The running time of Euclid s algorithm

Similar documents
6.045: Automata, Computability, and Complexity (GITCS) Class 17 Nancy Lynch

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

Corollary 4.2 (Pepin s Test, 1877). Let F k = 2 2k + 1, the kth Fermat number, where k 1. Then F k is prime iff 3 F k 1

CPSC 467b: Cryptography and Computer Security

Lecture 6: Deterministic Primality Testing

A polytime proof of correctness of the Rabin-Miller algorithm from Fermat s Little Theorem

Advanced Algorithms and Complexity Course Project Report

CPSC 467b: Cryptography and Computer Security

Applied Cryptography and Computer Security CSE 664 Spring 2018

Instructor: Bobby Kleinberg Lecture Notes, 25 April The Miller-Rabin Randomized Primality Test

Math 324, Fall 2011 Assignment 7 Solutions. 1 (ab) γ = a γ b γ mod n.

Lecture 11 - Basic Number Theory.

LARGE PRIME NUMBERS (32, 42; 4) (32, 24; 2) (32, 20; 1) ( 105, 20; 0).

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

A Few Primality Testing Algorithms

1. Algebra 1.7. Prime numbers

Computer Sciences Department

Factorization & Primality Testing

Chapter 6 Randomization Algorithm Theory WS 2012/13 Fabian Kuhn

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

Primality Testing. 1 Introduction. 2 Brief Chronology of Primality Testing. CS265/CME309, Fall Instructor: Gregory Valiant

FERMAT S TEST KEITH CONRAD

THE MILLER RABIN TEST

LARGE PRIME NUMBERS. In sum, Fermat pseudoprimes are reasonable candidates to be prime.

IRREDUCIBILITY TESTS IN F p [T ]

About complexity. We define the class informally P in the following way:

A Guide to Arithmetic

-bit integers are all in ThC. Th The following problems are complete for PSPACE NPSPACE ATIME QSAT, GEOGRAPHY, SUCCINCT REACH.

Euler s, Fermat s and Wilson s Theorems

7. Prime Numbers Part VI of PJE

Lecture Examples of problems which have randomized algorithms

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

PUTNAM TRAINING NUMBER THEORY. Exercises 1. Show that the sum of two consecutive primes is never twice a prime.

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Linear Congruences. The equation ax = b for a, b R is uniquely solvable if a 0: x = b/a. Want to extend to the linear congruence:

p = This is small enough that its primality is easily verified by trial division. A candidate prime above 1000 p of the form p U + 1 is

Randomized Complexity Classes; RP

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

CSC 373: Algorithm Design and Analysis Lecture 30

ALGEBRA. 1. Some elementary number theory 1.1. Primes and divisibility. We denote the collection of integers

Part II. Number Theory. Year

Number theory (Chapter 4)

Lecture 31: Miller Rabin Test. Miller Rabin Test

CMSC Discrete Mathematics SOLUTIONS TO SECOND MIDTERM EXAM November, 2005

Lecture # 12. Agenda: I. Vector Program Relaxation for Max Cut problem. Consider the vectors are in a sphere. Lecturer: Prof.

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

Chapter 7 Randomization Algorithm Theory WS 2017/18 Fabian Kuhn

CPSC 467: Cryptography and Computer Security

Notes on Primitive Roots Dan Klain

Input Decidable Language -- Program Halts on all Input Encoding of Input -- Natural Numbers Encoded in Binary or Decimal, Not Unary

Chapter 5 : Randomized computation

Entry Number:2007 mcs Lecture Date: 18/2/08. Scribe: Nimrita Koul. Professor: Prof. Kavitha.

Introduction to Number Theory

6.045J/18.400J: Automata, Computability and Complexity Final Exam. There are two sheets of scratch paper at the end of this exam.

ECEN 5022 Cryptography

Cryptography: Joining the RSA Cryptosystem

Elementary Algebra Chinese Remainder Theorem Euclidean Algorithm

Introduction to Quantum Information Processing QIC 710 / CS 768 / PH 767 / CO 681 / AM 871

Primality Testing- Is Randomization worth Practicing?

Lecture 24: Randomized Complexity, Course Summary

WXML Final Report: AKS Primality Test

Uncertainty can be Better than Certainty:

Public Key Encryption

PRIMES is in P. Manindra Agrawal. NUS Singapore / IIT Kanpur

CSE 521: Design and Analysis of Algorithms I

Algorithms (II) Yu Yu. Shanghai Jiaotong University

CSCI 1590 Intro to Computational Complexity

CS 151 Complexity Theory Spring Solution Set 5

Introduction to Public-Key Cryptosystems:

7.2 Applications of Euler s and Fermat s Theorem.

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

NOTES ON SIMPLE NUMBER THEORY

The New Book of Prime Number Records

Pseudoprimes and Carmichael Numbers

RSA Key Generation. Required Reading. W. Stallings, "Cryptography and Network-Security, Chapter 8.3 Testing for Primality

ECE646 Lecture 11 Required Reading Chapter 8.3 Testing for Primality RSA Key Generation

Wednesday, February 21. Today we will begin Course Notes Chapter 5 (Number Theory).

