Prime Numbers
Prime Numbers Prime Numbers
8.7 Exercises 433 standards insist on such presence.) The interesting research of [Okeya and Sakurai 2001] is relevant to this design problem. In fact such issues—usually relating to casting efficient ECC onto chips or smart cards—abound in the current literature. A simple Internet search on ECC optimizations now brings up a great many very recent references. Just one place (of many) to get started on this topic is [Berta and Mann 2002] and references therein. 8.7. Devise a coin-flip protocol based on the idea that if n is the product of two different odd primes, then quadratic residues modulo n have 4 square roots of the form ±a, ±b. Further computing these square roots, given the quadratic residue, is easy when one knows the prime factorization of n and, conversely, when one has the 4 square roots, the factorization of n is immediate. Note in this connection the Blum integers of Exercise 2.26, which integers are often used in coin-flip protocols. References are [Schneier 1996] and [Bressoud and Wagon 2000, p. 146]. 8.8. Explore the possibility of cryptographic defects in Algorithm 8.1.11. For example, Bob could cheat if he could quickly factor n, so the fairness of the protocol, as with many others, should be predicated on the presumed difficulty in factoring the number n that Alice sends. Is there any way for Alice to cheat by somehow misleading Bob into preferring one of the primes over the other? If Bob knows or guesses that Alice is choosing the primes p, q, r at random in a certain range, is there some way for him to improve his chances? Is there any way for either party to lose on purpose? 8.9. It is stated after Algorithm 8.1.11 that a coin-flip protocol can be extended to group games such as poker. Choose a specific protocol (from the text algorithm or such references as in Exercise 8.7), and write out explicitly a design for “telephone poker,” in which there is, over a party-line phone connection, a deal of say 5 cards per person, hands eventually claimed, and so on. It may be intuitively clear that if flipping a coin can be done, so can this poker game, but the exercise here is to be explicit in the design of a full-fledged poker game. 8.10. Prove that the verification step of Algorithm 8.1.8 works, and discuss both the probability of a false signature getting through and the difficulty of forging. 8.11. Design a random-number generator based on a one-way function. It turns out that any suitable one-way function can be used to this effect. One reference is [H˚astad et al. 1999]; another is [Lagarias 1990]. 8.12. Implement the Halton-sequence fast qMC Algorithm 8.3.6 for dimension D = 2, and plot graphically a cloud of some thousands of points in the unit square. Comment on the qualitative (visual) difference between your plot and a plot of simple random coordinates.
434 Chapter 8 THE UBIQUITY OF PRIME NUMBERS 8.13. Prove the claim concerning equation (8.3) under the stated conditions on k. Start by analyzing the Diophantine equation (mod 4), concluding that x ≡ 1 (mod 4), continuing on with further analysis (mod 4) until a Legendre symbol −4m 2 p is encountered for p ≡ 3 (mod 4). (See, for example, [Apostol 1976, Section 9.8].) 8.14. Note that if c = a n + b n ,thenx = ac, y = bc, z = c is a solution to x n + y n = z n+1 . Show more generally that if gcd(pq, r) = 1, then the Fermat– Catalan equation x p + y q = z r has infinitely many positive solutions. Why is this not a disproof of the Fermat–Catalan conjecture? Show that there are no positive solutions when gcd(p, q, r) ≥ 3. What about the cases gcd(p, q, r) =1 or 2? (The authors do not know the answer to this last question.) 8.15. Fashion an at least somewhat convincing heuristic argument for the Fermat–Catalan conjecture. For example, here is one for the case that p, q, r are all at least 4: Let S be the set of fourth and higher powers of positive integers. Unless there is a cheap reason, as in Exercise 8.14, there should be no particular tendency for the sum of two members of S to be equal to a third member of S. Consider the expression a + b − c, wherea ∈ S ∩ [t/2,t], b ∈ S ∩ [1,t], c ∈ S ∩ [1, 2t] and gcd(a, b) =1.Thisnumbera + b − c is in the interval (−2t, 2t) and the probability that it is 0 ought to be of magnitude 1/t. Thus, the expected number of solutions to a + b = c for such a, b, c should be at most S(t) 2 S(2t)/t, whereS(t) is the number of members of S ∩ [1,t]. Now S(t) =O(t 1/4 ), so this expected number is O(t −1/4 ). Now let t run over powers of 2, getting that the total number of solutions is expected to be just O(1). 8.16. As in Exercise 8.15, fashion an at least somewhat convincing heuristic argument for the ABC conjecture. 8.17. Show that the ABC conjecture is false with ɛ = 0. In fact, show that there are infinitely many coprime triples a, b, c of positive integers with a + b = c and γ(abc) =o(c). (As before, γ(n) is the largest squarefree divisor of n.) 8.18. [Tijdeman] Show that the ABC conjecture implies the Fermat–Catalan conjecture. 8.19. [Silverman] Show that the ABC conjecture implies that there are infinitely many primes p that are not Wieferich primes. 8.20. Say q1 0, we have qn+1 − qn >n 1/12−ɛ for all sufficiently large values of n. 8.21. Show that there is a polynomial in two variables with integer coefficients whose values at positive integral arguments coincide with the set
- Page 392 and 393: 7.8 Research problems 383 highly ef
- Page 394 and 395: 7.8 Research problems 385 is prime.
- Page 396 and 397: Chapter 8 THE UBIQUITY OF PRIME NUM
- Page 398 and 399: 8.1 Cryptography 389 is, if an orac
- Page 400 and 401: 8.1 Cryptography 391 Algorithm 8.1.
- Page 402 and 403: 8.1 Cryptography 393 just to genera
- Page 404 and 405: 8.1 Cryptography 395 where in the l
- Page 406 and 407: 8.2 Random-number generation 397 ar
- Page 408 and 409: 8.2 Random-number generation 399 Al
- Page 410 and 411: 8.2 Random-number generation 401 }
- Page 412 and 413: 8.2 Random-number generation 403 is
- Page 414 and 415: 8.3 Quasi-Monte Carlo (qMC) methods
- Page 416 and 417: 8.3 Quasi-Monte Carlo (qMC) methods
- Page 418 and 419: 8.3 Quasi-Monte Carlo (qMC) methods
- Page 420 and 421: 8.3 Quasi-Monte Carlo (qMC) methods
- Page 422 and 423: 8.3 Quasi-Monte Carlo (qMC) methods
- Page 424 and 425: 8.4 Diophantine analysis 415 [Tezuk
- Page 426 and 427: 8.4 Diophantine analysis 417 9262 3
- Page 428 and 429: 8.5 Quantum computation 419 We spea
- Page 430 and 431: 8.5 Quantum computation 421 three H
- Page 432 and 433: 8.5 Quantum computation 423 for a n
- Page 434 and 435: 8.6 Curious, anecdotal, and interdi
- Page 436 and 437: 8.6 Curious, anecdotal, and interdi
- Page 438 and 439: 8.6 Curious, anecdotal, and interdi
- Page 440 and 441: 8.7 Exercises 431 universal Golden
- Page 444 and 445: 8.7 Exercises 435 of positive compo
- Page 446 and 447: 8.8 Research problems 437 element o
- Page 448 and 449: 8.8 Research problems 439 the Leveq
- Page 450 and 451: 8.8 Research problems 441 for every
- Page 452 and 453: Chapter 9 FAST ALGORITHMS FOR LARGE
- Page 454 and 455: 9.1 Tour of “grammar-school” me
- Page 456 and 457: 9.2 Enhancements to modular arithme
- Page 458 and 459: 9.2 Enhancements to modular arithme
- Page 460 and 461: 9.2 Enhancements to modular arithme
- Page 462 and 463: 9.2 Enhancements to modular arithme
- Page 464 and 465: 9.2 Enhancements to modular arithme
- Page 466 and 467: 9.3 Exponentiation 457 Algorithm 9.
- Page 468 and 469: 9.3 Exponentiation 459 But there is
- Page 470 and 471: 9.3 Exponentiation 461 the benefit
- Page 472 and 473: 9.4 Enhancements for gcd and invers
- Page 474 and 475: 9.4 Enhancements for gcd and invers
- Page 476 and 477: 9.4 Enhancements for gcd and invers
- Page 478 and 479: 9.4 Enhancements for gcd and invers
- Page 480 and 481: 9.4 Enhancements for gcd and invers
- Page 482 and 483: 9.5 Large-integer multiplication 47
- Page 484 and 485: 9.5 Large-integer multiplication 47
- Page 486 and 487: 9.5 Large-integer multiplication 47
- Page 488 and 489: 9.5 Large-integer multiplication 47
- Page 490 and 491: 9.5 Large-integer multiplication 48
434 Chapter 8 THE UBIQUITY OF PRIME NUMBERS<br />
8.13. Prove the claim concerning equation (8.3) under the stated conditions<br />
on k. Start by analyzing the Diophantine equation (mod 4), concluding that<br />
x ≡ 1 (mod 4), continuing on with further analysis (mod 4) until a Legendre<br />
symbol −4m 2<br />
p is encountered for p ≡ 3 (mod 4). (See, for example, [Apostol<br />
1976, Section 9.8].)<br />
8.14. Note that if c = a n + b n ,thenx = ac, y = bc, z = c is a solution to<br />
x n + y n = z n+1 . Show more generally that if gcd(pq, r) = 1, then the Fermat–<br />
Catalan equation x p + y q = z r has infinitely many positive solutions. Why is<br />
this not a disproof of the Fermat–Catalan conjecture? Show that there are no<br />
positive solutions when gcd(p, q, r) ≥ 3. What about the cases gcd(p, q, r) =1<br />
or 2? (The authors do not know the answer to this last question.)<br />
8.15. Fashion an at least somewhat convincing heuristic argument for the<br />
Fermat–Catalan conjecture. For example, here is one for the case that p, q, r<br />
are all at least 4: Let S be the set of fourth and higher powers of positive<br />
integers. Unless there is a cheap reason, as in Exercise 8.14, there should be<br />
no particular tendency for the sum of two members of S to be equal to a<br />
third member of S. Consider the expression a + b − c, wherea ∈ S ∩ [t/2,t],<br />
b ∈ S ∩ [1,t], c ∈ S ∩ [1, 2t] and gcd(a, b) =1.Thisnumbera + b − c is in the<br />
interval (−2t, 2t) and the probability that it is 0 ought to be of magnitude<br />
1/t. Thus, the expected number of solutions to a + b = c for such a, b, c should<br />
be at most S(t) 2 S(2t)/t, whereS(t) is the number of members of S ∩ [1,t].<br />
Now S(t) =O(t 1/4 ), so this expected number is O(t −1/4 ). Now let t run over<br />
powers of 2, getting that the total number of solutions is expected to be just<br />
O(1).<br />
8.16. As in Exercise 8.15, fashion an at least somewhat convincing heuristic<br />
argument for the ABC conjecture.<br />
8.17. Show that the ABC conjecture is false with ɛ = 0. In fact, show<br />
that there are infinitely many coprime triples a, b, c of positive integers with<br />
a + b = c and γ(abc) =o(c). (As before, γ(n) is the largest squarefree divisor<br />
of n.)<br />
8.18. [Tijdeman] Show that the ABC conjecture implies the Fermat–Catalan<br />
conjecture.<br />
8.19. [Silverman] Show that the ABC conjecture implies that there are<br />
infinitely many primes p that are not Wieferich primes.<br />
8.20. Say q1 0, we have<br />
qn+1 − qn >n 1/12−ɛ for all sufficiently large values of n.<br />
8.21. Show that there is a polynomial in two variables with integer<br />
coefficients whose values at positive integral arguments coincide with the set
Change language