Bipartite Perfect Matching

Similar documents
How To Test If a Polynomial Is Identically Zero?

fsat We next show that if sat P, then fsat has a polynomial-time algorithm. c 2010 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 425

Graph Coloring. k-coloring asks if the nodes of a graph can be colored with k colors such that no two adjacent nodes have the same color.

The knapsack Problem

Randomized Complexity Classes; RP

Lecture 14 (last, but not least)

Chapter 5 : Randomized computation

Factorization & Primality Testing

20.1 2SAT. CS125 Lecture 20 Fall 2016

Partition of Integers into Distinct Summands with Upper Bounds. Partition of Integers into Even Summands. An Example

CSC 373: Algorithm Design and Analysis Lecture 30

Algebra: Groups. Group Theory a. Examples of Groups. groups. The inverse of a is simply a, which exists.

max bisection max cut becomes max bisection if we require that It has many applications, especially in VLSI layout.

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

Critical Reading of Optimization Methods for Logical Inference [1]

(x 1 +x 2 )(x 1 x 2 )+(x 2 +x 3 )(x 2 x 3 )+(x 3 +x 1 )(x 3 x 1 ).

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

De Morgan s a Laws. De Morgan s laws say that. (φ 1 φ 2 ) = φ 1 φ 2, (φ 1 φ 2 ) = φ 1 φ 2.

satisfiability (sat) Satisfiability unsatisfiability (unsat or sat complement) and validity Any Expression φ Can Be Converted into CNFs and DNFs

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

Lecture 12: Interactive Proofs

-bit integers are all in ThC. Th The following problems are complete for PSPACE NPSPACE ATIME QSAT, GEOGRAPHY, SUCCINCT REACH.

= 1 2x. x 2 a ) 0 (mod p n ), (x 2 + 2a + a2. x a ) 2

Lecture # 12. Agenda: I. Vector Program Relaxation for Max Cut problem. Consider the vectors are in a sphere. Lecturer: Prof.

Lecture 5 Polynomial Identity Testing

ORDERS OF ELEMENTS IN A GROUP

A Guide to Arithmetic

CPSC 536N: Randomized Algorithms Term 2. Lecture 9

THE SOLOVAY STRASSEN TEST

THE MILLER RABIN TEST

Circuit Complexity. Circuit complexity is based on boolean circuits instead of Turing machines.

ECEN 5022 Cryptography

Math 229: Introduction to Analytic Number Theory Elementary approaches I: Variations on a theme of Euclid

Lecture 2: January 18

CS 151 Complexity Theory Spring Solution Set 5

Lecture 2: Randomized Algorithms

Out-colourings of Digraphs

Random Walks and Quantum Walks

CSCI3390-Second Test with Solutions

Time and space classes

Instructor: Bobby Kleinberg Lecture Notes, 25 April The Miller-Rabin Randomized Primality Test

MATH 310: Homework 7

M381 Number Theory 2004 Page 1

Definition 6.1 (p.277) A positive integer n is prime when n > 1 and the only positive divisors are 1 and n. Alternatively

Primality Testing. 1 Introduction. 2 Brief Chronology of Primality Testing. CS265/CME309, Fall Instructor: Gregory Valiant

A Few Primality Testing Algorithms

Reductions. Reduction. Linear Time Reduction: Examples. Linear Time Reductions

Fermat s Little Theorem. Fermat s little theorem is a statement about primes that nearly characterizes them.

2 Evidence that Graph Isomorphism is not NP-complete

Topic: Sampling, Medians of Means method and DNF counting Date: October 6, 2004 Scribe: Florin Oprea

Applied Cryptography and Computer Security CSE 664 Spring 2018

Randomized Algorithms

Theoretical Cryptography, Lecture 13

Lecture 19: Interactive Proofs and the PCP Theorem

1 Reductions from Maximum Matchings to Perfect Matchings

Lecture 24: Randomized Complexity, Course Summary

Space Complexity. then the space required by M on input x is. w i u i. F ) on. September 27, i=1

Approximate Verification

Discrete Math, Fourteenth Problem Set (July 18)

Building Graphs from Colored Trees

MATH 2200 Final Review

FERMAT S TEST KEITH CONRAD

Computational Complexity. IE 496 Lecture 6. Dr. Ted Ralphs

Basic elements of number theory

HW11. Due: December 6, 2018

Basic elements of number theory

IRREDUCIBILITY TESTS IN F p [T ]

Dixon s Factorization method

Cyclic Groups. AgroupG is called cyclic if there is an element x G such that for each a G, a = x n for some n Z. G = { x k : k Z }.

Lecture 31: Miller Rabin Test. Miller Rabin Test

Finding Satisfying Assignments by Random Walk

A Probabilistic Algorithm for -SAT Based on Limited Local Search and Restart

6.045: Automata, Computability, and Complexity (GITCS) Class 17 Nancy Lynch

Ma/CS 6a Class 4: Primality Testing

Chapter 1 Review of Equations and Inequalities

Randomness and non-uniformity

Average-case Analysis for Combinatorial Problems,

9 - The Combinatorial Nullstellensatz

Primality Testing SURFACE. Syracuse University. Per Brinch Hansen Syracuse University, School of Computer and Information Science,

The running time of Euclid s algorithm

CPSC 467b: Cryptography and Computer Security

Apprentice Program: Linear Algebra

A polytime proof of correctness of the Rabin-Miller algorithm from Fermat s Little Theorem

History of Mathematics

1 Randomized reduction: a first start

Introduction to Number Theory

Lecture 24 Nov. 20, 2014

The Jacobi Symbol. q q 1 q 2 q n

Quantum algorithms (CO 781, Winter 2008) Prof. Andrew Childs, University of Waterloo LECTURE 11: From random walk to quantum walk

Advanced Combinatorial Optimization Feb 13 and 25, Lectures 4 and 6

School of Mathematics

1 Randomized Computation

An Improved Upper Bound for SAT

15-855: Intensive Intro to Complexity Theory Spring Lecture 7: The Permanent, Toda s Theorem, XXX

NP-Completeness and Boolean Satisfiability

SOME CONGRUENCES ASSOCIATED WITH THE EQUATION X α = X β IN CERTAIN FINITE SEMIGROUPS

About complexity. We define the class informally P in the following way:

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Part II. Number Theory. Year

Transcription:

Bipartite Perfect Matching We are given a bipartite graph G = (U, V, E). U = {u 1, u 2,..., u n }. V = {v 1, v 2,..., v n }. E U V. We are asked if there is a perfect matching. A permutation π of {1, 2,..., n} such that (u i, v π(i) ) E for all i {1, 2,..., n}. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 480

A Perfect Matching in a Bipartite Graph X Y X Y X Y X Y X Y c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 481

Symbolic Determinants We are given a bipartite graph G. Construct the n n matrix A G whose (i, j)th entry A G ij is a symbolic variable x ij if (u i, v j ) E and 0 otherwise, or A G ij = x ij, if (u i, v j ) E, 0, othersie. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 482

Symbolic Determinants (continued) The matrix for the bipartite graph G on p. 481 is a 0 0 x 13 x 14 0 0 x 22 0 0 0 A G = x 31 0 0 0 x 35. (6) x 41 0 x 43 x 44 0 x 51 0 0 0 x 55 a The idea is similar to the Tanner graph in coding theory by Tanner (1981). c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 483

Symbolic Determinants (concluded) The determinant of A G is det(a G ) = π sgn(π) n A G i,π(i). (7) i=1 π ranges over all permutations of n elements. sgn(π) is 1 if π is the product of an even number of transpositions and 1 otherwise. Equivalently, sgn(π) = 1 if the number of (i, j)s such that i < j and π(i) > π(j) is even. a det(a G ) contains n! terms, many of which may be 0s. a Contributed by Mr. Hwan-Jeu Yu (D95922028) on May 1, 2008. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 484

Determinant and Bipartite Perfect Matching In π sgn(π) n i=1 AG i,π(i), note the following: Each summand corresponds to a possible perfect matching π. All of these summands n i=1 AG i,π(i) monomials and will not cancel. are distinct det(a G ) is essentially an exhaustive enumeration. Proposition 58 (Edmonds (1967)) G has a perfect matching if and only if det(a G ) is not identically zero. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 485

Perfect Matching and Determinant (p. 481) X Y X Y X Y X Y X Y c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 486

Perfect Matching and Determinant (concluded) The matrix is (p. 483) 0 0 x 13 x 14 0 0 x 22 0 0 0 A G = x 31 0 0 0 x 35 x 41 0 x 43 x 44 0 x 51 0 0 0 x 55. det(a G ) = x 14 x 22 x 35 x 43 x 51 + x 13 x 22 x 35 x 44 x 51 + x 14 x 22 x 31 x 43 x 55 x 13 x 22 x 31 x 44 x 55. Each nonzero term denotes a perfect matching, and vice versa. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 487

How To Test If a Polynomial Is Identically Zero? det(a G ) is a polynomial in n 2 variables. There are exponentially many terms in det(a G ). Expanding the determinant polynomial is not feasible. Too many terms. If det(a G ) 0, then it remains zero if we substitute arbitrary integers for the variables x 11,..., x nn. When det(a G ) 0, what is the likelihood of obtaining a zero? c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 488

Number of Roots of a Polynomial Lemma 59 (Schwartz (1980)) Let p(x 1, x 2,..., x m ) 0 be a polynomial in m variables each of degree at most d. Let M Z +. Then the number of m-tuples (x 1, x 2,..., x m ) {0, 1,..., M 1} m such that p(x 1, x 2,..., x m ) = 0 is mdm m 1. By induction on m (consult the textbook). c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 489

Density Attack The density of roots in the domain is at most mdm m 1 M m = md M. (8) So suppose p(x 1, x 2,..., x m ) 0. Then a random (x 1, x 2,..., x m ) { 0, 1,..., M 1 } m has a probability of md/m of being a root of p. Note that M is under our control! One can raise M to lower the error probability, e.g. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 490

Density Attack (concluded) Here is a sampling algorithm to test if p(x 1, x 2,..., x m ) 0. 1: Choose i 1,..., i m from {0, 1,..., M 1} randomly; 2: if p(i 1, i 2,..., i m ) 0 then 3: return p is not identically zero ; 4: else 5: return p is (probably) identically zero ; 6: end if c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 491

Analysis If p(x 1, x 2,..., x m ) 0, the algorithm will always be correct as p(i 1, i 2,..., i m ) = 0. Suppose p(x 1, x 2,..., x m ) 0. The algorithm will answer incorrectly with probability at most md/m by Eq. (8) on p. 490. We next return to the original problem of bipartite perfect matching. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 492

A Randomized Bipartite Perfect Matching Algorithm a 1: Choose n 2 integers i 11,..., i nn from {0, 1,..., 2n 2 1} randomly; {So M = 2n 2.} 2: Calculate det(a G (i 11,..., i nn )) by Gaussian elimination; 3: if det(a G (i 11,..., i nn )) 0 then 4: return G has a perfect matching ; 5: else 6: return G has no perfect matchings ; 7: end if a Lovász (1979). According to Paul Erdős, Lovász wrote his first significant paper at the ripe old age of 17. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 493

Analysis If G has no perfect matchings, the algorithm will always be correct as det(a G (i 11,..., i nn )) = 0. Suppose G has a perfect matching. The algorithm will answer incorrectly with probability at most md/m = 0.5 with m = n 2, d = 1 and M = 2n 2 in Eq. (8) on p. 490. Run the algorithm independently k times. Output G has no perfect matchings if and only if all say no. The error probability is now reduced to at most 2 k. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 494

Lószló Lovász (1948 ) c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 495

Remarks a Note that we are calculating prob[ algorithm answers no G has no perfect matchings ], prob[ algorithm answers yes G has a perfect matching ]. We are not calculating b prob[ G has no perfect matchings algorithm answers no ], prob[ G has a perfect matching algorithm answers yes ]. a Thanks to a lively class discussion on May 1, 2008. b Numerical Recipes in C (1988), [As] we already remarked, statistics is not a branch of mathematics! c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 496

But How Large Can det(a G (i 11,..., i nn )) Be? It is at most n! ( 2n 2) n. Stirling s formula says n! 2πn (n/e) n. Hence log 2 det(a G (i 11,..., i nn )) = O(n log 2 n) bits are sufficient for representing the determinant. We skip the details about how to make sure that all intermediate results are of polynomial sizes. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 497

An Intriguing Question a Is there an (i 11,..., i nn ) that will always give correct answers for the algorithm on p. 493? A theorem on p. 591 shows that such an (i 11,..., i nn ) exists! Whether it can be found efficiently is another matter. Once (i 11,..., i nn ) is available, the algorithm can be made deterministic. a Thanks to a lively class discussion on November 24, 2004. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 498

Randomization vs. Nondeterminism a What are the differences between randomized algorithms and nondeterministic algorithms? One can think of a randomized algorithm as a nondeterministic algorithm but with a probability associated with every guess/branch. So each computation path of a randomized algorithm has a probability associated with it. a Contributed by Mr. Olivier Valery (D01922033) and Mr. Hasan Alhasan (D01922034) on November 27, 2012. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 499

Monte Carlo Algorithms a The randomized bipartite perfect matching algorithm is called a Monte Carlo algorithm in the sense that If the algorithm finds that a matching exists, it is always correct (no false positives). If the algorithm answers in the negative, then it may make an error (false negatives). a Metropolis and Ulam (1949). c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 500

Monte Carlo Algorithms (continued) The algorithm makes a false negative with probability 0.5. a Note this probability refers to b prob[ algorithm answers no G has a perfect matching ] not prob[ G has a perfect matching algorithm answers no ]. a Equivalently, among the coin flip sequences, at most half of them lead to the wrong answer. b In general, prob[ algorithm answers no input is a yes instance ]. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 501

Monte Carlo Algorithms (concluded) This probability o.5 is not over the space of all graphs or determinants, but over the algorithm s own coin flips. It holds for any bipartite graph. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 502

The Markov Inequality a Lemma 60 Let x be a random variable taking nonnegative integer values. Then for any k > 0, prob[ x ke[ x ] ] 1/k. Let p i denote the probability that x = i. E[ x ] = ip i = ip i + i i<ke[ x ] ip i ke[ x ] i ke[ x ] i ke[ x ] i ke[ x ] ke[ x ] prob[x ke[ x ]]. a Andrei Andreyevich Markov (1856 1922). p i ip i c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 503

Andrei Andreyevich Markov (1856 1922) c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 504

An Application of Markov s Inequality Suppose algorithm C runs in expected time T (n) and always gives the right answer. Consider an algorithm that runs C for time kt (n) and rejects the input if C does not stop within the time bound. By Markov s inequality, this new algorithm runs in time kt (n) and gives the wrong answer with probability 1/k. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 505

An Application of Markov s Inequality (concluded) By running this algorithm m times (the total running time is mkt (n)), we reduce the error probability to k m. a Suppose, instead, we run the algorithm for the same running time mkt (n) once and rejects the input if it does not stop within the time bound. By Markov s inequality, this new algorithm gives the wrong answer with probability 1/(mk). This is much worse than the previous algorithm s error probability of k m for the same amount of time. a With the same input. Thanks to a question on December 7, 2010. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 506

fsat for k-sat Formulas (p. 469) Let ϕ(x 1, x 2,..., x n ) be a k-sat formula. If ϕ is satisfiable, then return a satisfying truth assignment. Otherwise, return no. We next propose a randomized algorithm for this problem. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 507

A Random Walk Algorithm for ϕ in CNF Form 1: Start with an arbitrary truth assignment T ; 2: for i = 1, 2,..., r do 3: if T = ϕ then 4: return ϕ is satisfiable with T ; 5: else 6: Let c be an unsatisfied clause in ϕ under T ; {All of its literals are false under T.} 7: Pick any x of these literals at random; 8: Modify T to make x true; 9: end if 10: end for 11: return ϕ is unsatisfiable ; c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 508

3sat vs. 2sat Again Note that if ϕ is unsatisfiable, the algorithm will not refute it. The random walk algorithm needs expected exponential time for 3sat. In fact, it runs in expected O((1.333 + ϵ) n ) time with r = 3n, a much better than O(2 n ). b We will show immediately that it works well for 2sat. The state of the art as of 2006 is expected O(1.322 n ) time for 3sat and expected O(1.474 n ) time for 4sat. c a Use this setting per run of the algorithm. b Schöning (1999). c Kwama and Tamaki (2004); Rolf (2006). c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 509

Random Walk Works for 2sat a Theorem 61 Suppose the random walk algorithm with r = 2n 2 is applied to any satisfiable 2sat problem with n variables. Then a satisfying truth assignment will be discovered with probability at least 0.5. Let ˆT be a truth assignment such that ˆT = ϕ. Assume our starting T differs from ˆT in i values. Their Hamming distance is i. Recall T is arbitrary. a Papadimitriou (1991). c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 510

The Proof Let t(i) denote the expected number of repetitions of the flipping step a until a satisfying truth assignment is found. It can be shown that t(i) is finite. t(0) = 0 because it means that T = ˆT and hence T = ϕ. If T ˆT or any other satisfying truth assignment, then we need to flip the coin at least once. We flip a coin to pick among the 2 literals of a clause not satisfied by the present T. At least one of the 2 literals is true under ˆT because ˆT satisfies all clauses. a That is, Statement 7. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 511

The Proof (continued) So we have at least 0.5 chance of moving closer to ˆT. Thus for 0 < i < n. t(i) t(i 1) + t(i + 1) 2 + 1 Inequality is used because, for example, T may differ from ˆT in both literals. It must also hold that t(n) t(n 1) + 1 because at i = n, we can only decrease i. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 512

The Proof (continued) Now, put the necessary relations together: t(0) = 0, (9) t(i) t(i 1) + t(i + 1) + 1, 2 0 < i < n, (10) t(n) t(n 1) + 1. (11) Technically, this is a one-dimensional random walk with an absorbing barrier at i = 0 and a reflecting barrier at i = n (if we replace with = ). a a The proof in the textbook does exactly that. But a student pointed out difficulties with this proof technique on December 8, 2004. So our proof here uses the original inequalities. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 513

The Proof (continued) Add up the relations for 2t(1), 2t(2), 2t(3),..., 2t(n 1), t(n) to obtain a 2t(1) + 2t(2) + + 2t(n 1) + t(n) t(0) + t(1) + 2t(2) + + 2t(n 2) + 2t(n 1) + t(n) +2(n 1) + 1. Simplify it to yield t(1) 2n 1. (12) a Adding up the relations for t(1), t(2), t(3),..., t(n 1) will also work, thanks to Mr. Yen-Wu Ti (D91922010). c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 514

The Proof (continued) Add up the relations for 2t(2), 2t(3),..., 2t(n 1), t(n) to obtain 2t(2) + + 2t(n 1) + t(n) t(1) + t(2) + 2t(3) + + 2t(n 2) + 2t(n 1) + t(n) +2(n 2) + 1. Simplify it to yield t(2) t(1) + 2n 3 2n 1 + 2n 3 = 4n 4 by Eq. (12) on p. 514. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 515

The Proof (continued) Continuing the process, we shall obtain t(i) 2in i 2. The worst upper bound happens when i = n, in which case We conclude that for 0 i n. t(n) n 2. t(i) t(n) n 2 c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 516

The Proof (concluded) So the expected number of steps is at most n 2. The algorithm picks r = 2n 2. This amounts to invoking the Markov inequality (p. 503) with k = 2, resulting in a probability of 0.5. a The proof does not yield a polynomial bound for 3sat. b 2006. a Recall p. 505. b Contributed by Mr. Cheng-Yu Lee (R95922035) on November 8, c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 517

Christos Papadimitriou (1949 ) c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 518

Boosting the Performance We can pick r = 2mn 2 to have an error probability of by Markov s inequality. 1 2m Alternatively, with the same running time, we can run the r = 2n 2 algorithm m times. The error probability is now reduced to 2 m. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 519

