Lecture 9: Pseudo-random generators against space bounded computation,

Similar documents
Lecture 9: Expanders Part 2, Extractors

Lecture 11: Pseudorandom functions

Notes for Lecture 11

A Simple Derivation for the Frobenius Pseudoprime Test

6 Integers Modulo n. integer k can be written as k = qn + r, with q,r, 0 r b. So any integer.

Lecture 1: Basic problems of coding theory

The multiplicative structure of finite field and a construction of LRC

Lecture 7: October 18, 2017

Lecture Chapter 6: Convergence of Random Sequences

11. FINITE FIELDS. Example 1: The following tables define addition and multiplication for a field of order 4.

Lecture 14: Randomized Computation (cont.)

Lecture 1. January 8, 2018

Primality Test. Rong-Jaye Chen

Problem Set 2 Solutions

Lecture 4: Unique-SAT, Parity-SAT, and Approximate Counting

Math 609/597: Cryptography 1

Basic Sets. Functions. MTH299 - Examples. Example 1. Let S = {1, {2, 3}, 4}. Indicate whether each statement is true or false. (a) S = 4. (e) 2 S.

Lecture 12: November 13, 2018

Recursive Algorithm for Generating Partitions of an Integer. 1 Preliminary

1 Hash tables. 1.1 Implementation

Polynomial identity testing and global minimum cut

Lecture 01: the Central Limit Theorem. 1 Central Limit Theorem for i.i.d. random variables

5. Likelihood Ratio Tests

University of Colorado Denver Dept. Math. & Stat. Sciences Applied Analysis Preliminary Exam 13 January 2012, 10:00 am 2:00 pm. Good luck!

The Structure of Z p when p is Prime

Trial division, Pollard s p 1, Pollard s ρ, and Fermat s method. Christopher Koch 1. April 8, 2014

Hashing and Amortization

P1 Chapter 8 :: Binomial Expansion

Fall 2013 MTH431/531 Real analysis Section Notes

Lecture 9: Hierarchy Theorems

CSE 1400 Applied Discrete Mathematics Number Theory and Proofs


The picture in figure 1.1 helps us to see that the area represents the distance traveled. Figure 1: Area represents distance travelled

lim za n n = z lim a n n.

Output Analysis and Run-Length Control

Lecture 2 February 8, 2016

1. ARITHMETIC OPERATIONS IN OBSERVER'S MATHEMATICS

Sequences A sequence of numbers is a function whose domain is the positive integers. We can see that the sequence

Discrete Mathematics for CS Spring 2007 Luca Trevisan Lecture 22

Wrap of Number Theory & Midterm Review. Recall: Fundamental Theorem of Arithmetic

Convergence of random variables. (telegram style notes) P.J.C. Spreij

UC Berkeley CS 170: Efficient Algorithms and Intractable Problems Handout 17 Lecturer: David Wagner April 3, Notes 17 for CS 170

Math 104: Homework 2 solutions

Lecture 14: Graph Entropy

MA131 - Analysis 1. Workbook 2 Sequences I

Math 155 (Lecture 3)

Lesson 10: Limits and Continuity

LONG SNAKES IN POWERS OF THE COMPLETE GRAPH WITH AN ODD NUMBER OF VERTICES

Information Theory and Statistics Lecture 4: Lempel-Ziv code

Quantum Computing Lecture 7. Quantum Factoring

Here, e(a, B) is defined as the number of edges between A and B in the n dimensional boolean hypercube.

Estimation for Complete Data

Lecture 11: Hash Functions and Random Oracle Model

(I.C) THE DISTRIBUTION OF PRIMES

Gentry s ideal-lattice based encryption scheme. Gentry s STOC 09 paper - Part III

Lecture 2: Concentration Bounds

ACO Comprehensive Exam 9 October 2007 Student code A. 1. Graph Theory

Square-Congruence Modulo n

Topics. Homework Problems. MATH 301 Introduction to Analysis Chapter Four Sequences. 1. Definition of convergence of sequences.

