In this chapter, we review standard asymptotic notation, introduce the formal computational model that we shall use throughout the rest of the text, and discuss basic algorithms for computing with large integers.

Asymptotic notation

We review some standard notation for relating the rate of growth of functions. This notation will be useful in discussing the running times of algorithms, and in a number of other contexts as well.

Let f and g be real-valued functions. We shall assume that each is defined on the set of non-negative integers, or, alternatively, that each is defined on the set of non-negative reals. Actually, as we are only concerned about the behavior of f(x) and g(x) as x → ∞, we only require that f(x) and g(x) are defined for all sufficiently large x (the phrase “for all sufficiently large x” means “for some x0 and all x ≥ x0”). We further assume that g is eventually positive, meaning that g(x) > 0 for all sufficiently large x. Then

• f = O(g) means that |f(x)| ≤ cg(x) for some positive constant c and all sufficiently large x (read, “f is big-O of g”),

• f = Ω(g) means that f(x) ≥ cg(x) for some positive constant c and all sufficiently large x (read, “f is big-Omega of g”),

• f = Θ(g) means that cg(x) ≤ f(x) ≤ dg(x) for some positive constants c and d and all sufficiently large x (read, “f is big-Theta of g”),

• […]

It is sometimes useful to endow our algorithms with the ability to generate random numbers. In fact, we have already seen two examples of how such probabilistic algorithms may be useful:

• at the end of §3.4, we saw how a probabilistic algorithm might be used to build a simple and efficient primality test; however, this test might incorrectly assert that a composite number is prime; in the next chapter, we will see how a small modification to this algorithm will ensure that the probability of making such a mistake is extremely small;

• in §4.5, we saw how a probabilistic algorithm could be used to make Fermat's two squares theorem constructive; in this case, the use of randomization never leads to incorrect results, but the running time of the algorithm was only bounded “in expectation.”

We will see a number of other probabilistic algorithms in this text, and it is high time that we place them on a firm theoretical foundation. To simplify matters, we only consider algorithms that generate random bits. Where such random bits actually come from will not be of great concern to us here. In a practical implementation, one would use a pseudo-random bit generator, which should produce bits that “for all practical purposes” are “as good as random.” While there is a well-developed theory of pseudo-random bit generation (some of which builds on the ideas in §8.9), we will not delve into this here.

This chapter introduces the notion of a ring, more specifically, a commutative ring with unity. While there is a lot of terminology associated with rings, the basic ideas are fairly simple. Intuitively speaking, a ring is an algebraic structure with addition and multiplication operations that behave as one would expect.

Definitions, basic properties, and examples

Definition 7.1. A commutative ring with unity is a set R together with addition and multiplication operations on R, such that:

1. (i) the set R under addition forms an abelian group, and we denote the additive identity by 0R;

2. (ii) multiplication is associative; that is, for all a, b, c ∈ R, we have a(bc) = (ab)c;

3. (iii) multiplication distributes over addition; that is, for all a, b, c ∈ R, we have a (b + c) = ab + ac and (b + c)a = ba + ca;

4. (iv) there exists a multiplicative identity; that is, there exists an element 1R ∈ R, such that 1R · a = a = a · 1Rfor all a ∈ R;

5. (v) multiplication is commutative; that is, for all a, b ∈ R, we have ab = ba.

There are other, more general (and less convenient) types of rings–one can drop properties (iv) and (v), and still have what is called a ring. We shall not, however, be working with such general rings in this text. Therefore, to simplify terminology, from now on, by a “ring,” we shall always mean a commutative ring with unity.

In §2.8, we initiated an investigation of quadratic residues. This chapter continues this investigation. Recall that an integer a is called a quadratic residue modulo a positive integer n if gcd(a, n) = 1 and a ≡ b2 (mod n) for some integer b.

First, we derive the famous law of quadratic reciprocity. This law, while historically important for reasons of pure mathematical interest, also has important computational applications, including a fast algorithm for testing if an integer is a quadratic residue modulo a prime.

Second, we investigate the problem of computing modular square roots: given a quadratic residue a modulo n, compute an integer b such that a ≡ b2 (mod n). As we will see, there are efficient probabilistic algorithms for this problem when n is prime, and more generally, when the factorization of n into primes is known.

The Legendre symbol

For an odd prime p and an integer a with gcd(a, p) = 1, the Legendre symbol (a | p) is defined to be 1 if a is a quadratic residue modulo p, and −1 otherwise. For completeness, one defines (a | p) = 0 if p | a. The following theorem summarizes the essential properties of the Legendre symbol.

In this chapter, we discuss basic definitions and results concerning matrices. We shall start out with a very general point of view, discussing matrices whose entries lie in an arbitrary ring R. Then we shall specialize to the case where the entries lie in a field F, where much more can be said.

One of the main goals of this chapter is to discuss “Gaussian elimination,” which is an algorithm that allows us to efficiently compute bases for the image and kernel of an F-linear map.

In discussing the complexity of algorithms for matrices over a ring R, we shall treat a ring R as an “abstract data type,” so that the running times of algorithms will be stated in terms of the number of arithmetic operations in R. If R is a finite ring, such as ℤm, we can immediately translate this into a running time on a RAM (in later chapters, we will discuss other finite rings and efficient algorithms for doing arithmetic in them).

If R is, say, the field of rational numbers, a complete running time analysis would require an additional analysis of the sizes of the numbers that appear in the execution of the algorithm. We shall not attempt such an analysis here–however, we note that all the algorithms discussed in this chapter do in fact run in polynomial time when R = ℚ, assuming we represent rational numbers as fractions in lowest terms.

This chapter concerns itself with the question: how many primes are there? In Chapter 1, we proved that there are infinitely many primes; however, we are interested in a more quantitative answer to this question; that is, we want to know how “dense” the prime numbers are.

This chapter has a bit more of an “analytical” flavor than other chapters in this text. However, we shall not make use of any mathematics beyond that of elementary calculus.

Chebyshev's theorem on the density of primes

The natural way of measuring the density of primes is to count the number of primes up to a bound x, where x is a real number. To this end, we introduce the function π(x), whose value at each real number x ≥ 0 is defined to be the number of primes up to (and including) x. For example, π(1) = 0, π(2) = 1, and π(7.5) = 4. The function π(x) is an example of a “step function,” that is, a function that changes values only at a discrete set of points. It might seem more natural to define π(x) only on the integers, but it is the tradition to define it over the real numbers (and there are some technical benefits in doing so).