice last changed: October 25, 208 Prediction with Exert Advice Today we ll study the roblem of making redictions
More information4 th Week. Relativizations and Hierarchies
4 th Week Relativizations and Hierarchies Synosis. Oracle Turing Machines and Relativization The Polynomial Hierarchy Generic Oracles Collasing Recursive Oracles The Hierarchy Aril 30, 2018. 23:59 Course
More informationUniversity of Bristol - Explore Bristol Research. Peer reviewed version. Link to published version (if available): 10.
Booker, A. R., & Pomerance, C. (07). Squarefree smooth numbers and Euclidean rime generators. Proceedings of the American Mathematical Society, 45(), 5035-504. htts://doi.org/0.090/roc/3576 Peer reviewed
More information0.6 Factoring 73. As always, the reader is encouraged to multiply out (3
0.6 Factoring 7 5. The G.C.F. of the terms in 81 16t is just 1 so there is nothing of substance to factor out from both terms. With just a difference of two terms, we are limited to fitting this olynomial
More informationNotes for Lecture 3... x 4
Stanford University CS254: Computational Complexity Notes 3 Luca Trevisan January 18, 2012 Notes for Lecture 3 In this lecture we introduce the computational model of boolean circuits and prove that polynomial
More informationWhy Proofs? Proof Techniques. Theorems. Other True Things. Proper Proof Technique. How To Construct A Proof. By Chuck Cusack
Proof Techniques By Chuck Cusack Why Proofs? Writing roofs is not most student s favorite activity. To make matters worse, most students do not understand why it is imortant to rove things. Here are just
More informationHomework Solution 4 for APPM4/5560 Markov Processes
Homework Solution 4 for APPM4/556 Markov Processes 9.Reflecting random walk on the line. Consider the oints,,, 4 to be marked on a straight line. Let X n be a Markov chain that moves to the right with
More informationEvaluating Circuit Reliability Under Probabilistic Gate-Level Fault Models
Evaluating Circuit Reliability Under Probabilistic Gate-Level Fault Models Ketan N. Patel, Igor L. Markov and John P. Hayes University of Michigan, Ann Arbor 48109-2122 {knatel,imarkov,jhayes}@eecs.umich.edu
More informationReal Analysis 1 Fall Homework 3. a n.
eal Analysis Fall 06 Homework 3. Let and consider the measure sace N, P, µ, where µ is counting measure. That is, if N, then µ equals the number of elements in if is finite; µ = otherwise. One usually
More information3 Properties of Dedekind domains
18.785 Number theory I Fall 2016 Lecture #3 09/15/2016 3 Proerties of Dedekind domains In the revious lecture we defined a Dedekind domain as a noetherian domain A that satisfies either of the following
More informationRepresenting Integers as the Sum of Two Squares in the Ring Z n
1 2 3 47 6 23 11 Journal of Integer Sequences, Vol. 17 (2014), Article 14.7.4 Reresenting Integers as the Sum of Two Squares in the Ring Z n Joshua Harrington, Lenny Jones, and Alicia Lamarche Deartment
More informationThe Euler Phi Function
The Euler Phi Function 7-3-2006 An arithmetic function takes ositive integers as inuts and roduces real or comlex numbers as oututs. If f is an arithmetic function, the divisor sum Dfn) is the sum of the
More information18.312: Algebraic Combinatorics Lionel Levine. Lecture 12
8.3: Algebraic Combinatorics Lionel Levine Lecture date: March 7, Lecture Notes by: Lou Odette This lecture: A continuation of the last lecture: comutation of µ Πn, the Möbius function over the incidence
More informationISOSCELES TRIANGLES IN Q 3. Matt Noble Department of Mathematics, Middle Georgia State University, Macon, Georgia
#A9 INTEGERS 18 (2018) ISOSCELES TRIANGLES IN Q Matt Noble Deartment of Mathematics, Middle Georgia State University, Macon, Georgia matthew.noble@mga.edu Received: 7/2/17, Acceted: 2//18, Published: 2/19/18
More informationHandout 5. α a1 a n. }, where. xi if a i = 1 1 if a i = 0.
Notes on Complexity Theory Last updated: October, 2005 Jonathan Katz Handout 5 1 An Improved Upper-Bound on Circuit Size Here we show the result promised in the previous lecture regarding an upper-bound
More information1 Randomized Computation
CS 6743 Lecture 17 1 Fall 2007 1 Randomized Computation Why is randomness useful? Imagine you have a stack of bank notes, with very few counterfeit ones. You want to choose a genuine bank note to pay at
More informationIntroductory Number Theory
Introductory Number Theory Lecture Notes Sudita Mallik May, 208 Contents Introduction. Notation and Terminology.............................2 Prime Numbers.................................. 2 2 Divisibility,
More informationMATH 361: NUMBER THEORY ELEVENTH LECTURE
MATH 361: NUMBER THEORY ELEVENTH LECTURE The subjects of this lecture are characters, Gauss sums, Jacobi sums, and counting formulas for olynomial equations over finite fields. 1. Definitions, Basic Proerties
More informationMaths 4 Number Theory Notes 2012 Chris Smyth, University of Edinburgh ed.ac.uk
Maths 4 Number Theory Notes 202 Chris Smyth, University of Edinburgh c.smyth @ ed.ac.uk 0. Reference books There are no books I know of that contain all the material of the course. however, there are many
More informationGAUSSIAN INTEGERS HUNG HO
GAUSSIAN INTEGERS HUNG HO Abstract. We will investigate the ring of Gaussian integers Z[i] = {a + bi a, b Z}. First we will show that this ring shares an imortant roerty with the ring of integers: every
More informationIntroduction to Group Theory Note 1
Introduction to Grou Theory Note July 7, 009 Contents INTRODUCTION. Examles OF Symmetry Grous in Physics................................. ELEMENT OF GROUP THEORY. De nition of Grou................................................
More informationModel checking, verification of CTL. One must verify or expel... doubts, and convert them into the certainty of YES [Thomas Carlyle]
Chater 5 Model checking, verification of CTL One must verify or exel... doubts, and convert them into the certainty of YES or NO. [Thomas Carlyle] 5. The verification setting Page 66 We introduce linear
More informationOn the Chvatál-Complexity of Knapsack Problems
R u t c o r Research R e o r t On the Chvatál-Comlexity of Knasack Problems Gergely Kovács a Béla Vizvári b RRR 5-08, October 008 RUTCOR Rutgers Center for Oerations Research Rutgers University 640 Bartholomew
More informationQUADRATIC RESIDUES AND DIFFERENCE SETS
QUADRATIC RESIDUES AND DIFFERENCE SETS VSEVOLOD F. LEV AND JACK SONN Abstract. It has been conjectured by Sárközy that with finitely many excetions, the set of quadratic residues modulo a rime cannot be
More informationPublic Key Cryptosystems RSA
Public Key Crytosystems RSA 57 17 Receiver Sender 41 19 and rime 53 Attacker 47 Public Key Crytosystems RSA Comute numbers n = * 2337 323 57 17 Receiver Sender 41 19 and rime 53 Attacker 2491 47 Public
More information