Arithmetic and algebra

To show that many fundamental problems in arithmetic and algebra also belong to the class NP, we recall that every natural number can be considered a word in{0,1}∗ _{(representing} the number in binary). We start with the problem of deciding whether a natural number is a prime.

Problem 6.4.9 Compositeness of an integer Certificate of compositeness: a proper divisor. Problem 6.4.10 Primality It is significantly more difficult to find witnesses for primality. We use the following fundamental theorem of number theory:

6.4. EXAMPLES OF LANGUAGES IN NP 99 Theorem 6.4.5 An integer n≥2 is prime if and only if there is a natural number asuch that an−1_{≡1 (modn)buta}m_{6≡1 (modn)for anym such that1≤m < n−1.}

(This theorem says that there is a so-called “primitive root”afor n, whose powers run through all non-0 residues modn.)

With this theorem in mind,we would like to use the numberato be the witness for the primality of n. Since, obviously, only the remainder of the number a after division byn is significant here, there will also be a witnessawith 1≤a < n. In this way, the restriction on the length of the witness is satisfied: adoes not have more bits than nitself. Let kbe the number of bits ofn.

As we have seen in chapter 3, we can also check the condition

an−1_{≡1 (modn) (6.1)}

in polynomial time. It is, however, a much harder question how to verify the further condi- tions:

am_{6≡1 (modn) (1≤m < n−1). (6.2)}

We have seen that we can do this for each specific m, but it seems that we must do this

n−2 times, i.e. exponentially many times in terms ofk. We can use, however, the (easy) number-theoretical fact that if (6.1) holds then the smallestm=m0 violating (6.2) (if there

is any) is a divisor ofn−1. It is also easy to see that then (6.2) is violated by every multiple ofm0smaller thann−1. Thus, if the prime factor decomposition ofn−1 isn−1 =pr11· · ·prtt

then (6.2) is violated by somem= (n−1)/pi. It is enough therefore to verify that for all i

with 1≤i≤t,

a(n−1)/pi_{6≡1 (modn).}

Now, it is obvious thatt≤kand therefore we have to check (6.2) for at mostkvalues which can be done in the way described before, in polynomial total time.

There is, however, another difficulty: how are we to compute the prime decomposition of n−1? This, in itself, is a harder problem than to decide whether n is a prime. We can, however, add the prime decomposition ofn−1 to the “witness”; this consists therefore, besides the numbera, of the numbersp1, r1, . . . , pt, rt(it is easy to see that this is at most 3k

bits). Now only the problem remains to check whether this is a prime decomposition indeed, i.e. that n−1 = pr1

1 · · ·prtt (this is easy) and thatp1, . . . , pt are indeed primes. We can do

this recursively.

We still have to check that this recursion gives witnesses of polynomial length and it can be decided in polynomial time that these are witnesses. LetL(k) denote the maximum length

of the witnesses in case of numbersnofkbits. Then, according to the above recursion, L(k)≤3k+ t X i=1 L(ki)

where ki is the number of bits of the primepi. Since p1· · ·pt≤n−1< nit follows easily

that

k1+· · ·+kt< k+t.

Also obviously ki < k. Using this, it follows from the above recursion thatL(k)≤3k2. In

fact, the inequalityL(k)≤3(k−1)2 _{is easier to prove. This is namely obvious fork= 1,2}

and if we know that it holds for all numbers less thankthen

L(k)≤3k+ t X i=1 L(ki)≤3k+ t X i=1 3(ki−1)2 ≤3k+ 3(k−2) t X i=1 ki−1≤3k+ 3(k−2)·(k−1)≤3(k−1)2.

We can prove similarly that it is decidable about a string in polynomial time whether it is a certificate defined in the above way.

Usually we are not satisfied with knowing whether a given number nis a prime or not, but if it is not a prime then we might also want to find one of its proper divisors. (If we can solve this problem then repeating it, we can find the complete prime decomposition.) This is not a decision problem, but it is not difficult to reformulate it as a decision problem: Problem 6.4.11 Existence of a bounded divisor Given two natural numbersnandk; does

nhave a proper divisor not greater thank?

It is clear that this problem is in NP: the certificate is the divisor. The complementary language is also in NP:

Problem 6.4.12 Nonexistence of a bounded divisor This is the set of all pairs (n, k) such that every proper divisor ofnis greater thank. A certificate for this is the prime decompo- sition ofn, together with a certificateof the primality of every prime factor.

It is not known whether the problem of compositeness (even less, the existence of a bounded divisor) is in P. Extending the notion of algorithms and using random numbers, it is decidable in polynomial time about a number whether it is a prime (see the section on randomized algorithms). At the same time, the corresponding search problem (the search for a proper divisor), or, equivalently, deciding the existence of bounded divisors, is significantly

6.4. EXAMPLES OF LANGUAGES IN NP 101 harder; for this, a polynomial algorithm was not yet found even when the use of random numbers is allowed.

Now we turn to some basic questions in algebra. A notion analogous for primality of a positive integer is irreducibility of a polynomial (for simplicity, with a single variable, and with rational coefficients). A polynomial is reducible if it can be written as the product of two non-constant polynomials with rational coefficients.

Problem 6.4.13 Reducibility of a polynomial over the rational field Certificate: a proper divisor; but some remarks are in order.

Letf be the polynomial. To prove that this problem is in NP we must convince ourselves that the number of bits necessary for writing down a proper divisor can be bounded by a polynomial of the number of bits in the representation off. (We omit the proof of this here.)

It can also be shown that this language is in P.