Complexity 1 coNP Having Proofs for Incorrectness.

Complexity1

coNPHaving Proofs for Incorrectness

Complexity2

Introduction

• Objectives:– To introduce the complexity class

coNP– To explore the primality problem.

• Overview:– coNP: Definition and examples– coNP=NP? and NP=P? – PRIMES and Pratt’s theorem

Complexity3

CoNP

Def: CoNP is the class of problems that have succinct non-membership witnesses.

Complexity4

VALIDITY

• Instance: A Boolean formula• Problem: To decide if the formula is valid

(i.e satisfiable by all possible assignments)

xx A valid Boolean formula:

An invalid Boolean formula:

x

Complexity5

VALIDITY is in coNP

• Guess an assignment• Verify it doesn’t satisfy the formula

(x)=F x Indeed it doesn’t satisfy x!

Complexity6

Using what we Know about NP

• By definition, the complement of every NP language is in coNP.

• The complement of a coNP language is NP.

VALIDITY is in coNP!

Since SAT is in

NP...

Complexity7

NP and coNP

PNP coNP

P coNP: As coP = P, and P NP

Complexity8

NP-Complete & coNP-Complete

• L NP-Complete Lc coNP-Complete.

AcNP

LNP-Comple

teAcoNP

R

R

LccoNP-Complete

Complexity9

NP=P? & coNP=NP?

Claim: P=NP implies coNP=NP.Proof: P=coP, hence if P=NP, NP=coNP.

Does the opposite direction

also hold?

Complexity10

coNP=NP? & Completeness in coNP

Claim: If a coNP-Complete problem L is in NP, under Karp reduction, then coNP=NP.

AcoNP

LcoNP-Complet

e

R

LNP

ANP

Proof: in that case, any AcoNP, must be in NP

Complexity11

What’s coNP’s Proper Position?

PNP

Complexity12

Here It Is!

P

Open question: Are NP\coNP, coNP\NP actually empty?

NP coNP

Complexity13

PRIMES

• Instance: A number in binary representation.

• Problem: To decide if this number is prime.

10111

10111

Yes instance:

No instance:1011

01011

0

Complexity14

Is Primes in P ?!

What’s the problem with the following algorithm?

Input: a number N Output: is N prime?

for i in 2..N do for j in 2..N do

if i*j=N, return FALSEreturn TRUE

Complexity15

. .

.. . .

. .

.. . .

001 1 1# #

PRIMES is in coNP

• Given a number N

1 11 10 0# # #

• Guess two numbers i and j• Verify i*j=N

Don’t forget to make sure

this takespolynomial

time

Complexity16

Is PRIMES in NP?

Claim: A number p > 2 is prime iff a number 1<r<p (called primitive root) s.t

1) rp-1 = 1 (mod p) 2) prime divisor q of p-1: r(p-1)/q 1 (mod p)

PAP 222-227

5 is prime. What are its primitive roots?

Complexity17

Pratt’s Theorem

Pratt’s Theorem: PRIMES is in NPcoNP.Proof: Assuming the above claim we need to find some type of a guess that can be easily verify...

Complexity18

What Can We Get By Guessing r?

We first need to verify rp-1=1 (mod p)

rp-1 can be super-

exponential!

BUT rp-1 mod p requires only poly-

space

Complexity19

Performing p-1

multiplications is not

polynomial!

What Can We Get By Guessing r?

We first need to verify rp-1=1 (mod p)

But you can start with r and square log(p-

1) times!

ii ii

i i

i

ii

i

a2a a2 2

i a 1

a a2

r r r r

Complexity20

Verifying the Second Requirement

Next we need to verify, that prime divisor q of p-1: r(p-1)/q 1 (mod p)

Lemma: Any n>1 has klogn prime divisors.

Proof: Denote the prime divisors of n by q1,...,qk. Note that nq1·... ·qk and all qi2.Thus n2k, i.e - klogn.

Complexity21

Verifying the Second Requirement

Next we need to verify, that prime divisor q of p-1: r(p-1)/q 1 (mod p)

How would you find the prime divisors of p-1?

Obviously I wouldn’t!I’d just guess them!

Complexity22

Verifying the Second Requirement

Next we need to verify, that prime divisor q of p-1: r(p-1)/q 1 (mod p)

How would you verify they are

prime?Exactly the same way!

Complexity23

Claim Theorem

The certificate that a natural p is a prime is the following:

p=2 C(p)=()

p>2 C(p)=(r,q1,C(q1),...,qk,C(qk))

Make sure it’s succinct

Complexity24

The Verification

1. If p=2, accept2. Otherwise, verify rp-1=1 (mod p).3. Check that p can be reduced to 1 by repeated

divisions by the qi’s.

4. Check r(p-1)/qi1 (mod p) for all the qi’s.

5. Recursively apply this algorithm upon every qi,C(qi)

Make sure it takes poly-time

Complexity25

Proof of Claim

• Need to show that every prime satisfies both conditions

and

• that any number satisfying both conditions is a prime

Complexity26

Euler’s Function

(n) = { m | 1 m < n AND gcd(m,n)=1 }

• Euler’s function: (n)=|(n)|(12)={1,2,3,4,5,6,7,8,9,10

,11}(12)={1,2,3,4,5,6,7,8,9,10

,11}(12)=

4(12)=

4Example:

Observe: For any prime p, (p)={1,...,p-1}

Complexity27

Fermat’s Little Theorem

Fermat’s Little Theorem: Let p be a prime number

0 < a < p, ap-1 =1 (mod p)

p=5; a=2

25-1 mod 5 = 16 mod 5 = 1

p=5; a=2

25-1 mod 5 = 16 mod 5 = 1

Example:

Complexity28

Observation

0<a<p, a·(p):={a·m (mod p) | m(p)} = (p)

2 4 1 3

1 2 43(5)

·2 (mod 5)

Example:

Complexity29

Fermat’s Theorem: Proof

Therefore, for any 0<a<p:

p) (mod 1)!(pam 1)!(pa)p(m

1p

0 (mod p)

p) (mod 1a 1p

Complexity30

Generalization

Claim: For all a(n) , a(n)=1 (mod n).

n=8, (8) = {1,3,5,7}

34=1 (mod 8)

n=8, (8) = {1,3,5,7}

34=1 (mod 8)

Example:

Complexity31

Generalization: Proof

1 3 5 7

1 3 75

(8)

Example:

1

3

7

5

* (mod 8)

3 1 57

5

7

7 1 3

35 1

Again: For any a(n), a·(n)=(n)Again: m(n)m 0 (mod n)

And the claim follows.

Complexity32

What have we got So Far

• We know if p is prime condition (1) holds for all a

• For non prime n, condition (1) may hold for some a but then

a(n)=1 (mod n)as well, hence

an-1-(n)=1 (mod n)

Complexity33

Exponents

Def: If m(p), the exponent of m is the smallest integer k > 0 such that mk=1 (mod p).

p=7, m=4(7),

the exponent of 4 is 3.

p=7, m=4(7),

the exponent of 4 is 3.

Example:

Complexity34

All Residues Have Exponents

• Let s (p). j > i N that satisfy si=sj (mod p).• si is indivisible by p. sj-i=1 (mod p).

Complexity35

Regarding Exponents

• Observation: The only powers of m that are 1 (mod p) are multiplies of its exponent!

• Assuming rp-1 = 1 (mode p), by Fermat’s theorem, r’s exponent divides p-1

Complexity36

Non Primes Must Fail

• For a non prime n:• It must be that (p) < p-1.• Assume there is r s.t rp-1=1 (mod p)• We’ve shown r(p)=1 (mod p)• So there is also a prime divisor q of

p-1, s.t r(p-1)/q =1 mod p.

• We may conclude: if both conditions hold p is prime!

Complexity37

An Equivalent Definition of Euler’s Function Using Prime

Divisors• Let p be a prime divisor of n.• The probability p divides a candidate is

1/p.• Thus:

. . .

all the residues modulo n are candidates for (n)

n|

)p1

-(1p

nn)(

Complexity38

Corollaries

Corollary: If gcd(m,n)=1, (mn)=(m)(n). Proof:

(6)=|{1,5}|=2

(2)=|{1}|=1

(3)=|{1,2}|=2

(6)=|{1,5}|=2

(2)=|{1}|=1

(3)=|{1,2}|=2

)(mn mn|

)p1

-(1p

mn

n|m|

)p1

-(1)p1

-(1pp

nm

)()( nm

Complexity39

21=7·3

(21)={1,2,4,5,8,10,11,13,16,17,19,20}

(3) ={1,2}

(7) ={1,2,3,4,5,6}

21=7·3

(21)={1,2,4,5,8,10,11,13,16,17,19,20}

(3) ={1,2}

(7) ={1,2,3,4,5,6}

The Chinese Remainder Theorem

The Chinese Remainder Theorem: If n is the product of distinct primes p1,...,pk, for each k-tuple of residues (r1,...,rk), where ri(pi), there is a unique r(n), where ri=r mod pi for every 1ik.

Complexity40

The Chinese Remainder Theorem

Proof: If n is the product of distinct primes p1,...,pk, then (n)=1ik(pi-1). This means |(n)|=|(p1)...(pk)|. The following is a 1-1 correspondence between the two sets:

r(r mod p1,...,r mod

pk)

Complexity41

Another Property of the Euler Function

Claim: m|n(m)=n.

m|12(m)=

(1) + (2) + (3) + (4) + (6) + (12)=

|{1}| + |{1}| + |{1,2}| + |{1,3}| + |{1,5}| + |{1,5,7,11}|=

1 + 1 + 2 + 2 + 2 + 4 = 12

m|12(m)=

(1) + (2) + (3) + (4) + (6) + (12)=

|{1}| + |{1}| + |{1,2}| + |{1,3}| + |{1,5}| + |{1,5,7,11}|=

1 + 1 + 2 + 2 + 2 + 4 = 12

Example:

Complexity42

Another Property of the Euler Function

Claim: m|n(m)=n.

Proof: Let 1ilpiki be the prime

factorization of n.

n

p

ppp

pp

l

i

ki

l

i

ki

kii

l

i

kii

i

i

i

1

1

1

1

))(...)1(1(

))(...)()1((

1

(n)=np|n(1-1/p)

telescopic sum

m|n(m)=Since (ab)=(a)(

b)

Complexity43

Group together Residues with Same Exponent

• Fix a p and let R(k) denote the number of residues with exponent k.

• If k does not divide p-1, R(k)=0.• Can you upper bound R(k)?

Complexity44

Polynomials Have Few Roots

Claim: Any polynomial of degree k that is not identically zero has at most k distinct roots modulo p.

Proof: By induction on k. Trivially holds for k=0. Suppose it also holds for some k-1.

By way of contradiction, assume x1,...,xk+1 are roots of (x)=akxk+...+a0.

’(x)= (x)-ak1ik(x-xi) is of degree k-1 and not identically zero.

x1,...,xk are its roots - Contradiction!

Complexity45

How Many Residues Can Share an Exponent?

• Conclusion: There are at most k residues of exponent k.

• Claim: R(k) ≤ (k)• Proof:

– Let s be a residue of exponent k.– (1,s,s2,…,sk-1) are k distinct solutions of xk=1

(mod p) (why?)– If sl has exponent k, l(k) (otherwise its

exponent is lower).

Complexity46

Summing Up

1|1|

)()(pkpk

kkRp-1 =

= p-1

All p-1 residues have

exponents

m|n(m)=n

Complexity47

Summing Up

R(k)=(k) for all divisors of p-1 R(p-1) = (p-1) > 0 p has at least one primitive root

Complexity48

Where Do We Stand?

• We’ve shown every prime has a primitive root.Hence any prime satisfied both conditions

• We’ve previously shown any non prime does not satisfy both conditions

Complexity49

Q.E.D!

• This finally proves the validity of our alternative characterization of primes,

• which implies that PRIMES is in NP.

Complexity50

Place PRIMES

P

PRIMES

NP coNP

Complexity51

Summary

• We’ve studied the complexity class coNP,

• and explored the relations between coNP and other classes, such as P and NP.

• We’ve introduced PRIMES and showed it’s in NPcoNP, though it’s believed not to be in P.