Approximating Good Simultaneous Diophantine Approximations is ...

Comment

Report 3 Downloads 53 Views

Approximating Good Simultaneous Diophantine Approximations is almost NP-hard Carsten Rossner and Jean-Pierre Seifert? Dept. of Math. Comp. Science, University of Frankfurt, P. O. Box 111932, 60054 Frankfurt/Main, Germany

froessner,[email protected]

Abstract. Given a real vector =( ; : : : ; d ) and a real number " > 0 a good Diophantine approximation to is a number Q such that kQ mod Zk1 ", where k k1 denotes the `1 -norm kxk1 := max id jxi j for x = (x ; : : : ; xd). Lagarias [12] proved the NP-completeness of the corresponding decision d 1

1

1

problem, i.e., given a vector 2 Q , a rational number " > 0 and a number N 2 N+ , decide whether there exists a number Q with 1 Q N and kQ mod Zk1 ". We prove that, unless NP DTIME(npoly(log n) ), there exists no polynomial-time algorithm which computes on inputs 2 Qd and N 2 N+ a 0 : 5 ?

d N and number Q with 1 Q 2log

kQ mod Zk1 2

log

0:5? d

min jjq mod Zk1 ;

1qN

where is an arbitrary small positive constant. To put it in other words, it is almost NP{hard to approximate a minimum good Diophantine approximation to in polynomial-time within a factor 2log0:5? d for an arbitrary small positive constant . We also investigate the nonhomogeneous variant of the good Diophantine approximation problem, i.e., given vectors ; 2 Qd , a rational number " > 0 and a number N 2 N+ , decide whether there exists a number Q with 1 Q N and kQ ? mod Zk1 ". This problem is particularly interesting since nding good nonhomogeneous Diophantine approximations enables us to factor integers and compute discrete logarithms (see Schnorr [17]). We prove that the problem Good Nonhomogeneous Diophantine Approximation is NP-complete and even approximating it in polynomial-time within a factor 2log1? d for an arbitrary small positive constant is almost NP-hard. Our results follow from recent work in the theory of probabilistically checkable proofs [4] and 2-prover 1-round interactive proof-systems [7, 14]. Key Words. approximation algorithm, computational complexity, NPhard, probabilistically checkable proofs, Diophantine approximation, 2prover 1-round interactive proof-systems ? Supported by DFG under grant DFG-Leibniz-Programm Schn 143/5-1

1 Introduction Since NP optimization problems are unlikely to be solved in polynomial-time, unless P = NP, a lot of work has been done to nd polynomial-time approximation algorithms for these problems. An algorithm is said to approximate a positive real-valued function opt () within a factor f if on every input I its output is within a factor f of opt (I ). Unfortunately, for many NP-hard optimization problems it is even NP-hard or almost NP-hard to compute such approximate solutions, see, e.g., Crescenzi and Kann [6] or Arora and Lund [3]. Therefore, it is quite important, both from the practical point of view and from the point of view of complexity theory, to nd conditions which enable or disable us to design polynomial-time approximation algorithms for NP-hard optimization problems In this paper we investigate the approximability of the following NP optimization problems: Minimum Good Diophantine Approximation in `1 -norm (MinGDA1 ) INSTANCE: A rational vector = (1 ; : : : ; d) 2 Q d and a number N 2 N SOLUTION: A number Q 2 [1; N ] \ Z MEASURE: The `1 -norm kQ mod Zk1 := max1id minn2ZjQi ? nj. Minimum Good Nonhomogeneous Diophantine Approximation in `1 norm (MinGNDA1 ) INSTANCE: Rational vectors = (1 ; : : : ; d ); = ( 1 ; : : : ; d ) 2 Q d and a number N 2 N SOLUTION: A number Q 2 [1; N ] \ Z MEASURE: The `1 -norm kQ ? mod Zk1 := max1id minn2ZjQi ? i ? nj.

We refer to MinGDA1 and MinGNDA1 also as the problem Minimum Good Simultaneous Diophantine Approximation and Minimum Good Nonhomogeneous Simultaneous Diophantine Approximation, respectively, and to the solution Q 2 [1; N ] \ Z as the common denominator of the good (nonhomogeneous) simultaneous diophantine approximation. In fact, good simultaneous diophantine approximations have wide practical impact. Algorithms for nding such approximations may be used to nd strongly polynomial-time algorithms in combinatorial optimization [8], to factor univariate integer polynomials [18] and to compute minimal polynomials of an algebraic number [11]. The motivation for our rst result comes from the following conjecture raised by Lagarias [12]: If there is a polynomial-time algorithm which computes on inputs 2 Q d and N 2 N + a denominator Q 2 [1; f (d)N ] satisfying kQ mod Zk1 f (d) 1min jjq mod Zk1; qN where f (d) is some polynomial in d, then P = NP. Conversely, Lagarias gave an algorithm which computes for inputs 2 Q d and N 2 N + a denominator

Q 2 [1; 2d=2N ] satisfying

p kQ mod Zk1 5d 2(d?1)=2 1min qN jjq mod Zk1:

We prove, that approximating MinGDA1 in polynomial-time within a factor 2log0:5? d for an arbitrary small positive constant implies NP DTIME(npoly(log n)). Thus, in the sense of Lagarias' conjecture, our result may be regarded as a step towards narrowing the gap between approximability and inapproximability of MinGDA1 in polynomial-time. Our results follow by a chain of gap-preserving reductions from two wellknown lattice problems: Shortest Vector in `1 -norm and Nearest Vector in `1 -norm. Using previous results [7, 4] on interactive proof-systems, Arora et al. [2] proved that, unless NP DTIME(npoly(log n) ), no polynomial-time algorithm can approximate the shortest non-trivial vector in the `1 -norm in a lattice within a factor 2log0:5? n for an arbitrary small positive constant . They also showed the same inapproximability result for the nearest vector problem in the `1 -norm. By a recent result of Raz [14] the inapproximability factor in case of approximating the nearest vector in the `1 -norm in a lattice can be ampli ed to 2log1? n for an arbitrary small positive constant . We transfer these inapproximability gaps to MinGDA1 and MinGNDA1 , respectively, via two intermediate problems. Roadmap In section 2 we introduce some notation and the problem Shortest Integer Relation in `1 -norm (SIR1 ) which is known to be almost NPhard to approximate within a factor 2log0:5? n , for an arbitrary small positive constant and n the input size, see R}ossner and Seifert [16]. In section 3 we give a gap-preserving reduction from SIR1 to MinGDA1 proving the rst result. In section 4 we de ne the problem Minimum Diophantine Equation Solution in `1 -norm (MinDES1 ) and sketch a gap-preserving reduction from MinDES1 to MinGNDA1 . This implies our second result.

2 Preliminaries 2.1 De nitions We brie y introduce some notation, see [5].

De nition 1. An optimization problem is a set I f0; 1g of instances, a set S f0; 1g of feasible solutions and a polynomial-time computable positive measure function m : I S ! R+ , that assigns each tuple of an instance I and a solution S , a positive real number m(I; S ), called the value of the solution S . The optimization problem is to nd, for a given input I 2 I a solution S 2 S such that m(I; S ) is optimum over all possible S 2 S . If the optimum is minS2S fm(I; S )g (resp. maxS2S fm(I; S )g) we refer to as a minimization (resp. maximization ) problem.