Hypothesis Testing. Evaluation of Performance of Learned h. Issues. Trade-off Between Bias and Variance

Recurrence Relations

Math 140A Elementary Analysis Homework Questions 3-1

Lecture 16: Monotone Formula Lower Bounds via Graph Entropy. 2 Monotone Formula Lower Bounds via Graph Entropy

An Introduction to Randomized Algorithms

Introduction to Machine Learning DIS10

Intensive Algorithms Lecture 11. DFT and DP. Lecturer: Daniel A. Spielman February 20, f(n) O(g(n) log c g(n)).

Last time, we talked about how Equation (1) can simulate Equation (2). We asserted that Equation (2) can also simulate Equation (1).

Randomized Algorithms I, Spring 2018, Department of Computer Science, University of Helsinki Homework 1: Solutions (Discussed January 25, 2018)

Notes for Lecture 5. 1 Grover Search. 1.1 The Setting. 1.2 Motivation. Lecture 5 (September 26, 2018)

Math 216A Notes, Week 5

2 High-level Complexity vs. Concrete Complexity

Chapter 3. Strong convergence. 3.1 Definition of almost sure convergence

ECE 6980 An Algorithmic and Information-Theoretic Toolbox for Massive Data

Lecture 2: April 3, 2013

Infinite Sequences and Series

Dirichlet s Theorem on Arithmetic Progressions

Notes on the Combinatorial Nullstellensatz

1 Generating functions for balls in boxes

Disjoint set (Union-Find)

Random Models. Tusheng Zhang. February 14, 2013

1. Universal v.s. non-universal: know the source distribution or not.

Davenport-Schinzel Sequences and their Geometric Applications

Discrete Mathematics for CS Spring 2008 David Wagner Note 22

MA131 - Analysis 1. Workbook 3 Sequences II

Lecture 10 October Minimaxity and least favorable prior sequences

The Growth of Functions. Theoretical Supplement

Lecture 15: Strong, Conditional, & Joint Typicality

Section 11.8: Power Series

LECTURE NOTES, 11/10/04

Lecture 2. The Lovász Local Lemma

Read carefully the instructions on the answer book and make sure that the particulars required are entered on each answer book.

A sequence of numbers is a function whose domain is the positive integers. We can see that the sequence

n outcome is (+1,+1, 1,..., 1). Let the r.v. X denote our position (relative to our starting point 0) after n moves. Thus X = X 1 + X 2 + +X n,

[ 11 ] z of degree 2 as both degree 2 each. The degree of a polynomial in n variables is the maximum of the degrees of its terms.

6.3 Testing Series With Positive Terms

Lecture 1: Asymptotics

Bertrand s Postulate

Chapter 6 Infinite Series

Analysis of Algorithms. Introduction. Contents

Math 220B Final Exam Solutions March 18, 2002

Transcription:

Lecture 9: Pseudo-radom geerators agaist space bouded computatio, Primality Testig Topics i Pseudoradomess ad Complexity (Sprig 2018) Rutgers Uiversity Swastik Kopparty Scribes: Harsha Tirumala, Jiyu Zhag 1 Pseudo Radom Geerators agaist small space brachig programs I the previous lectures, we have see costructios of efficiet radomess extractors which help extract radom bits from a weakly radom source. I this lecture, we will use these radomess extractors to show that read-oce brachig programs operatig o low space ca be simulated (with very little error) usig at most O(log 2 ) radom bits. 1.1 defiitios Defiitio 1. A radom variable X o {0, 1} has miimum etropy H (X) k if x {0, 1} P r[x = x] 2 k Defiitio 2. A fuctio E : {0, 1} {0, 1} d {0, 1} m is a (k, ɛ) extractor if : radom variable X with H (X) k, (E(X, U d ), U m ) ɛ The radomess extractor E helps extract the radomess hidde i a weak radom source X by ivestig d bits of radomess (which are recovered i the process). We have already see the existece of expader-based extractors with the followig guaratees : E : {0, 1} {0, 1} d {0, 1} m which is a (k, ɛ) extractor for d = O( k + log( 1 ɛ )) We will use the above expader-based extractor to costruct a pseudo-radom geerator that fools LOGSP ACE read-oce brachig programs. Fact 3. If X 1 ad X 2 are idepedet radom variables with H (X 1 ) k 1 ad H (X 2 ) k 2, the f(x 1, X 2 ) has H k 1 + k 2 Theorem 4. For ay δ > 0, there is a pseudoradom geerator takig a uiformly radom seed of legth O(log 2 ) ad producig bits that δ-fool ay s = O(log ) space read-oce brachig program. Proof. The costructio is as follows. Let t, d be costats to be fixed later. Let G 0 : {0, 1} t {0, 1} be a fuctio that returs the first bit of the iput; i.e. G 0 (x) = x 1 1