Primality Tests primes asks if a number N is a prime. The classic algorithm tests if k N for k = 2, 3,..., N. But it runs in Ω(2 (log 2 N)/2 ) steps. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 520

Primality Tests (concluded) Suppose N = P Q is a product of 2 distinct primes. The probability of success of the density attack (p. 450) is 2 N when P Q. This probability is exponentially small in terms of the input length log 2 N. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 521

The Fermat Test for Primality Fermat s little theorem (p. 453) suggests the following primality test for any given number N: 1: Pick a number a randomly from {1, 2,..., N 1}; 2: if a N 1 1 mod N then 3: return N is composite ; 4: else 5: return N is a prime ; 6: end if c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 522

The Fermat Test for Primality (concluded) Carmichael numbers are composite numbers that will pass the Fermat test for all a {1, 2,..., N 1}. a The Fermat test will return N is a prime for all Carmichael numbers N. Unfortunately, there are infinitely many Carmichael numbers. b In fact, the number of Carmichael numbers less than N exceeds N 2/7 for N large enough. So the Fermat test is an incorrect algorithm for primes. a Carmichael (1910). Lo (1994) mantions an investment strategy based on such numbers! b Alford, Granville, and Pomerance (1992). c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 523

Square Roots Modulo a Prime Equation x 2 = a mod p has at most two (distinct) roots by Lemma 57 (p. 458). The roots are called square roots. Numbers a with square roots and gcd(a, p) = 1 are called quadratic residues. They are 1 2 mod p, 2 2 mod p,..., (p 1) 2 mod p. We shall show that a number either has two roots or has none, and testing which is the case is trivial. a a But no efficient deterministic general-purpose square-root-extracting algorithms are known yet. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 524

Euler s Test Lemma 62 (Euler) Let p be an odd prime and a 0 mod p. 1. If a (p 1)/2 = 1 mod p, then x 2 = a mod p has two roots. 2. If then a (p 1)/2 1 mod p, a (p 1)/2 = 1 mod p and x 2 = a mod p has no roots. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 525

The Proof (continued) Let r be a primitive root of p. By Fermat s little theorem, is a square root of 1. r (p 1)/2 So r (p 1)/2 = 1 or 1 mod p. But as r is a primitive root, r (p 1)/2 1 mod p. Hence r (p 1)/2 = 1 mod p. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 526

The Proof (continued) Let a = r k mod p for some k. Then 1 = a (p 1)/2 = r k(p 1)/2 = [ ] r (p 1)/2 k = ( 1) k mod p. So k must be even. Suppose a = r 2j for some 1 j (p 1)/2. Then a (p 1)/2 = r j(p 1) = 1 mod p, and a s two distinct roots are r j, r j (= r j+(p 1)/2 mod p). If r j = r j mod p, then 2r j = 0 mod p, which implies r j = 0 mod p, a contradiction. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 527

The Proof (continued) As 1 j (p 1)/2, there are (p 1)/2 such a s. Each such a has 2 distinct square roots. The square roots of all the a s are distinct. The square roots of different a s must be different. Hence the set of square roots is {1, 2,..., p 1}. As a result, a = r 2j, 1 j (p 1)/2, exhaust all the quadratic residues. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 528

The Proof (concluded) If a = r 2j+1, then it has no roots because all the square roots have been taken. Now, a (p 1)/2 = [ ] r (p 1)/2 2j+1 = ( 1) 2j+1 = 1 mod p. c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 529

The Legendre Symbol a and Quadratic Residuacity Test By Lemma 62 (p. 525) a (p 1)/2 mod p = ±1 for a 0 mod p. For odd prime p, define the Legendre symbol (a p) as (a p) = 0 if p a, 1 if a is a quadratic residue modulo p, 1 if a is a quadratic nonresidue modulo p. Euler s test (p. 525) implies a (p 1)/2 = (a p) mod p for any odd prime p and any integer a. Note that (ab p) = (a p)(b p). a Andrien-Marie Legendre (1752 1833). c 2013 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 530

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback