coNP (continued) Suppose L is a coNP problem. • There exists a polynomial-time nondeterministic • algorithm M such that: coNP and Function Problems – If x L, then M(x) = “yes” for all computation ∈ paths. – If x L, then M(x) = “no” for some computation 6∈ path. c 2004 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 331 c 2004 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 333 coNP ¤ ∈ ¤ ∉ £ By definition, coNP is the class of problems whose £ • complement is in NP. NP is the class of problems that have succinct • certificates (recall Proposition 31 on p. 254). ¡ ¢ ¡ ¢ ¡ ¢ ¥ ¦ coNP is therefore the class of problems that have • ¡ ¢ succinct disqualifications: ¡ ¢ ¥ ¦ ¡ ¢ – A “no” instance of a problem in coNP possesses a ¡ ¢ ¡ ¢ short proof of its being a “no” instance. – Only “no” instances have such proofs. c 2004 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 332 c 2004 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 334 An Alternative Characterization of coNP coNP (concluded) Proposition 43 Let L Σ∗ be a language. Then L coNP ⊆ ∈ if and only if there is a polynomially decidable and Clearly P coNP. • ⊆ polynomially balanced relation R such that It is not known if • L = x : y (x, y) R . P = NP coNP. { ∀ ∈ } ∩ (As on p. 253, we assume y x k for some k.) – Contrast this with | |≤| | L¯ = x :(x, y) R for some y . • { ∈¬ } R=RE coRE ∩ Because R remains polynomially balanced, L¯ NP by • ¬ ∈ (see Proposition 11 on p. 126). Proposition 31 (p. 254). Hence L coNP by definition. • ∈ c 2004 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 335 c 2004 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 337 coNP Completeness Some coNP Problems Proposition 44 L is NP-complete if and only if its ¯ validity coNP. complement L = Σ∗ L is coNP-complete. • ∈ − – If φ is not valid, it can be disqualified very succinctly: Proof ( ; the part is symmetric) ⇒ ⇐ a truth assignment that does not satisfy it. Let L¯ be any coNP language. • 0 sat complement coNP. • ∈ Hence L0 NP. – The disqualification is a truth assignment that • ∈ Let R be the reduction from L0 to L. satisfies it. • hamiltonian path complement coNP. So x L0 if and only if R(x) L. • ∈ • ∈ ∈ ¯ ¯ – The disqualification is a Hamiltonian path. So x L0 if and only if R(x) L. • ∈ ∈ R is a reduction from L¯ to L¯. • 0 c 2004 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 336 c 2004 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 338 coNP Hardness and NP Hardnessa Proposition 45 If a coNP-hard problem is in NP, then Some coNP-Complete Problems NP = coNP. sat complement is coNP-complete. Let L NP be coNP-hard. • • ∈ – sat complement is the complement of sat. Let NTM M decide L. • validity is coNP-complete. • For any L0 coNP, there is a reduction R from L0 to L. – φ is valid if and only if φ is not satisfiable. • ∈ ¬ L0 NP as it is decided by NTM M(R(x)). – The reduction from sat complement to validity • ∈ – Alternatively, NP is closed under complement. is hence easy. Hence coNP NP. hamiltonian path complement is coNP-complete. • ⊆ • The other direction NP coNP is symmetric. • ⊆ aBrassard (1979); Selman (1978). c 2004 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 339 c 2004 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 341 Possible Relations between P, NP, coNP coNP Hardness and NP Hardness (concluded) Similarly, 1. P = NP = coNP. Proposition 46 If an NP-hard problem is in coNP, then 2. NP = coNP but P = NP. 6 NP = coNP. 3. NP = coNP and P = NP. 6 6 Hence NP-complete problems are unlikely to be in coNP and This is current “consensus.” • coNP-complete problems are unlikely to be in NP. c 2004 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 340 c 2004 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 342 The Primality Problem DP An integer p is prime if p> 1 and all positive numbers • DP NP coNP is the class of problems that have other than 1 and p itself cannot divide it. • ≡ ∩ succinct certificates and succinct disqualifications. primes asks if an integer N is a prime number. • – Each “yes” instance has a succinct certificate. Dividing N by 2, 3,..., √N is not efficient. • – Each “no” instance has a succinct disqualification. 0.5 log N – The length of N is only log N, but √N = 2 . – No instances have both. A polynomial-time algorithm for primes was not found • P DP. until 2002 by Agrawal, Kayal, and Saxena! • ⊆ We will see that primes DP. We will focus on efficient “probabilistic” algorithms for • ∈ • – In fact, primes P as mentioned earlier. primes (used in Mathematica, e.g.). ∈ c 2004 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 343 c 2004 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 345 1: if n = ab for some a,b > 1 then 2: return “composite”; 3: end if Primitive Roots in Finite Fields 4: for r = 2, 3,...,n 1 do if then− 5: gcd(n, r) > 1 Theorem 47 (Lucas and Lehmer (1927)) a A number 6: return “composite”; 7: end if p> 1 is prime if and only if there is a number 1 <r<p if then 8: r is a prime (called the primitive root or generator) such that 9: Let q be the largest prime factor of r 1; − 10: if q 4√r log n and n(r−1)/q = 1 mod r then ≥ 6 1. rp 1 = 1 mod p, and 11: break; Exit the for-loop. − end if { } 12: (p 1)/q 2. r − = 1 mod p for all prime divisors q of p 1. 13: end if 6 − 14: end for r 1 has a prime factor q 4√r log n. for { − do ≥ } We will prove the theorem later. 15: a = 1, 2,..., 2√r log n • 16: if (x a)n = (xn a) mod (xr 1) in Z [ x ] then − 6 − − n a 17: return “composite”; Fran¸cois Edouard Anatole Lucas (1842–1891); Derrick Henry 18: end if Lehmer (1905–1991). 19: end for 20: return “prime”; The only place with “prime” output. { } c 2004 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 344 c 2004 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 346 Pratt’s Theorem The Succinctness of the Certificate Theorem 48 (Pratt (1975)) primes NP coNP. ∈ ∩ Lemma 49 The length of C(p) is at most quadratic at primes is in coNP because a succinct disqualification is 2 • 5 log2 p. a divisor. This claim holds when p = 2 or p = 3. Suppose p is a prime. • • In general, p 1 has k < log2 p prime divisors p’s certificate includes the r in Theorem 47 (p. 346). • − • q1 = 2,q2,...,qk. p 1 Use recursive doubling to check if r − = 1 mod p in • C(p) requires: 2 parentheses and 2k < 2 log2 p separators time polynomial in the length of the input, log p. • 2 (length at most 2 log2 p long), r (length at most log2 p), We also need all prime divisors of p 1: q ,q ,...,q . q1 = 2 and its certificate 1 (length at most 5 bits), the • − 1 2 k qi’s (length at most 2log p), and the C(qi)s. (p 1)/q 2 Checking r − i = 1 mod p is also easy. • 6 c 2004 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 347 c 2004 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 349 The Proof (concluded) C(p) is succinct because The Proof (concluded) • k Checking q1,q2,...,qk are all the divisors of p 1 is easy. C(p) 5 log p +5+5 log2 q • − | | ≤ 2 2 i i=2 We still need certificates for the primality of the qi’s. X • k 2 The complete certificate is recursive and tree-like: 5 log p +5+5 log q • ≤ 2 2 i i=2 ! X C(p)=(r; q1, C(q1),q2, C(q2),...,qk, C(qk)). p 1 5 log p +5+5log2 − ≤ 2 2 2 C(p) can also be checked in polynomial time. • < 5 log p + 5 + 5(log p 1)2 2 2 − We next prove that C(p) is succinct. = 5 log2 p + 10 5 log p 5 log2 p • 2 − 2 ≤ 2 for p 4. ≥ c 2004 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 348 c 2004 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 350 Basic Modular Arithmeticsa ¥ § Let m, n Z+. ¨ © • ∈ ¤ ¡ ¡ m n means m divides n and m is n’s divisor. • | £ We call the numbers 0, 1,...,n 1 the residue modulo ¡ ¡ • − n. ¢ ¡ ¡ The greatest common divisor of m and n is denoted • gcd(m, n). ¡ ¡ The r in Theorem 47 (p. 346) is a primitive root of p. ¦ • ¡ ¡ We now prove the existence of primitive roots and then • Theorem 47. ¥ £ ¤ ¡ ¡ ¡ ¡ ¢ ¡ ¡ ¡ ¡ aCarl Friedrich Gauss. c 2004 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 351 c 2004 Prof. Yuh-Dauh Lyuu, National Taiwan University Page 353 Euler’sa Totient or Phi Function Two Properties of Euler’s Function Let • Φ(n)= m : 1 m<n, gcd(m, n) = 1 The inclusion-exclusion principlea can be used to prove the { ≤ } following. be the set of all positive integers less than n that are 1 prime to n (Zn∗ is a more popular notation). Lemma 50 φ(n)= n p n(1 p ). | − – Φ(12) = 1, 5, 7, 11 . If n = pe1 pe2 petQis the prime factorization of n, then { } • 1 2 ··· t Define Euler’s function of n to be φ(n)= Φ(n) .