Let G i {0, 1} t+id {0, 1} 2i be a fuctio such that G i (x, y) = G i 1 (x)g i 1 (E i 1 (x, y)), where x is the first t + (i 1)d bits of iput, ad E i : {0, 1} t+(i 1)d {0, 1} d {0, 1} t+(i 1)d is a (t + (i 1)d 2s, ɛ )-extractor, with ɛ to be chose later. We ca take E i to be the adjacecy map of a good absolute eigevalue expader. Let k = t + (i 1)d 2s, ad let = t + (i 1)d. If E i : {0, 1} {0, 1} d {0, 1} t+(i 1)d, the we get d = O( k + log( 1 ɛ )) = O(2s log( 1 ɛ )). To fool a read-oce brachig program B : {0, 1} {0, 1}, we will eed to use G log, which will use t + d log radom bits. It will tur out that we ca take ɛ = 1 poly(), so d = O(log ). So, we will eed a O(log 2 ) legth radom seed. Claim 5. G i (ɛ + 2 s )(2 i+1 1)-fools read-oce brachig programs of space s. We will prove the claim by iductio o i. For v i layer 2 i 1 of the brachig program, let w G i 1 (x), ad let p v = P r[b(w) = v]. Let X v = X B(w)=v. Claim 6. H (X v ) t + (i 1)d log( 1 p v ). Call v uimportat if p v 2 2s. The the probability of edig up i ay uimportat state at all is give by Σ v p v 2 s 2 2s 2 s. For importat states v, we have H (X v ) t + (i 1)d 2s. Pick v accordig to p v. By iductio, this is (ɛ + 2 s )(2 i+1 1)close to the v chose from B(z), for uiformly radom z. If v is good, the E(x, v) is ɛ -close to U t+(i 1)d, so G i 1 (E(x v, y)) is ɛ -close o G i 1 (U t+(i 1)d ). Let B v be the legth 2 i 1 brachig program startig at v. We kow B v (G i 1 (U t+(i 1)d )) is ɛ -close to B v (G i 1 (U 2 i 1)). By iductio, B v (G i 1 (U t+(i 1)d )) is (ɛ + 2 s )(2 i 1)-close to B v (U 2 i 1). So, for v chose from the distributio of G i 1 (U t+(i 1)d ) ad v chose from the distributio of B(U 2 i 1), we have that (v, B v (G i 1 (E(x, y)))) is (ɛ +2 s )(2 i 1)+2 s +ɛ +(ɛ +2 s )(2 i 1)-close to (v, B v (U 2 i 1)). Sice i log, provided that s is a sufficietly large multiple of log ad ɛ 2 log is sufficietly small relative to ɛ, it follows that G log ɛ-fools ay brachig program of size s, usig O(log 2 ) radom bits. 2 Primality Testig Problem: Give a iteger, decide if is prime. Moreover, we wat to decide this i time poly(log ). (Sice the iput size is log ) 2