Math 5330 Spring Notes Congruences

Math 110 HW 3 solutions

PLEASE DO ANY 6 of the following 8 problems. Work carefully

PRIMALITY TESTING. Professor : Mr. Mohammad Amin Shokrollahi Assistant : Mahdi Cheraghchi. By TAHIRI JOUTI Kamal

Discrete Math, Fourteenth Problem Set (July 18)

Simultaneous Linear, and Non-linear Congruences

Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry. Spring 2006

Know the Well-ordering principle: Any set of positive integers which has at least one element contains a smallest element.

Lecture Notes, Week 6

About complexity. Number theoretical algorithms

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

Number theory. Myrto Arapinis School of Informatics University of Edinburgh. October 9, /29

Primality testing: then and now

THE SOLOVAY STRASSEN TEST

TC10 / 3. Finite fields S. Xambó

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

Notes on Systems of Linear Congruences

PRIME NUMBERS YANKI LEKILI

Discrete Mathematics and Probability Theory Fall 2014 Anant Sahai Homework 5. This homework is due October 6, 2014, at 12:00 noon.

1 Non-deterministic Turing Machine

The Complexity Classes NP-Hard, BPP.

Transcription:

The running time of Euclid s algorithm We analyze the worst-case running time of EUCLID as a function of the size of and Assume w.l.g. that 0 The overall running time of EUCLID is proportional to the number of recursive calls it makes Our analysis makes use of the Fibonacci numbers 837 Lemma 31.10 If 1and the call EUCLID ) performs recursive calls, then and. Proof The proof proceeds by induction on. For the basis of the induction, let =1. Then, 1=, and since, we must have 2=. Since > (mod), in each recursive call the rst argument is strictly larger than the second; the assumption that therefore holds for each recursive call. 838 1

Assume inductively that the lemma holds if 1 recursive calls are made; we then prove that the lemma holds for recursive calls. Since >0, we have >0, and EUCLID calls EUCLID mod) recursively, which in turn makes 1recursive calls. The inductive hypothesis then implies that (thus proving part of the lemma), and mod. We have + mod since >0implies + 1., 839 Thus, + mod. Theorem 31.11 (Lamé s theorem) For any integer 1, if 1and, then the call EUCLID makes fewer than recursive calls. Show (by induction on ) that the upper bound of this theorem is the best possible because the call EUCLID )makes exactly 1 recursive calls when 2 Since 5, where is the golden ratio 1+ 5 /2, the number of recursive calls in EUCLID is (lg ) 840 2

31.6 Powers of an element Just as we often consider the multiples of a given element, modulo, we consider the sequence of powers of, modulo, where :,,,,. modulo Indexing from 0, the 0th value in this sequence is mod = 1, and the th value is mod For example, the powers of 3 modulo 7 are 0 1 2 3 4 5 6 7 8 9 10 11 3 mod7 1 3 2 6 4 5 1 3 2 6 4 5 841 Above stands for a multiplicative group modulo : ) The elements of this group are the set of elements in that are relatively prime to : = gcd =1 An example of such a group is = 1,2,4,7,8,11,13,14 842 3

The powers of 2 modulo 7 are 0 1 2 3 4 5 6 7 8 9 10 11 2 mod7 1 2 4 1 2 4 1 2 4 1 2 4 Let denote the subgroup of generated by by repeated multiplication, and let ord ) (the order of, modulo ) denote the order of in E.g., 2 = 1,2,4 in, and ord 2 =3 The size of is denoted ) This function is known as Euler s phi function 843 It satises the equation 1 so that runs over all the primes dividing (including itself, if is prime) Theorem 31.30 (Euler s theorem) For any integer >1, ) (modforall. 844 4

Theorem 31.31 (Fermat s little theorem) If is prime, then mod forall. Fermat s little theorem applies to every element in except 0, since For all, however, we have if is prime E.g., 2 =2 = 64 and 64mod7 = 1, while 2 =2 5 = 32 and 32mod6 = 2: hence 6 is not prime We showed that 6 is a composite number without factoring it! 845 Fermat s little theorem, thus, (almost) gives a test for primality We say that passes the Fermat test at, if (mod) Call a number pseudoprime if it passes Fermat tests for all smaller relatively prime to it Only infrequent Carmichael numbers are pseudoprime without being prime If a number is not pseudoprime, it fails at least half of all Fermat tests We easily get a pseudoprimality algorithm with an exponentially small error probability 846 3-Dec- 14 5

PSEUDOPRIME() 1.Select random,, 2.Compute modfor each 3.If all values are 1 accept, otherwise reject If isn t pseudoprime, it passes each randomly selected test with probability at most ½ Probability that it passes all tests is thus 2 The algorithm operates in polynomial time To convert this algorithm to a primality algorithm, we should still avoid the problem with the Carmichael numbers 847 A number is a square root of 1, modulo, if it satises the equation (mod) The number 1 has exactly two square roots, 1 and 1, modulo any prime For many composite numbers, including all the Carmichael numbers, 1 has 4 or more square roots E.g., ±1 and ±8 are the 4 square roots of 1 mod 21 We can obtain square roots of 1 if passes the Fermat test at because mod and so )/ mod is a square root of 1 We may repeatedly divide the exponent by two, so long as the resulting exponent remains an integer 848 6

PRIME() % accept = input is prime 1. if is even, accept if =2, otherwise reject 2. Select random,, 3. for each 1,, 4. Compute mod, reject if different from 1 5. Let 1 = where is odd and =2 is a power of 2 6. Compute the sequence,, modulo 7. if some element of this sequence is not 1, find the last element that is not 1 and reject if that element is not 1 8. All test have been passed, so accept 849 Lemma If is an odd prime, Pr[PRIMEaccepts]=1. Proof If is prime, no branch of the algorithm rejects: Rejection in line 4 means that mod 1 and Fermat s little theorem implies that is composite. If rejection happens in line 7, there exists some s.t. ±1(modand 2 (mod). Therefore 1 0(mod). 850 7

Factoring yields 1)( 1) (mod), which implies that 1)( 1) = for some positive integer. Because ±1(mod), both 1and +1are in the interval ]0, [. Therefore is composite because a multiple of a prime number cannot be expressed as a product of numbers that are smaller than it is. 851 The next lemma shows that the algorithm identifies composite numbers with high probability An important elementary tool from number theory, Chinese remainder theorem, says that a one-to-one correspondence exists between and )if and are relatively prime: Each number corresponds to a pair ), where and s.t. (modand (mod) 852 8

Lemma If is an odd composite number, Pr[PRIMEaccepts 2. Proof Omitted, takes advantage of the Chinese remainder thm. Let PRIMES = {isprimenumberinbinar The preceding algorithm and its analysis establishes: PRIMES BPP Note that the probabilistic primality algorithm has one-sided error. When it rejects, we know that the input must be composite. An error may only occur in accepting the input. 853 3-Dec- 14 Thus an incorrect answer can only occur when the input is a composite number For all primes we get the correct answer The one-sided error feature is common to many probabilistic algorithms, so the special complexity class RP is designated for it: Definition RP is the class of languages that are recognized by probabilistic polynomial time Turing machines where inputs in the language are accepted with a probability of at least ½ and inputs not in the language are rejected with a probability of 1. Our algorithm shows that COMPOSITES RP 854 3-Dec- 14 9

PRIMES P A generalization of Fermat s little theorem: Theorem A. Let and be relatively prime and >1.is a prime number if and only if (mod is not important here, only the coefficients of the polynomial are significant For 0<, the coefficient of is. Supposing that is prime, = 0(mod) and hence all the coefficients are zero 855 3-Dec- 14 Therefore, we are left with the first term and the last one, which is modulo Unfortunately, deciding the primality of based on this requires an exponential time Agrawal (1999): it suffices to examine the polynomial ) modulo 1 If is large enough, the only composite numbers that pass the test are powers of odd primes On the other hand, should be quite small so that the complexity of the approach does not grow too much Kayal & Saxena (2000): doesn t have to be larger than 4(log 2 ), in which case the complexity of the test procedure is only of the order (log 3 ); i.e., belongs to P The result is based on an unproven claim 856 10

A pair of odd numbers is called Sophie Germain primes if both and +1are primes (related to Fermat s last theorem) Agrawal, Kayal & Saxena (2002): If one can find a pair of SG primes and +1s.t. >4 +1 log then does not need to be larger than 2 + 1 log Unfortunately this test is recursive and has time requirement of (log 12 ) instead of the (log 3 ) mentioned above 857 DETERMINISTIC-PRIME() 1. if for some >1then reject 2. 2 3. while do 4. if gcd1then reject 5. if DETERMINISTIC-PRIME) then % >2 6. Let be the largest factor of 1 7. if > 4sqrt( log and (mod) then break 8. +1 9. for to2sqrt( logdo 10. if (mod 1,)then reject 11.accept the input; 858 3-Dec- 14 11

The test of line 1 removes the powers of odd primes as required by the test of Agrawal (1999) The loop in lines 3 8 searches a pair of Sophie Germain primes and Line 4 tests for Theorem A that and are relatively prime The loop in line 9 examines primality using a variation of Theorem A (Agrawal, 1999) up to value 2 log(aks, 2002) Because Theorem A holds if and only if is prime, the decision of the algorithm is correct The other variations only affect the complexity of the algorithm, not its correctness 859 3-Dec- 14 Thank You! MAT-72306 Randomized Algorithms MAT-72606 Approximation Algorithms in Spring 2015 term 12

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback