I implemented the Pohlig-Hellman algorithm for the general case following Wikipedia but it only seem to work for prime powers (which is what the limited case is meant to solve).
My implementation follows wikipedia exactly: https://gist.github.com/nickponline/2ef6f3456ed6c423239a334c98728324
Some examples where it fails to find a solution are:
39^x = 49 (mod 74) x = 28
19^x = 423 (mod 478) x = 275
71^x = 65 (mod 86) x = 45
I'm unclear why my implementation doesn't work for p where p is not a prime power.
Related
Consider each function below such as f, f2, f3 and f4 with the basis I. How can we express each f such that f_i=\sum a_i I_i and each a_i\geq 0?
Example
We demonstrate the polynomials below with M2 and Mathematica.
Macaulay2:
i1 : R=RR[x1,x2,x3,MonomialOrder=>Lex];
f=x3-x1*x2;
f2=x3*x2-x1;
f3=x1-0.2;
f4=x1-x3+0.8;
i5 : I=ideal(x1-0.2,-x1+0.5,x2,-x2+1,x3-1,-x3+1); G=gb(I);
We can express f3 with elements of I, namely with zeroth term
i11 : I_0==f3
o11 = true
We can express f4 with I_5 and I_0
i17 : I_5+I_0==f4
o17 = true
Can we express f and f2 with I?
Mathematica: f and f-2 cannot be expressed in terms of the I but f-1 can be expressed in I but negative terms so cannot use Handelman's theorem on it.
but
f-2 is not non-negative (choose x3=1,x1=2 so 1-0-2=-1<0)
f is non-negative (x3=1 so 1-x1x2>0) and
f-1 is not non-negative (x3=1,x2>0 so -x1x2<0).
and by Handelman's theorem, all computations are inconclusive because the the third term -x1 is negative. More about Mathematica aspects here.
How can we express a polynomial in terms of other polynomials and each quotient term is positive like PolynomialReduce in Mathematica but each quotient term positive?
Note that in this answer, I am using your terminology, in which R is the polynomial ring and RR is the ring of real numbers. I should also say that almost never use the ring RR, since computations in macaulay2 over the real numbers are not always reliable, always use the ring of rationals QQ or a positive characteristic field like QQ/(101).
Your f and f2 polynomials are not linear, so you can not even write them as a linear combination of I_0,...,I_5 (i.e. the generators of I).
Furthermore the ideal I as you defined it contains a scalar so it is what mathematicians call the unit ideal. It means I=R, that is the whole polynomial ring.
So you can write f and f2 as a combination of I_0,...,I_5 but not a linear one.
It means that f = \sum g_i I_i with g_i polynomials where at least one of them is not a number.
Remark. For an arbitrary ring R, the elements are usually called scalars, but when R is a polynomial ring, let's say R=RR[x_1,...x_n] then usually the constant polynomials (which are exactly the real numbers, i.e. elements of RR) are called scalars. This is just a common and of course confusing terminology.
Here is an example,
i2 : R=QQ[x_1,x_2]
o2 = R
o2 : PolynomialRing
i3 : I=ideal(x_1-1,x_2,x_1+1)
o3 = ideal (x - 1, x , x + 1)
1 2 1
o3 : Ideal of R
i4 : I == R
o4 = true
i5 : J = ideal(x_1,x_2)
o5 = ideal (x , x )
1 2
o5 : Ideal of R
i6 : J == R
o6 = false
You see that the ideal I has x_1-1,x_2,x_1+1 so the element (x_1+1)-(x_1-1) = 2 also belongs to I, so I has a constant polynomial which is a unit element (a unit element in a ring is an element that has an inverse) which implies that I=R. For a proof of this fact visit, https://math.stackexchange.com/questions/552173/if-an-ideal-contains-the-unit-then-it-is-the-whole-ring
On the other hand J does not have any constant polynomial, so J is not the whole ring R.
I am trying to understand Big-O notation through a book I have and it is covering Big-O by using functions although I am a bit confused. The book says that O(g(n)) where g(n) is the upper bound of f(n). So I understand that means that g(n) gives the max rate of growth for f(n) at larger values of n.
and that there exists an n_0 where the rate of growth of cg(n) (where c is some constant) and f(n) have the same rate of growth.
But what I am confused is on these examples on finding Big O in mathmatical functions.
This book says findthe upper bound for f(n) = n^4 +100n^2 + 50
they then state that n^4 +100n^2 + 50 <= 2n^4 (unsure why the 2n^4)
then they some how find n_0 =11 and c = 2, I understand why the big O is O(n^4) but I am just confused about the rest.
This is all discouraging as I don't understand but I feel like this is an important topic that I must understand.
If any one is curious the book is Data Structures and Algorithms Made Easy by Narasimha Karumanchi
Not sure if this post belongs here or in the math board.
Preparations
First, lets state, loosely, the definition of f being in O(g(n)) (note: O(g(n)) is a set of functions, so to be picky, we say that f is in O(...), rather than f(n) being in O(...)).
If a function f(n) is in O(g(n)), then c · g(n) is an upper bound on
f(n), for some constant c such that f(n) is always ≤ c · g(n),
for large enough n (i.e. , n ≥ n0 for some constant n0).
Hence, to show that f(n) is in O(g(n)), we need to find a set of constants (c, n0) that fulfils
f(n) < c · g(n), for all n ≥ n0, (+)
but this set is not unique. I.e., the problem of finding the constants (c, n0) such that (+) holds is degenerate. In fact, if any such pair of constants exists, there will exist an infinite amount of different such pairs.
Showing that f ∈ O(n^4)
Now, lets proceed and look at the example that confused you
Find an upper asymptotic bound for the function
f(n) = n^4 + 100n^2 + 50 (*)
One straight-forward approach is to express the lower-order terms in (*) in terms of the higher order terms, specifically, w.r.t. bounds (... < ...).
Hence, we see if we can find a lower bound on n such that the following holds
100n^2 + 50 ≤ n^4, for all n ≥ ???, (i)
We can easily find when equality holds in (i) by solving the equation
m = n^2, m > 0
m^2 - 100m - 50 = 0
(m - 50)^2 - 50^2 - 50 = 0
(m - 50)^2 = 2550
m = 50 ± sqrt(2550) = { m > 0, single root } ≈ 100.5
=> n ≈ { n > 0 } ≈ 10.025
Hence, (i) holds for n ≳ 10.025, bu we'd much rather present this bound on n with a neat integer value, hence rounding up to 11:
100n^2 + 50 ≤ n^4, for all n ≥ 11, (ii)
From (ii) it's apparent that the following holds
f(n) = n^4 + 100n^2 + 50 ≤ n^4 + n^4 = 2 · n^4, for all n ≥ 11, (iii)
And this relation is exactly (+) with c = 2, n0 = 11 and g(n) = n^4, and hence we've shown that f ∈ O(n^4). Note again, however, that the choice of constants c and n0 is one of convenience, that is not unique. Since we've shown that (+) holds for on set of constants (c,n0), we can show that it holds for an infinite amount of different such choices of constants (e.g., it naturally holds for c=10 and n0=20, ..., and so on).
I'm reading a book about cryptography (I've tried translate the terms from Spanish to English) and I don't understand how calculate the inverse within this field (originally the question used the term “body” instead of “field”, since that's a literal translation from languages like Spanish or German).