History of Algorithmic Approach 1976 Miller-Rabi (Radomized) 1999 Agrawal, Biswas (Radomized) 2002 Agrawal, Biswas (Determiistic) Radomized Algorithm[AB99] We will ow discuss the radomized algorithm due to Agrawal ad Biswas. Cosider the polyomial (x + 1), which expaded to be x + ( ) 1 x 1 + + ( 1) x + 1. We have the followig facts: 1. If is prime, the for all 0 < i <, ( ) i. (By we mea divides ( i) ) The we have 2. If is prime, (x + 1) x + 1 (mod ). Note that the cogruece relatio above is a cogruece of polyomials with iteger coefficiets: A(x) B(x) (mod ) if A(x) B(x) = C(x) for some C(x) Z[x]. Lemma 7. is prime iff (x + 1) x + 1 (mod ) Proof: Give the fact 2 above, we wat to prove the other directio by cotrapositio. To be specific, we wat to show that if is composite, the i, 0 < i < such that ( i). Here is a quick observatio: if p, the ( ) p = ( 1) ( p+1) p 1 where the above is divided by p below, so o loger divides ( p). A Naive Algorithm A aive algorithm is to thik that we ca utilize methods i polyomial idetity testig. To be specific, the algorithm goes as below: 1. Pick radom x {0,..., 1} 2. Check if (x + 1) x 1 0 (mod ) But this approach does t work. Why? Because i polyomial idetity testig we eed to be prime as prerequisite to esure that we choose x from a field.(this may ot seem obvious but we have aother reaso as follows). I additio, we require that the degree of the polyomial is low i the sese that it must be less tha the field size(or the umber of possible values) of x. While i the above aive algorithm, the size ad degree are both, ad i fact ca be extremely large. Istead, we have the followig modified algorithm due to Agrawal ad Biswas. 3

Agrawal ad Biswas Algorithm 1. Pick radom polyomial Q(x) of degree d where d is of size O(log ). 2. Check if (x + 1) x 1 0 (mod, Q(x)). 3. If yes, the output Prime, else output Composite. Proof of Correctess: It is easy to see that there s o false egative give the lemma above. That is to say, whe is prime it always outputs the correct aswer. We d like to show that if is ideed composite, the with high probability over the choice of Q(x), (x + 1) x 1 0 (mod, Q(x)) holds. Now cosider a prime p where p (so is composite). Let p i be the largest power of p that divides, so = p i s for some s. Cosider ( ) p = ( 1) ( p i +1), it s easy to see that ( ) i p i (p i 1) 1 p 0 (mod p). i This idicates that give composite iteger, the both (x + 1) x 1 0 (mod ) ad (x + 1) x 1 0 (mod p) hold. Now give is composite, we wat to show that if we pick Q(x) at radom, the with high probability (x + 1) x 1 0 (mod Q(x), p). By above discussio we have (x + 1) x 1 0 (mod Q(x), ) with high probability. Notice that pickig a Q(x) of degree d = O(log ) ad do operatios modulo p is the same as pickig a Q(x) of degree d with coefficiets i Z p. (that is to say, pick Q(x) from F p [x]). Assume that the algorithm outputs Prime with probability at least α, that is, which is equivalaet to P r [(x + Q(x) Z[x],deg(Q) d 1) x 1 0 (mod Q(x), )] α the P r [Q(x) (x + Q(x) F 1) x 1] α p[x],deg(q) d P r[q(x) is ot irreducible] + P r [Q(x) is irreducible but Q(x) (x + Q Q 1) x 1] 1 α (Note that (x + 1) x 1 has uique factorizatio of irreducible polyomials. Also i above we write rage Q below P r just for coveiece, the rage is the same as above.) Fact 8. Therefore, P r Q(x) F p[x],deg(q)=d [Q(x) is a irreducible polyomial ] 1 d P r [Q(x) is irreducible ad Q(x) (x + Q 1) x 1] 1 d (1 α) Now we prove by cotradictio. If α 1 1 have at least pd 1 1,the the above probability is at least. So we such Q(x) that divides (x + 1) x 1. Give (x + 1) x 1, there are at most /d irreducible factors of degree at most d. Therefore, we should have pd 1 d. But sice 4

we have d = poly(log ), we reach a cotradictio. Therefore we have P r [(x + Q(x) Z[x],deg(Q) d 1) x 1 0 (mod Q(x), )] 1 The remaiig key issue i aalysis of this algorithm is that how to compute (x + 1) x 1 mod Q(x) mod p i a reasoable time. But we shall see that this ca be doe by repeatedly squarig, ad it is i time O(log ). 5

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback