About complexity. We define the class informally P in the following way:

Similar documents
About complexity. Number theoretical algorithms

Factorization & Primality Testing

1. Algebra 1.7. Prime numbers

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

A polytime proof of correctness of the Rabin-Miller algorithm from Fermat s Little Theorem

CSCI 1590 Intro to Computational Complexity

CSE 521: Design and Analysis of Algorithms I

Ma/CS 6a Class 4: Primality Testing

The running time of Euclid s algorithm

Instructor: Bobby Kleinberg Lecture Notes, 25 April The Miller-Rabin Randomized Primality Test

Lecture 2: Randomized Algorithms

Data Structures and Algorithms

Linear Congruences. The equation ax = b for a, b R is uniquely solvable if a 0: x = b/a. Want to extend to the linear congruence:

Advanced Algorithms and Complexity Course Project Report

ECEN 5022 Cryptography

Public Key Encryption

Randomness and non-uniformity

Ma/CS 6a Class 4: Primality Testing

Chapter 6 Randomization Algorithm Theory WS 2012/13 Fabian Kuhn

6.045: Automata, Computability, and Complexity (GITCS) Class 17 Nancy Lynch

Primality Testing- Is Randomization worth Practicing?

Primality Testing. 1 Introduction. 2 Brief Chronology of Primality Testing. CS265/CME309, Fall Instructor: Gregory Valiant

PRIMES is in P. Manindra Agrawal. NUS Singapore / IIT Kanpur

Applied Cryptography and Computer Security CSE 664 Spring 2018

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

RSA Key Generation. Required Reading. W. Stallings, "Cryptography and Network-Security, Chapter 8.3 Testing for Primality

Chapter 7 Randomization Algorithm Theory WS 2017/18 Fabian Kuhn

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

Analyzing and Optimizing the Combined Primality test with GCD Operation on Smart Mobile Devices

Randomized algorithms. Inge Li Gørtz

CS Asymptotic Notations for Algorithm Analysis

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

PRIMALITY TESTING. Professor : Mr. Mohammad Amin Shokrollahi Assistant : Mahdi Cheraghchi. By TAHIRI JOUTI Kamal

Improving the Accuracy of Primality Tests by Enhancing the Miller-Rabin Theorem

1 Overview and revision

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

IRREDUCIBILITY TESTS IN F p [T ]

Adleman Theorem and Sipser Gács Lautemann Theorem. CS422 Computation Theory CS422 Complexity Theory

Lecture 8: Number theory

Basic Algorithms in Number Theory

Corollary 4.2 (Pepin s Test, 1877). Let F k = 2 2k + 1, the kth Fermat number, where k 1. Then F k is prime iff 3 F k 1

Chapter 5 : Randomized computation

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

1 The Fundamental Theorem of Arithmetic. A positive integer N has a unique prime power decomposition. Primality Testing. and. Integer Factorisation

CS Asymptotic Notations for Algorithm Analysis Outline

Wednesday, February 21. Today we will begin Course Notes Chapter 5 (Number Theory).

Computer Sciences Department

Basic elements of number theory

Basic elements of number theory

ALG 4.0 Number Theory Algorithms:

A Guide to Arithmetic

Lecture 11 - Basic Number Theory.

LARGE PRIME NUMBERS (32, 42; 4) (32, 24; 2) (32, 20; 1) ( 105, 20; 0).

A Few Primality Testing Algorithms

CPSC 467b: Cryptography and Computer Security

Chapter 8. Introduction to Number Theory

Computational Complexity

Introduction to Randomized Algorithms: Quick Sort and Quick Selection

Lecture 1: Introduction to Public key cryptography

Quicksort algorithm Average case analysis

Aspect of Prime Numbers in Public Key Cryptosystem

Cryptography IV: Asymmetric Ciphers

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

Chapter 5.1: Induction

Randomized Complexity Classes; RP

CPSC 467: Cryptography and Computer Security

Introduction to Quantum Information Processing QIC 710 / CS 768 / PH 767 / CO 681 / AM 871

In complexity theory, algorithms and problems are classified by the growth order of computation time as a function of instance size.

Computational Complexity Theory

Number Theory Math 420 Silverman Exam #1 February 27, 2018

Cryptography CS 555. Topic 18: RSA Implementation and Security. CS555 Topic 18 1

8 Primes and Modular Arithmetic

The next sequence of lectures in on the topic of Arithmetic Algorithms. We shall build up to an understanding of the RSA public-key cryptosystem.

THE MILLER RABIN TEST

Space Complexity of Algorithms

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Math 4400 First Midterm Examination September 21, 2012 ANSWER KEY. Please indicate your reasoning and show all work on this exam paper.

U.C. Berkeley CS278: Computational Complexity Professor Luca Trevisan 1/29/2002. Notes for Lecture 3

CS483 Design and Analysis of Algorithms

Complexity, P and NP

Mathematics of Public Key Cryptography

CS161: Algorithm Design and Analysis Recitation Section 3 Stanford University Week of 29 January, Problem 3-1.

Randomness and non-uniformity

CSCI3390-Lecture 16: Probabilistic Algorithms: Number Theory and Cryptography

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

LARGE PRIME NUMBERS. In sum, Fermat pseudoprimes are reasonable candidates to be prime.

ECE646 Lecture 11 Required Reading Chapter 8.3 Testing for Primality RSA Key Generation

Notes for Lecture 3... x 4

Basic Algorithms in Number Theory

Lecture 6: Introducing Complexity

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

CPSC 467b: Cryptography and Computer Security

cse 311: foundations of computing Fall 2015 Lecture 12: Primes, GCD, applications

CPSC 467b: Cryptography and Computer Security

Part II. Number Theory. Year

The RSA cryptosystem and primality tests

FERMAT S TEST KEITH CONRAD

PAC Learning. prof. dr Arno Siebes. Algorithmic Data Analysis Group Department of Information and Computing Sciences Universiteit Utrecht

Number Theory. Zachary Friggstad. Programming Club Meeting

Transcription:

About complexity We define the class informally P in the following way: P = The set of all problems that can be solved by a polynomial time algorithm, i.e., an algorithm that runs in time O(n k ) in the worst case, where k is some integer and n is the size of the input. We can contrast this class with EXP = The set of all problems that can be solved by an exponential time algorithm, i.e., an algorithm that runs in time O(c nk ) in the worst case, where k is some integer, c > 1 some real number and n is the size of the input. It is universally agreed that an algorithm is efficient if and only if it is polynomial. This makes it critical to define the size of the input in a correct way. For instance, we must be careful if we have numbers as input. The input size should then be log n instead of n if we have a number-theoretical problem.

Using randomness in algorithms The algorithms we have studied are deterministic. We will now discuss algorithms that use randomness. The randomness in computation can be observed as a. Randomness in the output. These algorithms are often called probabilistic algorithms. b. Randomness in running time. These algorithms are often called randomized algorithms.

Probabilistic algorithms We will start with a study of a special probabilistic algorithm: The Miller-Rabin algorithm. We will define a class of problems belonging to a class called RP (Randomized Polynomial). We will see that the problem of deciding if a number is composed belongs to RP. In order to set the scene for the Miller-Rabin algorithm, we will start with a description of some number theoretical algorithms.

Number theoretical algorithms Number theoretical algorithms are algorithms handling problems such as deciding if a number is a prime, finding greatest common divisor and so on. Input to the algorithms are integers. The natural measure of the size of the input is the logarithm of the numbers. Ex: Test if a number is a prime. PRIME(n) (1) for i 2 to n (2) if i n (3) return Not prime (4) return Prime This algorithm has complexity O( n). It is to slow for large numbers. We would like to have an algorithm that runs in time O((log n) k ) for some k.

Greatest Common Divisor Greatest common divisor: gcd(a, b) = is the largest integer that divides both a and b. Euclides algorithm: The gcd(a, b) can be computed by the following method: r 1 = a mod b r 2 = b mod r 1 r 3 = r 1 mod r 2... r n+1 = r n 1 mod r n = 0 Then gcd(a, b) = r n. It is easy to verify that r i+2 < r i 2 for all i. This means that the algorithm stops after O(log n) steg. So the algorithm is efficient.

The algorithm can be implemented recursively. EUKLIDES(a, b) (1) if b = 0 (2) return a (3) return EUKLIDES( b, a mod b) If gcd(a, b) = d there are integers x, y such that ax + by = d. (x, y can be negative). In fact, d is the smallest integer > 0 on that form. The integers x, y can be found by a modified version of Euclides algorithm:

MOD-EUKLIDES(a, b) (1) if b = 0 (2) return (a, 1, 0) (3) (d, x, y ) MOD-EUKLIDES(b, a mod b) (4) (d, x, y) (d, y x [ a b ]y ) (5) return (d, x, y) Finding the inverse: If gcd(a, n) = 1 there are integers x, y such that ax + ny = 1. Then x = a 1 mod n. So we can find a 1 by using MOD-EUKLIDES(a, n).

Modular exponentiation In cryptography it is important to be able to compute a b mod n for very large numbers in an efficient way. The following simple algorithm is not efficient: POT(a, b, n) (1) d 1 (2) for i 2 to b (3) d d a mod n (4) return d The following modified algorithm, though, is efficient: MOD-EXP(a, b, n) (1) d 1 (2) Let (b k, b k 1,..., b 0 ) be the binary representation off b (3) for i k to 0 (4) d d d mod n (5) if b i = 1 (6) d d a mod n (7) return d

To decide of a number is a prime Fermat s Theorem: If p is a prime and a is an integer such that a n then a p 1 1 ( mod p). We can set a = 2. If n is such that 2 n 1 1( mod n) then n cannot be a prime. Therefore, we can use the following algorithm to test if n is a prime: FERMAT(n) (1) k MOD-EXP(2, n 1, n) (2) if k 1( mod n) (3) return FALSE (4) return TRUE If FERMAT returns FALSE we know for sure that n is not a prime. But unfortunately, FERMAT might return TRUE even if n is not a prime. For instance, 2 340 1 mod 341 but 341 is not a prime.

We can use a so probabilistic algorithm which randomly chooses a number a in [2, n 1] and does a Fermat test with a. PROB-FERMAT(n, s) (1) for j 1 to s (2) a RANDOM(2, n 1) (3) k MOD-EXP(a, n 1, n) (4) if k 1( mod n) (5) return FALSE (6) return TRUE The algorithm is probabilistic in the sense that it can give different answers at different times even if it starts with the same input. The following must, however, be true: if n is a prime then the algorithm must return TRUE. This means that the algorithm returns FALSE then we know that n is not a prime. So FALSE is the only definite answer we can get.

P (n is not prime The algorithm returns FALSE ) = 1 What about the probability P (n is prime The algorithm returns TRUE )? It can be shown that for almost all non-prime n we get: P (The algorithm returns FALSE ) > 1 2. For primes n we have P (The algorithm returns TRUE ) = 1. Problem are caused by so called Carmichael numbers.

Carmichael numbers A Carmichael number is a non-prime integer n such that a n 1 1 ( mod n) for all a [2, n 1]. The smallest Carmichael number is 341. P ( The algorithm returns TRUE n is a Carmichael number ) = 1. In order to handle Carmichael numbers we can use the following algorithm: WITNESS(a, n) (1) Let n 1 = 2 t u, t 1, where u is odd (2) x 0 MOD-EXP(a, u, n) (3) for i 1 to t (4) x i x 2 i 1 mod n (5) if x i = 1 och x i 1 1 och x i 1 n 1 (6) return TRUE (7) if x t 1 (8) return TRUE (9) return FALSE

The following can be shown for WITNESS: P ( WITNESS returns TRUE n is not prime ) > 1 2 for all n. If you make repeated calls to WIT- NESS can get arbitrarily high probability for a correct answer. This version of the algorithm is called Miller - Rabin s Test. MILLER-RABIN(n, s) (1) for j 1 to s (2) a RANDOM(1, n 1) (3) if WITNESS(a, n) (4) return Not prime (5) return Prime Here P ( The algorithm returns Prime n is prime) = 1. P ( The algorithm returns Not prime n is not prime ) > 1 1 2 s.

It is, of course, also interesting to study the reversed conditional probabilities: P (n is not prime The algorithm returns Not prime) = 1. The probability P (n is prime The algorithm returns Prime ) is trickier. It can be computed as P (n is prime and the algorithm returns Prime) P ( The algorithm returns Prime) = P (n is prime) P ( The algorithm returns Prime) But then we need to know P (n is prime). If we know that the probability is α we can use Bayes law to show that P (n is prime The algorithm returns Prime ) > 2 s 2 s +( 1 α 1).

Since August 2002 it is known that there is an algorithms that decides primality (in the usual non-probabilistic sense) in polynomial time. This algorithm is much more complicated and slower than Miller-Rabin s algorithm.

Monte Carlo algorithms Suppose that we have a decision problem, i.e. a problem with yes/no as answer. We say that F is a Yes-based Monte Carlo algorithm for solving the problem if F is polynomial and: 1. If the answer to the problem is yes, then F (x) = Y es with probability > 1 2. 2. If the answer to the problem is no, then F (x) = No with probability 1. No-based Monte Carlo algorithms are defined in the obvious, symmetrical way. Definition: The class RP is the set of all problems that can be solved by a Yes-based Monte Carlo algorithm. It is easily seen that P RP. We have seen that the problem to tell if a number is composite is in RP.

Another algorithm Is the polynomial f(x, y) = (x 3y)(xy 5x) 2 10x 3 y + 25x 3 + 3x 2 y 3 + 30x 2 y 2 75x 2 y identically equal to 0? Test: Choose some values x i, y i randomly and test if f(x i, y i ) = 0. Two possibilities: 1. f(x i, y i ) 0. Then f 0. 2. f(x i, y i ) = 0 for all chosen values x i, y i. What is then the probability for f = 0?

Theorem: If f(x 1,..., x m ) is not identically equal to 0 and each variable occurs with degree at most d and M is an integer, then the number of zeros in the set {0, 1,..., M 1} m is at most mdm m 1. This gives us: P [ A random integer in {0, 1,..., M 1} m is a zero] = 1 mdm m 1 = δ. This means that if we have done k tests indicating f = 0, then P [f = 0] 1 δ k. This means that to tell if a polynomial is not zero is a problem in RP.

RP and similar classes In this section we will temporarily forget that PRIME actually is in P. So teh foregoing has not shown that PRIME RP. Instead of using a Yes-based MC algorithm we can use a No-based one. The we get a class corp, i.e. the class of problems that can be solved by No-based MC algorithms. We have PRIME corp.

ZPP And now we define ZPP = RP corp Problems in the class ZPP can be solved by machines M with the following properties: a. M returns one of Yes, No, Undecided. b. If M returns Yes then the true answer is Yes and if M returns No then the true answer is no. c. The probability that M returns undecided is < 1 2. In fact, it can be shown that PRIME ZPP.

Quick sort We now turn to the other kind of randomness, that is when the running time of the algorithm is random. We know that QuickSort can sort n numbers with mean running time O(n log n). In worst case, however, we get O(n 2 ). So if the input is equally distributed (which is not to be expected) we would get good performance on average. But we can make randomness part of the algorithm and thereby force randomness regardless what input distribution we have. We define Random- Partition such that it chooses a pivot element randomly. QuickSort(v[i..j]) (1) if i < j (2) m RandomPartition(v[i..j], i, j) (3) QuickSort(v[i..m]) (4) QuickSort(v[m + 1..j]) It can be shown that the complexity is O(n log n) in the mean.

Finding the median If we have an array v[1...n] the problem of finding the median is the problem of finding an element v[i] such that exactly n 2 elements are smaller than v[i]. We can obviously find the median in time O(n log n). But if we use a probabilistic algorithm we can find the median in time (On) in the mean. We define a function Select(v[i...j], k) which finds the kth element (in sorted order) in the subarray v[i...j]. (We assume that k j i + 1.) Then Select(v[1...n], n 2 ) will give us the median. Select(v[i...j], k) (1) if i = j (2) Return v[i] (3) p Partition(v[i..j]) (4) q p i + 1 (5) if q = k (6) Return v[p] (7) if k < q (8) Return Select(v[i...p 1], k) (9) Return Select(v[p + 1...j], k q)

It can be shown that if E(T (n)) is the mean value of the time complexity, whe have E(T (n)) n 2 n 1 k= n E(T (k)) + O(n). From 2 this, we can prove that T (n) O(n).

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback