Randomness and Computation: Some Prime Examples

1
Randomness and Computation Some Prime Examples
Discrete Mathematics for Computer Science Discrete Mathematics for Computer Science Discrete Mathematics for Computer Science
COMPSCI 230
Duke University
2
Earth has transferred a huge file X to Moon. Moon
received Y.
Earth X
Moon Y
3
Let p(n) be the number of primes between 1 and n.
I wonder how fast p(n) grows? Conjecture
1790s
Legendre
Gauss
4
Their estimates
x pi(x) Gauss' Li Legendre x/((lnx )- 1)
1000 168 178 172 169
10000 1229 1246 1231 1218
100000 9592 9630 9588 9512
1000000 78498 78628 78534 78030
10000000 664579 664918 665138 661459
100000000 5761455 5762209 5769341 5740304
1000000000 50847534 50849235 50917519 50701542
10000000000 455052511 455055614 455743004 454011971
5
Two independent proofs of the Prime Density
Theorem 1896
De la Vallée Poussin
J-S Hadamard
6
The Prime Density Theorem

• This theorem remains one of the celebrated
  achievements of number theory. In fact, an even
  sharper conjecture remains one of the great open
  problems of mathematics!

7
The Riemann Hypothesis 1859
Riemann
8
Slightly easier to show ?(n)/n 1/(2 log
n) (Well use this, but wont prove it here.)
9
Random (log n)-bit number is a random number
from 1..n (just add one) ?(n) / n 1/(2log
n) means that a random (log n)-bit number has
at least a 1/2log n chance of being prime.
10
Random k-bit number is a random number from
1..2k ?(2k) / 2k 1/2k means that a random
k-bit number has at least a 1/2k chance of
being prime.
11
Really useful fact

• A random k-bit number has at least a 1/2k chance
  of being prime.

So if we pick 2k random k-bit numbers the
expected number of primes on the list is at least
1
12
Picking A Random Prime

• Many modern cryptosystems (e.g., RSA) include the
  instructions
• Pick a random n-bit prime.
• How can this be done efficiently?

13
Picking A Random Prime

• Pick a random n-bit prime.
• Strategy
• Generate random n-bit numbers
• Test each one for primality
• more on this later in the lecture

14
Tremendously Useful Inequality

• ?x, 1 x ex

(note so for
small x, 1 x ex)
Corollaries
?x, 1 x e-x
?x?0, 1 1/x e1/x
?xgt0, (1 1/x)x e
?x?0, 1 - 1/x e-1/x
?xgt0, (1 - 1/x)x 1/e
15
Picking A Random Prime

• Pick a random n-bit prime.

• Generate kn random n-bit numbers
• Each trial has a 1/2n chance of being prime.
• Pr all kn trials yield composites

(1-1/2n)kn (1-1/2n)2n k/2 1/ek/2
16
Picking A Random Prime

• Pick a random n-bit prime.
• Strategy
• Generate random n-bit numbers
• Test each one for primality

For 1000-bit primes, if we try out 10000
random 1000-bit numbers, chance of failing e-5
.0068
17
Moral of the story

• Picking a random prime is almost as easy
  aspicking a random number.
• (Provided we can check for primality.)

18
Checking for Primality

• Fermats Little Theorem
• An integer n gt 1 is prime if and only if
• an-1 ? 1 (mod n)
• for all a such that 1 a n-1

19
Miller-Rabin Randomized Primality Test

• If n gt 2 and n is even, return composite
• Pick a uniformly at random from 1,2,,n-1
• If an-1 ? 1 (mod n), return composite
• Let n-1 t2s for some s gt 0 and odd t
• For i 1, 2, , s
• if a2it ? 1 (mod n) but a2i-1t ? ?1 (mod n)
• return composite
• Return passed test

20
Monte Carlo Algorithm

• The Miller-Rabin randomized primality test might
  return passed test even when the number is
  actually composite!

21
What does the test tell us?

• If n is prime, the test says passed test
• If n is composite, the test says
• composite with probability at least ¾
• passed test with probability at most ¼
• I.e., the answer is incorrect with probability at
  most ¼
• If n is composite and the test is run k times,
  the probability that it says passed test each
  time is at most (1/4)k. If the test ever says
  composite the number is composite.

22
Earth has transferred a huge file X to Moon. Moon
received Y
Earth X
Moon Y
23
Are X and Y the same n-bit numbers?
(assume no transmission errors either way)
Earth X
Moon Y
24
Why is this any good?

• Easy case
• If X Y, then X ? Y (mod p) and answer to
• X ? Y (mod p) ? is Yes!

25
Why is this any good?

• Harder case
• What if X ? Y? We want answer to X ? Y (mod p)
  ? to be No!
• But answer is Yes! if X ? Y (mod p), i.e., p
  (X-Y)
• How likely is this?
• Define Z (X-Y). To mess up, p must divide Z.
• Z is an n-bit number ? Z is at most 2n.
• But each prime is 2. Hence Z has at most n
  prime divisors.

26
Almost there

• Z has at most n prime divisors.
• How many (2log n)-bit primes are there?
• Recall ?(2k) 2k /2k
• at least 22logn/22log n n2/(4 log n) gtgt 2n
  primes.
• At most half of them divide Z. Hence the
  probability that a random (2 log n)-bit prime
  divides Z is at most ½.
• Make mistake (answer Yes!) with probability at
  most ½.

27
Theorem Let X and Y be distinctn-bit numbers.
Let p be a random (2 log n)-bit
prime. Then Prob X Y mod p lt 1/2
Earth-Moon protocol makes mistake with
probability at most 1/2!
28
Are X and Y the same n-bit numbers?
Pick k random (2 log n)-bit primes P1, P2, ..,
Pk Send (X mod Pi) for 1 i k
k answers to X Y mod Pi ?
(assume no transmission errors either way)
EARTH X
MOON Y
29
Exponentially smaller error probability

• If XY, always accept.
• If X ? Y,
• Prob X Y mod Pi for all i (1/2)k