Randomized Algorithms Abundance of Witnesses Mohammad Heidari Yazd - PowerPoint PPT Presentation

Abundance of witnesses Searching for a witness for Primal Testing Theorem 6.2.1 - Proof (i) p > 2 and it is odd, so ′ + 1 p = 2 .p By Little Fermat’s Theorem we have: a p − 1 ≡ 1( mod p ) Since ′ ′ ′ a p − 1 = a 2 .p = ( a p − 1) . ( a p + 1) + 1 Then ′ ′ ( a p − 1) . ( a p + 1) ≡ 0( mod p ) p is prime, so ′ ′ a p a p − 1 ≡ 0( mod p ) or + 1 ≡ 0( mod p ) (6 . 4) ′ = ( p − 1) By inserting p in the (6 . 4) , we obtain 2 ( p − 1) ( p − 1) a ≡ 1( mod p ) or a ≡ − 1 ≡ p − 1( mod p ) 2 2 Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 12 / 85

Abundance of witnesses Searching for a witness for Primal Testing Theorem 6.2.1 - Proof (ii) Let p > 2 be an odd integer such that ( p − 1) ∀ c ∈ Z p − { 0 } c mod p ∈ { 1 , p − 1 } 2 Prove by contradiction, Let p = a.b be a composite number, we have ( p − 1) ( p − 1) a mod p ∈ { 1 , − 1 } and b mod p ∈ { 1 , − 1 } 2 2 Since ⊙ mod p is communicative, then ( p − 1) ( p − 1) ( p − 1) ( a.b ) mod p = a .b mod p ∈ { 1 , − 1 } (6 . 5) 2 2 2 since a.b = p , we have ( p − 1) ( p − 1) 0 = p mod p = p mod p = ( a.b ) 2 2 which contradicts (6 . 5) � Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 13 / 85

Abundance of witnesses Searching for a witness for Primal Testing Third Definition of a Witness Definition of a witness Let n be an odd integer, n ≥ 3 . A number a ∈ { 1 , 2 , ...n − 1 } is a witness of the fact ” n / ∈ PRIM ” , if and only if ( n − 1) a mod n / ∈ { 1 , n − 1 } (6 . 6) 2 Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 14 / 85

Abundance of witnesses Searching for a witness for Primal Testing Third Definition of a Witness Definition of a witness Let n be an odd integer, n ≥ 3 . A number a ∈ { 1 , 2 , ...n − 1 } is a witness of the fact ” n / ∈ PRIM ” , if and only if ( n − 1) a mod n / ∈ { 1 , n − 1 } (6 . 6) 2 This kind of witness satisfies conditions (i) and (ii). Theorem 6.2.2 shows that this definition assures the abundance of witnesses for at least every second odd integer greater than 2. Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 14 / 85

Abundance of witnesses Searching for a witness for Primal Testing Theorem 6.2.2 Go Back Theorem 6.2.2 For every positive integer n with an odd ( n − 1) (i.e, for n ≡ 3( mod 4) ), 2 (i) if n is a prime, then n − 1 a mod n ∈ { 1 , n − 1 } ∀ a ∈ { 1 , ..., n − 1 } 2 (ii) if n is composite, then n − 1 a mod n / ∈ { 1 , n − 1 } 2 for at least half of the elements a from { 1 , 2 , ..., n − 1 } Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 15 / 85

Abundance of witnesses Searching for a witness for Primal Testing Theorem 6.2.2 - Proof (i) The assertion (i) has already been proved in Theorem 6.2.1. Hence, it remains to show (ii). Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 16 / 85

Abundance of witnesses Searching for a witness for Primal Testing Theorem 6.2.2 - Proof (ii) ... Let ( n − 1) WITNESS = { a ∈ { 1 , 2 , ..., n − 1 }| a mod n / ∈ { 1 , n − 1 }} 2 be the set of all witnesses of n / ∈ PRIM , and let ( n − 1) EULER = { a ∈ { 1 , 2 , ..., n − 1 }| a mod n ∈ { 1 , n − 1 }} 2 be the complementary set of non-witnesses. Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 17 / 85

Abundance of witnesses Searching for a witness for Primal Testing Theorem 6.2.2 - Proof (ii) ... Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 18 / 85

Abundance of witnesses Searching for a witness for Primal Testing Theorem 6.2.2 - Proof (ii) ... Assume b ∈ WITNESS for which there exists b − 1 in the group ( Z ∗ n , ⊙ mod n ) . Define h b ( a ) = a.b mod n Next, we will show that h b is an injective mapping from EULER to WITNESS. Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 19 / 85

Abundance of witnesses Searching for a witness for Primal Testing Theorem 6.2.2 - Proof (ii) ... Claim: ∀ a ∈ EULER, the h b ( a ) = a.b / ∈ EULER so is in WITNESS Proof. ( n − 1) ( n − 1) ( n − 1) � � � � ( a.b ) mod n = a mod n . b mod n 2 2 2 ( n − 1) = ± b mod n / ∈ { 1 , n − 1 } 2 ( n − 1) (Since a mod n ∈ { 1 , n − 1 } and b ∈ WITNESS) 2 Thus, h b is a mapping from EULER to WITNESS Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 20 / 85

Abundance of witnesses Searching for a witness for Primal Testing Theorem 6.2.2 - Proof (ii) ... Claim: h b is injective: ∀ a 1 , a 2 ∈ EULER, a 1 � = a 2 ⇒ h b ( a 1 ) � = h b ( a 2 ) Proof. Assume h b ( a 1 ) = h b ( a 2 ) , then a 1 .b ≡ a 2 .b ( mod n ) (6 . 7) Multiplying the congruence (6.7) from the right by b − 1 , we obtain a 1 = a 1 .b.b − 1 mod n = a 2 .b.b − 1 mod n = a 2 Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 21 / 85

Abundance of witnesses Searching for a witness for Primal Testing Theorem 6.2.2 - Proof (ii) ... Chinese Remainder Theorem Let r, s be positive integers which are relatively prime and let a and b be any two integers. Then there is an integer N such that N ≡ a ( mod r ) and N ≡ b ( mod s ) Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 22 / 85

Abundance of witnesses Searching for a witness for Primal Testing Theorem 6.2.2 - Proof (ii) ... To complete the proof we have still to show that there exists an element b ∈ WITNESS ∩ Z ∗ n . Let n = p.q for two nontrivial factors p and q with GCD ( p, q ) = 1 . Since it is clearer to search for b in Z p × Z q instead of searching in Z n , we apply the Chinese Remainder Theorem. ∀ a ∈ Z n , the pair ( a mod p, a mod q ) is the representation of a in Z p × Z q . Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 23 / 85

Abundance of witnesses Searching for a witness for Primal Testing Theorem 6.2.2 - Proof (ii) ... If a ∈ EULER then ( n − 1) a mod p.q ∈ { 1 , n − 1 } 2 which implies for a k ∈ N either ( n − 1) a = k.p.q + 1 2 or ( n − 1) a = k.p.q + n − 1 2 Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 24 / 85

Abundance of witnesses Searching for a witness for Primal Testing Theorem 6.2.2 - Proof (ii) ... A direct consequence of it is either ( n − 1) ( n − 1) a mod p = a mod q = 1 2 2 or ( n − 1) a mod p = ( n − 1) mod p = ( p.q − 1) mod p = p − 1 and 2 ( n − 1) a mod q = ( n − 1) mod q = ( p.q − 1) mod q = q − 1 2 Hence either (1 , 1) or ( p − 1 , q − 1) = ( − 1 , − 1) is the representation of ( n − 1) mod n in Z p × Z q for every a ∈ EULER. a 2 Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 25 / 85

Abundance of witnesses Searching for a witness for Primal Testing Theorem 6.2.2 - Proof (ii) ... Therefore we choose (1 , q − 1) = (1 , − 1) as the representation of b in Z p × Z q . We need to show that b has the required properties. ( n − 1) mod n in Z p × Z q is: The representation of b 2 ( n − 1) ( n − 1) ( n − 1) ( n − 1) � � � � b mod p, b mod q = 1 mod p, ( − 1) mod q = (1 , − 1) 2 2 2 2 (because n − 1 is odd). 2 Hence, b is not a Eulerian number, and so b ∈ WITNESS Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 26 / 85

Abundance of witnesses Searching for a witness for Primal Testing Theorem 6.2.2 - Proof (ii) To complete the proof, we need to show b − 1 = b . Since (1 , 1) is the natural element with respect to the multiplication in Z p × Z q , (1 , q − 1) ⊙ p,q (1 , q − 1) = (1 . 1 mod p, ( q − 1) . ( q − 1) mod q ) = (1 , 1) implies that b is inverse to itself. � Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 27 / 85

Abundance of witnesses Searching for a witness for Primal Testing SSSA (Simplified Solovay-Strassen Algorithm) input: An odd integer n with n ≡ 3( mod 4) Step 1: Choose uniformly an a ∈ { 1 , 2 , ...n − 1 } at random. ( n − 1) Step 2: Compute A := a mod n . 2 Step 3: if A ∈ { 1 , − 1 } then output ” n ∈ PRIM ” { reject } else output ” n / ∈ PRIM ” { accept } Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 28 / 85

Abundance of witnesses Searching for a witness for Primal Testing Theorem 6.2.6 Theorem 6.2.6 SSSA is a polynomial-time 1MC algorithm for the recognition of composite numbers n with n mod 4 = 3 . Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 29 / 85

Abundance of witnesses Searching for a witness for Primal Testing Theorem 6.2.6 - Proof The value of A can be efficiently computed by repeated squaring. The fact that SSSA is a 1MC algorithm is a direct consequence of Theorem 6.2.2. If p is a prime, then (i) of Theorem 6.2.2 assures that there is no witness of p / ∈ PRIM , and so the algorithm SSSA answers ” n ∈ PRIM ” with certainly. If p is composite, then (ii) of Theorem 6.2.2 assures that ∈ PRIM ”) ≥ 1 Prob(SSSA outputs ” n / 2 � Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 30 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Objective We have a kind of witness, that provides an efficient randomized algorithm for primality testing for all positive integers n with n ≡ 3( mod 4) . This section aims to extend this kind of witness in a way that results in a randomized primality testing for all odd integers. Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 31 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing An Extension to Definition (6.6) An a ∈ { 1 , 2 , ..., n − 1 } with GCD ( a, n ) � = 1 is also a witness of the fact n / ∈ PRIM GCD ( a, n ) can be efficiently computed by the Euclidean algorithm Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 32 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing An Extension to Definition (6.6) An a ∈ { 1 , 2 , ..., n − 1 } with GCD ( a, n ) � = 1 is also a witness of the fact n / ∈ PRIM GCD ( a, n ) can be efficiently computed by the Euclidean algorithm Extension of the definition (6.6) of witnesses A number a ∈ { 1 , 2 , ..., n − 1 } is a witness of the fact n / ∈ PRIM for an odd positive integer n if (i) GCD ( a, n ) > 1 , or (6.9) n − 1 (ii)GCD ( a, n ) = 1 and a mod n / ∈ { 1 , n − 1 } 2 Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 32 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing An Extension to Definition (6.6) An a ∈ { 1 , 2 , ..., n − 1 } with GCD ( a, n ) � = 1 is also a witness of the fact n / ∈ PRIM GCD ( a, n ) can be efficiently computed by the Euclidean algorithm Extension of the definition (6.6) of witnesses A number a ∈ { 1 , 2 , ..., n − 1 } is a witness of the fact n / ∈ PRIM for an odd positive integer n if (i) GCD ( a, n ) > 1 , or (6.9) n − 1 (ii)GCD ( a, n ) = 1 and a mod n / ∈ { 1 , n − 1 } 2 Unfortunately, (6.9) does not guarantee the abundance of witnesses for Carmichael numbers, and so we cannot use this kind of witness for the design of a randomized algorithm for primality testing for all odd, positive integers. Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 32 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Quadratic Residue Modulo Definition An integer q is called a quadratic residue modulo n ( qRn ) if it is congruent to a perfect square modulo n ; i.e., if there exists an integer x such that: x 2 ≡ q ( mod n ) Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 33 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Legendre Symbol Definition 6.3.10: Legendre Symbol For any prime p > 2 and any positive integer a with GCD ( a, p ) = 1 the Legendre symbol for a and p is: � � a 1 if a is a quadratic residue modulo p ( aRp ) , � = Leg p − 1 if a is a quadratic nonresidue modulo p ( aNp ) . Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 34 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Lemma 6.3.11 The following assertion is a direct consequence of the Euclidean Criterion (Theorem 5.4.14). Lemma For every prime p > 2 and every positive integer a with GCD ( a, p ) = 1 � a � p − 1 = a mod p Leg 2 p Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 35 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Jacobi Symbol Definition 6.3.12: Jacobi Symbol Let 2 .....p k l n = p k 1 1 .p k 2 l be the factorization of an odd integer n ≥ 3 , where p 1 < p 2 < ... < p l are primes and k 1 , k 2 , ..., k l are positive integers for a positive integer l . For all positive integers a with GCD ( a, n ) = 1 , the Jacobi symbol of a and n is � a l l �� k i = � a � k i . pi − 1 � � � � � = mod p i Jac Leg a 2 n p i i =1 i =1 Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 36 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Observation Observation 6.3.13 For all positive integers a and n satisfying the assumptions of Definition 6.3.10 � a � ∈ { 1 , − 1 } . Jac n Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 37 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Lemma 6.3.14 Let n be an odd integer greater than 3 , and let a, b be natural numbers with GCD ( a, n ) = GCD ( b, n ) = 1 . Then � � � � � � a.b a b Jac = Jac . Jac 1 n n n � � � � a b = Jac ∀ a, b with a ≡ b ( mod n ) Jac 2 n n � � � � a − 1 2 . n − 1 a n 2 . Jac = ( − 1) , for all odd a Jac 3 n a � � � � n − 1 1 n − 1 = 1 and Jac = ( − 1) Jac 4 n n n � � 2 = − 1 for all n with n mod 8 ∈ { 3 , 5 } , and Jac 5 n � � 2 Jac = 1 for all n with n mod 8 ∈ { 1 , 7 } n Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 38 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Lemma 6.3.14 - Proof (i) Let n = p k 1 1 .p k 2 2 .....p k l l : l � a.b � k i � � pi − 1 � Jac = ( a.b ) mod p i 2 n i =1 l �� k i pi − 1 pi − 1 �� = a mod p i . b mod p i 2 2 i =1 l l � k i . � k i pi − 1 pi − 1 � � � � = a mod p i b mod p i 2 2 i =1 i =1 � b � a � � = Jac . Jac n n This completes the proof of (i). Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 39 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Lemma 6.3.14 - Proof (ii) Following the definition of Jacobi symbols, it is sufficient to show � a � b � � Leg = Leg p p ∀ prime p and all a, b with GCD ( a, p ) = GCD ( b, p ) = 1 and a ≡ b ( mod p ) . For appropriate r, s, z ∈ N , z < p we have: a = p.r + z and b = p.s + z (6 . 10) Then � a � p − 1 p − 1 = a mod p = ( p.r + z ) mod p Jac 2 2 p ( p − 1) / 2 � ( p − 1) / 2 � p − 1 2 − i .z i mod p � = . ( p.r ) i i =0 = z ( p − 1) / 2 mod p { All other members of the sum are divisible by pr } � � � � � � = z ( p − 1) / 2 mod p ⇒ Leg b a b Analogously: Jac = Leg p p p Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 40 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Algorithm JACOBI Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 41 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing New Definition of Witnesses of Compositeness Definition An a with � a � � = a ( n − 1) / 2 mod n Jac n witnesses the fact ” n / ∈ PRIM ” Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 42 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Jac-witness Definition 6.3.16 Let n be an odd integer, n ≥ 3 . A number a ∈ { 1 , 2 , ..., n − 1 } is called Jac-witness of that fact ” n / ∈ PRIM ” if GCD ( a, n ) � = 1 , or � � � = a ( n − 1) / 2 mod n a Jac n Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 43 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Algebra Algebra Algebra is a pair ( S, F ) , where S is a set of elements. F is a set of mappings that map arguments or tuples of arguments from S to S . More precisely, F is a set of operations on S , and an operation f ∈ F is a mapping from S m to S for nonnegative integer m . Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 44 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Group A group G is a finite or infinite set of elements together with a binary operation that together satisfy the four fundamental properties of closure, associativity, the identity property, and the inverse property. Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 45 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Group A group G is a finite or infinite set of elements together with a binary operation that together satisfy the four fundamental properties of closure, associativity, the identity property, and the inverse property. Closure: If A and B are two elements in G , then the product AB is also 1 in G . Associativity: The defined multiplication is associative, i.e., for all 2 A, B, C ∈ G , ( AB ) C = A ( BC ) . Identity: There is an identity element I such that IA = AI = A for 3 every element A ∈ G . Inverse: There must be an inverse (a.k.a. reciprocal) of each element. 4 Therefore, for each element A of G , the set contains an element B = A − 1 such that AA − 1 = A − 1 A = I . Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 45 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Subgroup Definition Let ( A, ∗ ) be a group. An algebra ( H, ∗ ) is a subgroup of ( A, ∗ ) if H ⊆ A , and ( H, ∗ ) is a group. For instance, ( Z , +) is a subgroup of ( Q , +) . Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 46 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Right and Left Coset Definition Let ( H, ◦ ) be a subgroup of ( A, ◦ ) . For every b ∈ A , we define the sets H ◦ b = { h ◦ b | h ∈ H } and b ◦ H = { b ◦ h | h ∈ H } as right coset and left coset of H in ( A, ◦ ) respectively. Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 47 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Index of H in ( A, ◦ ) Definition Let ( H, ◦ ) be a subgroup of a group ( A, ◦ ) . We define index of H in ( A, ◦ ) by Index H ( A ) = |{ H ◦ b | b ∈ A }| i.e, as the number of different right cosets of H in ( A, ◦ ) . Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 48 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Index of H in ( A, ◦ ) Definition Let ( H, ◦ ) be a subgroup of a group ( A, ◦ ) . We define index of H in ( A, ◦ ) by Index H ( A ) = |{ H ◦ b | b ∈ A }| i.e, as the number of different right cosets of H in ( A, ◦ ) . Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 49 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Lagrange’s Theorem Theorem For every subgroup ( H, ◦ ) of a finite group ( A, ◦ ) , | A | = Index H ( A ) . | H | i.e, | H | divides | A | . Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 50 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Corollary A.2.49 Go Back Corollary Let ( H, ◦ ) be a proper algebra if a finite group ( A, ◦ ) . Then, | H | ≤ | A | / 2 Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 51 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Cyclic Group Definition Let ( S, ∗ ) be a group with the neutral element e . For every a ∈ S and every j ∈ Z , we define the j -th power of a as follows: a 0 = e, a 1 = a, a − 1 = i ( a ) , ∀ j ≥ 1 , a j +1 = a ∗ a j ∀ j ∈ Z + , a − j = ( i ( a )) j An element g of S is called a generator of the group ( S, ∗ ) if S = { g i | i ∈ Z } Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 52 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Order of a Definition Let ( A, ∗ ) be a group with neutral element 1 . For each a ∈ A, the order of a is defined by order ( a ) = min { r ∈ N − { 0 } | a r = 1 } if there exists at least one r with a r = 1 . if ∀ i ∈ N − { 0 } , a i � = 1 , then we set order ( a ) = ∞ Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 53 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Theorem 6.3.17 Go Back Theorem For every odd integer n , n ≥ 3 , the following holds: (a)If n is a prime, then � a � a � � n − 1 = Leg = a mod n ∀ a ∈ { 1 , 2 , ..., n − 1 } Jac 2 n n (b)If n is composite, then � a � n − 1 Jac � = a mod n 2 n for at least half the elements a ∈ { 1 , 2 , ..., n − 1 } with the property GCD ( a, n ) = 1 (i.e, a ∈ Z ∗ n ) Remember: Z ∗ n = { a ∈ Z n − { 0 }| GCD ( a, n ) = 1 } Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 54 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Theorem 6.3.17 - Proof (a) The claim (a) is a direct consequence of the definition of Jacobi symbols and the Eulerian Criterion. Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 55 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Theorem 6.3.17 - Proof (b) ... witness candidates = { 1 , 2 , ..., n − 1 } = Z n − { 0 } Jac-witness of n / ∈ PRIM according to definition 6.3.16(i) are all elements from { 1 , 2 , ..., n − 1 } − Z ∗ n . We denote the non-Jac-witness by: � a � n − 1 Wit n = { a ∈ Z ∗ n | Jac = a mod n } , 2 n then Z ∗ n − Wit n is the set of Jac-witness of n / ∈ PRIM with respect to definition 6.3.16 (ii). Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 56 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Theorem 6.3.17 - Proof (b) ... Our aim is to show that | Wit n | ≤ | Z ∗ n | / 2 , (6 . 11) so that |{ 1 , 2 , ..., n − 1 } − Wit n | ≥ | Wit n | We need to show that ( Wit n , ⊙ mod n ) is a proper subgroup of ( Z ∗ n , ⊙ mod n ) i.e, we need to look for an element a ∈ Z ∗ n − Wit n . Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 57 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Theorem 6.3.17 - Proof (b) ... Theorem A.2.40 Let ( A, ⊙ ) be a finite group. Every algebra ( H, ⊙ ) with H ⊆ A is a subgroup of ( A, ⊙ ) Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 58 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Theorem 6.3.17 - Proof (b) ... First we show that ( Wit n , ⊙ mod n ) is a group. Following Corollary A.2.49 it is sufficient to show that Wit n is closed according to ⊙ mod n : Let a, b ∈ Wit n , From Lemma 6.3.14 (i), � b � a.b � a � � � = Jac . Jac Jac n n n � n − 1 � � n − 1 � = a mod n . b mod n { Since a, b ∈ Wit n } 2 2 n − 1 = ( a.b ) mod n 2 So a.b ∈ Wit n therefore Wit n is closed according to ⊙ mod n . Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 59 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Theorem 6.3.17 - Proof (b) ... Now we show that Wit n is a proper subset of Z ∗ n , ( a ∈ Z ∗ n − Wit n ) . Let 2 . ... .p i k n = p i 1 1 .p i 2 k then we set 2 . ... .p i k q = p i 1 1 and m = p i 2 k in order to search for an a ∈ Z ∗ n − Wit n in Z q × Z m instead of searching directly in Z n . Let g be the generator of the cyclic group ( Z ∗ q , ⊙ mod q ) . We make the choice of a by the following recurrences: a ≡ g ( mod q ) and a ≡ 1( mod m ) Hence we choose a as ( g, 1) in Z q × Z m Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 60 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Theorem 6.3.17 - Proof (b) ... First, we show that a ∈ Z ∗ n , (i.e, GCD ( a, n ) = 1 ). So we have to show none of the primes p 1 , p 2 , ..., p k divides the number a . (6 . 13) The proof is by contradiction. If p 1 | a , then the equality g = a mod p i 1 1 contradicts the assumption that g is a generator of Z ∗ q , So p 1 ∤ a. Hint: The equality g = a mod p i 1 1 follows from a ≡ g ( mod q ) Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 61 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Theorem 6.3.17 - Proof (b) ... If, for an r ∈ { 2 , ..., k } , p r | a , then a = p r .b, b ∈ N . From a ≡ 1( mod m ) we have: a = m.x + 1 , x ∈ N Hence a = p r .b = m.x + 1 = p r . ( m/p r ) .x + 1 which implies p r | 1 , Since p r > 1 so it is a contradiction. Thus a ∈ Z ∗ n . Hint: if p | x, p | y and x = y + z then p | z Proof: ′ , x = y + z x = p.k, y = p.k then ′ + z ⇒ z = p ( k − k ′ ) ⇒ p | z p.k = p.k Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 62 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Theorem 6.3.17 - Proof (b) ... Finally, we have to prove that a / ∈ Wit n To do so, we distinguish two possibilities: i 1 = 1 and i 1 ≥ 2 . Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 63 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Theorem 6.3.17 - Proof (b) ... (1) let i 1 = 1 � � n − 1 a � = a mod n . Remember that We have to prove Jac 2 n n = p 1 .m, m > 1 and GCD ( p 1 , m ) = 1( Since if p ∤ a then ∀ b ∈ N , p ∤ a b ) k � a � a �� i j � � � = Jac Jac n p i j =1 � a k � a �� i j � � � = Jac . Jac p 1 p j j =2 � a k � 1 � a � g � g �� i j = Jac � � � � � � = Jac . = Jac = Leg = − 1 Jac p 1 p j p 1 p 1 p 1 j =2 � � a = − 1 Hence Jac n Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 64 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Theorem 6.3.17 - Proof (b) ... Since a ≡ 1( mod m ) , we obtain n − 1 n − 1 a mod m = ( a mod m ) mod m 2 2 n − 1 mod m = 1 n = 1 (6 . 14) n − 1 Now, the equality a mod n = − 1 for n = q.m cannot hold because 2 n − 1 a mod n = − 1 implies: 2 n − 1 mod m = − 1(= m − 1 in Z ∗ a m ) 2 which contradicts (6 . 14) . Hence: � � n − 1 a mod n ⇒ a ∈ Z ∗ − 1 = Jac � = a n − Wit n 2 n Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 65 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Theorem 6.3.17 - Proof (b) ... (2) Let i 1 ≥ 2 . We prove a / ∈ Wit n in an indirect way. � a n − 1 � a ∈ Wit n ⇒ a mod n = Jac ∈ { 1 , − 1 } 2 n and so a n − 1 mod n = 1 Since n = q.m , we also have a n − 1 mod q = 1 Since g = a mod q we obtain 1 = a n − 1 mod q = ( a mod q ) n − 1 mod q = g n − 1 mod q. (6 . 15) Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 66 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Theorem 6.3.17 - Proof (b) ... g is a generator of cyclic group ( Z ∗ q , ⊙ mod q ) , so the order of g is | Z ∗ q | . From (6 . 15) we have that: | Z ∗ q | divides n − 1 (6 . 16) since q = p i 1 1 for an i 1 ≥ 2 , and Z ∗ q = { x ∈ Z q | GCD ( x, 1) = 1 } = { x ∈ Z q | p 1 ∤ x } and the number of elements of Z q that are a multiple of p 1 is exactly | Z q | /p 1 , one obtains q | = | Z q | − | Z q | /p 1 = p i 1 1 − p i 1 − 1 = p 1 . ( p i 1 − 1 − p i 1 − 2 | Z ∗ ) 1 1 1 Hence p 1 divides | Z ∗ q | (6 . 17) Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 67 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Theorem 6.3.17 - Proof (b) From (6 . 16) and (6 . 17) together imply that p 1 divides n − 1 (6 . 18) Since n = p i 1 1 , we have obtained p 1 divides n and p 1 divides n − 1 Since ∄ prime p, such that p | n and p | n − 1 , out assumption a ∈ Wit n cannot hold, and we obtain a / ∈ Wit n � Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 68 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Algorithm Solovay-Strassen Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 69 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Theorem 6.3.18 Theorem The Solovay-Strassen algorithm is a polynomial-time one-sided-error Monte Carlo algorithm for the recognition of composite numbers. Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 70 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Theorem 6.3.18 - Proof ... Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 71 / 85

Abundance of witnesses Solovay-Strassen Algorithm for Primality Testing Theorem 6.3.18 - Proof If n ∈ PRIM, then by Theorem 6.3.17 (a), the algorithm outputs the answer ” n ∈ PRIM” with certainly. If n is composite, Theorem 6.3.17 (b) assures that at least half the elements of { 1 , 2 , ..., n − 1 } are Jac-witnesses of ” n / ∈ PRIM”. Therefore, the Solovay- Strassen algorithm gives the right answer ” n / ∈ PRIM” with probability at least 1 / 2 . � Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 72 / 85

Abundance of witnesses Generation of Random Primes Objectives Problem For a given positive integer l , generate a random prime of the binary length l . Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 73 / 85

Abundance of witnesses Generation of Random Primes Objectives Problem For a given positive integer l , generate a random prime of the binary length l . The number of primes of the length l of order hundreds, is larger that the number of protons in the known universe. Clearly, one cannot solve this task by generating all primes of length l and than choosing one of them at random. Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 73 / 85

Randomized Algorithms Abundance of Witnesses Mohammad Heidari Yazd - PowerPoint PPT Presentation

Randomized Algorithms Abundance of Witnesses Mohammad Heidari Yazd University May 8, 2016 Mohammad Heidari (Yazd University) Randomized Algorithms May 8, 2016 1 / 85 Abundance of witnesses Objectives Objectives Definition Abundance of

Randomized Algorithms Randomized Algorithms Two Types of Randomized Algorithms Two Types of

Randomized algorithms Quick-sort Closest pair of points Inge Li Grtz 1 2

Randomized Algorithms Randomized Algorithms Markov Chains and Random Walks Markov Chains and

Probability and Delaunay triangulations 1 Randomized algorithms for Delaunay triangulations

Introduction to Randomized Algorithms: QuickSort Lecture 2 August 27, 2020 Chandra (UIUC)

Randomized algorithms Inge Li Grtz Thank you to Kevin Wayne for inspiration to slides

Optimal Randomized Algorithms for Integration Integration on Function Spaces with underlying

Randomized Algorithms, Quicksort and Randomized Selection Carola Wenk Slides courtesy of Charles

ADVANCED ALGORITHMS Lecture 14: randomized algorithms 1 ANNOUNCEMENTS HW 3 out; due

Randomized algorithms Guessing cards Three examples: Median/Select. Inge Li Grtz

ECS231 Low-rank approximation revisited (Introduction to Randomized Algorithms) May 23, 2019

Randomized Algorithms Lecture 3: Occupancy, Moments and deviations, Randomized selection

8. Average-Case Analysis of Algorithms + Randomized Algorithms 1 outline and goals 1)

Chapter 11 Randomized Algorithms III Min Cut CS 573: Algorithms, Fall 2013 October 1, 2013

Approximation and Randomized Algorithms Lecturer: Shi Li Department of Computer Science and

Approximation and Randomized Algorithms Lecturer: Shi Li Department of Computer Science and

Divide and conquer 1 The main idea for the divide and conquer is trying to divide a problem into

On fast multiplication of a matrix by its transpose Jean-Guillaume Dumas Cl ement Pernet

Objectives Quadratic Residues Primality Testing: Solovay Strassen Algorithm Computing

Efficient Algorithms and Problem Complexity Divide and Conquer Frank Drewes Department

Algorithms for Public Key Cryptography Eli Biham - May 3, 2005 c 408 Algorithms for Public

The Case for Malleable Stream Architectures Christopher Batten 1 , 3 , Hidetaka Aoki 2 , Krste

Apache Ignite Extensions - Modularization Saikat Maitra Twitter @samaitra Github samaitra

Resistive strips signal propagation studies and spark mitigation Javier Galan For the 8th RD51