Encrypting with a monoalphabetic subtitution by pure decimation:
Equivalences:
Ci: Letter encrypted
a: Decimation constant
Mi: Message no encrypted
mod: Module operation (we obtain the remainder)
n: Number of letters in the encryption alphabet
Spanish alphabet: ABCDEFGHIJKLMNÑOPQRSTUVWZXY
· Encryption: Ci = a* Mi mod n
For example --> We will encrypt the letter C (C is the position 2, starting from 0) with a=20 and with the Spanish alfhabet (n=27) --> Ci = 20*C mod 27 = 20*2 mod 27 = 13 => N
· Decryption: a^(-1) * Ci mod n
HERE IS THE PROBLEM
a^(-1) is the inverse of the decimation factor in the body n; in other words: inverse(a, n). I've googled and tried to do some calculations but I don't obtain the correct result ---> inverse(a, n) = inverse(20, 27) = 16 (and the gcd is valid to do it).
For example:
22^(-1) * 13 mod 27 != 16
To find the modular (multiplicative) inverse in your example you have to find x such that (22 * x) % 27 == 1.
There are a variety of different ways you can do this mathematically. Note that in general, an inverse exists only if gcd(a, n) == 1.
If you want to write a simple algorithm for your example, try this Python code:
def inverse(a, n):
for x in range(n):
if (a * x) % n == 1:
return x
This gives:
>>> inverse(22, 27)
16
>>> inverse(20, 27)
23
As mentioned in the comments below your question, there may well be better functions for computing the modular inverse in existing libraries for your favourite programming language.
Part A:
For the two systems of linear congruences, one system has integer solutions while the other does not. For the system with integer solutions, write down 2 of them whose difference is less than 192. For the other system, explain why no integer solution exists.
A: n congruent 13 (mod 16)
n congruent 5 (mod 12)
B: n congruent 14 (mod 16)
n congreunt 4 (mod 12)
Part B:
Let a1 and a2 be integers.
Let m1 and m2 be natural numbers.
Let d = gcd(m1,m2)
Based on your observations from part A, complete the following proposition and prove it.
Proposition1: The system:
n congruent a1 (mod m1)
n congruent a2 (mod m2)
has an integer solution if and only if ____________
(The blank needs to be filled with a simple condition on a1,a2,d)
Any tips would be great! Thanks in advance!
16 and 12 are not coprime, so the usual Chinese Remainder Theorem doesn't apply. In fact, since they have a common factor of 4, that means that the system only has a solution when (x mod 16) and (x mod 12) are congruent mod 4. As you can see, this is only true in one of the systems listed above.
In the case where there is a solution, the minimal distance between solutions is lcm(16,12)=48 rather than 16*12 = 192 because of the common factor in the moduli. The CRT ensures that knowing x mod 12 is equivalent to knowing x mod 3 and x mod 4 since 12=3*4 and 3 and 4 are coprime. However, you already know x mod 4 because you know x mod 16 and 4 divides 16. So you can think of the extra information provided by the second equation as only being x mod 3 rather than x mod 12.
I hope this helps. I'm not sure how to explain it better without just giving the answer away.
I understand the concept of a Residual Number System and the concept of a Mixed Radix system, but I'm having difficulty getting any of the conversion methods I find to work in a simple case study.
I started at Knuth's Art of Computer Programming but that had a bit too much on the theory of the conversion, and once Euler was mentioned I was lost. Wikipedia has a nice section on the subject, which I tried here and here but both times I couldn't get back to the number where I started.
I found a good article here (PDF), which I condensed the relevant sections here, but I don't understand the multiplicative inverses and their notation. Specifically, how y_2 = |(3 - 19)|(1/31)|_7|_7 = |5 * 5|_7 Especially how |1/31|_7 = 5
The multiplicative inverses are to be taken with respect to a modulus (here 7). Since the modulus 7 is prime, every number (modulo 7) has an inverse. In particular, 31_7 = 3_7 (since 31 = 4*7 +3 - sorry if I'm too didactic), and its inverse is 5 because 3 * 5 = 15 = 1_7. So we can write
|1/31|_7 = 5.
Now
y_2 = |(3 - 19) |(1/31)|_7 |_7
= | (-16) * 5 |_7
= | 5 * 5 |_7 since -16 = (-3)*7 + 5
= 4