De nition 2. For an input I of a minimization (resp. maximization) problem whose optimal solution has value opt (I ), an algorithm A is said to approximate opt (I ) within a factor f (I ) i opt (I ) A(I ) opt (I )f (I ) (resp. opt (I )=f (I ) A(I ) opt (I )); where f (I ) 1 and A(I ) > 0. For exhibiting the hardness of approximation problems we introduce the following reduction due to Arora [1]. De nition 3. Let and 0 be two minimization problems and , 0 1. A gap-preserving reduction from to 0 with parameters ((c; ); (c0 ; 0 )) is a polynomial-time transformation mapping every instance I of to an instance I 0 = (I ) of 0 such that for the optima opt (I ) and opt 0 (I 0 ) of I and I 0 , respectively, the following holds: opt (I ) c =) opt 0 (I 0 ) c0 opt (I ) > c =) opt 0 (I 0 ) > c0 0 ; where c; and c0 ; 0 depend on the instance sizes jI j and jI 0 j, respectively. 2.2 Previous Results

The proof of our rst result will mainly rely on a gap-preserving reduction to MinGDA1 from the problem Shortest Integer Relation in `1 -norm stated as follows: Shortest Integer Relation in `1 -norm (SIR1 ) INSTANCE: A rational vector a 2 Q d SOLUTION: A nonzero vector x 2 Zd such that ha; xi = 0 MEASURE: The `1 -norm kxk1 := max1in jxi j of the vector x

The Shortest Integer Relation problem in `1 -norm was proven to be

NP-complete by van Emde Boas [19]. Very recently, R}ossner and Seifert [16] showed the following Theorem, stating that it is even almost NP-hard to ap0:5?

proximate SIR1 in polynomial-time within a factor 2log n , where is an arbitrary small positive constant and n the size of the SIR1 instance I . Theorem 4. There exists an almost polynomial-time, i.e., DTIME(npoly(log n)) transformation from 3-Sat to Shortest Integer Relation in `1 -norm such that, for all instances I , I 2 3-Sat =) opt SIR1 ( (I )) = 1 I 2= 3-Sat =) opt SIR1 ( (I )) > 2log0:5? j (I )j; where is an arbitrary small positive constant. The above Theorem, in turn, was proven by a reduction from the Shortest Vector problem in the `1 -norm, involving techniques from the Feige and Lovasz [7] 2-prover 1-round interactive proof-system, see [2, 16] for more details.

3 The Reduction 3.1 Reducing SIR1 to MinGDA1 Theorem 5. There exists a polynomial-time transformation from Shortest Integer Relation in `1 -norm to Minimum Good Diophantine Appoximation in `1 -norm, : I 7! h(a0 =b0 ; : : : ; ad =bd); N i, such that, for all instances I and for all 1, opt SIR1 (I ) = 1 =) 1min kq mod Zk1 b11 qN 1 opt SIR1 (I ) > =) 1Qmin N kQ mod Zk1 > b1 : Proof. Our proof follows closely [12]. Due to a few changes speci c to our claim, we include the complete proof here. Let a = (a1 ; : : : ; ad) 2 Zd be the vector of a given SIR1 instance I . First, we encode the task to nd a non-trivial x 2 Zd with kxk1 and d

X

xj aj = 0 (1) j=1 P as a congruence. Let A := dj=1 jaj j and let p0 be the smallest prime with Q p0 6 j dj=1 aj . We set R := blogp0 Ac + 1. The following steps will crucially use the following Lemma whose proof is deferred to the Appendix.

Lemma A. There exists a polynomial-time (polynomial in jI j) computable set of primes fQ1; : : : ; Qdg and an integer T 2 N + such that (a) Qi < Qi+1Q , i = 1; : : : ; d ? 1, (b) gcd(Qi ; p0 dj=1 aj ) = 1, i = 1; : : : ; d, (c) QT1 4 (d + 1) pR0 and (d) 1=T Qd < ( + 1)1=T Q1 . By the Chinese Remainder Theorem we nd for every j = 1; : : : ; d a smallest positive integer rj satisfying

(2a) rj 0 mod dii=1 QT 6=j i rj aj (mod pR0 ) (2b) rj 6 0 (mod Qj ); (2c) where Q1 ; : : : ; Qd are given as above. (2c) is a consequence of (2a) and (2b), for if rj0 is the smallest positive solution satisfying (2a) and (2b), we set ( rj0 ; if rj0 6 0 (mod Qj ); Q rj := r0 + pR di=1 QT ; otherwise. i j 0 i6=j Q

As gcd(pR0 di=1 QTi =QTj ; Qj ) = 1 by (b) of Lemma A, we infer that rj 6 0 ( mod Qj ), j = 1; : : : ; d, i.e., (2c) holds for either choice of rj . By (2b) and A < pR0 , we see that the systems Q

d

d

(1a) and xj rj 0 (mod pR0 ); (3a) j=1 j=1 1 kxk1 (1b) 1 kxk1 : (3b) have identical integral solutions sets. For an integral vector x with 1 kxk1 we de ne X

Z :=

X

xj aj = 0;

d

X

j=1

xj rj ;

H :=

d

X

j=1

rj

and

B :=

d

Y

j=1

QTj :

We clearly have jZ j H . Moreover, (c) of Lemma A implies

rj rj0 + pR0

Q

di=1 QT 2pR B 0 QT i i6=j j

2(d1+ 1) B;

thus

H < 1=2B:

Lemma3.6. Let opt modSIR1 (3a) denote the `1-norm of the `1-shortest nontrivial integral solution of (3a). Then, we have

opt modSIR1 (3a) = 1 =) 9Z : Z 6= 0 ^ jZ j H ^ Z 0 (mod pR0 ) ^ 8 Z x^j rj (mod QTj ) 1j d ^ 18jd x^j 2 f0; 1g opt modSIR1 (3a) > =) 8Z : Z 6= 0 ^ jZ j H ^ Z 0 (mod pR0 ) ^ 8 Z x^j rj (mod QTj ) 1j d ) 19jd x^j 62 [?; ] \ Z Proof. First, assume that P opt modSIR1 (3a) = 1 and let x be the corresponding solution of (3a). For Z := dj=1 xj rj we have

Z 6= 0 by (2a), (2c) and since there exists an index j with xj 6= 0, jZ j P H as kxk1 1, Z dj=1 xj rj 0 (mod pR0 ) by de nition and, 8 Z x^j rj (mod QTj ) ^ 8 x^j 2 f0; 1g by (2a) and kxk1 1. 1j d

1j d

In order to show the second implication let us assume it exists Z 6= 0 with

jZ j H ^ Z 0 (mod pR0 ) ^ 18jd Z x^j rj (mod QTj ) ^ 18jd x^j 2 [?; ] \ Z:

To prove the claim we will show the existence of a solution x 2 Zd for dj=1 xj rj 0 (modpR0 ) satisfying 1 kxk1 . P For that we consider a candidate solution x = (x1 ; : : : ; xd ) 2 Zd by setting dj=1 xj rj := Z . Then, by (2a) we have xj rj Z (mod QTj ), 1 j d. We show how to uniquely recover xj (modQTj ) from the given Z . By (2c) and gcd(rj ; QTj ) = 1 we can nd the unique rj? with 1 rj? < QTj satisfying rj rj? 1 (modQTj ), 1 j d, using, e.g., the Extended Euclidean Algorithm. Consequently, we have P

8 xj xj rj rj? Zrj? x^j rj rj? x^j (mod QTj ) with 18jd x^j 2 [?; ] \ Z:

1j d

We now prove that even xj 2 [?; ] \ Z. From the Chinese Remainder Theorem we infer that the system of congruences

Z x^j rj (mod QTj ); x^j 2 [?; ] \ Z; 1 j d has exactly (2 + 1)d solutions in the interval

?1=2B < Z < 1=2B since B := dj=1 QTj . From the inequality H < 1=2B we see that we have at most (2 + 1)d solutions for the system Q

jZ j H; Z x^j rj (mod QTj ); x^j 2 [?; ] \ Z; 1 j d: But it is an easy task to come up with (2 + 1)d distinct solutions, namely those with all xj 2 [?; ] \ Z: These solutions are all distinct by xj rj Z (mod QTj ), for if

Z 0 x0j rj (mod QTj ) 6= Z 00 x00j rj (mod QTj ): This means that we have found all (2 +1)d solutions which, in fact, satisfy xj 2 [?; P] \ Z. Also note that Z 6= 0 if and only if x is not the all-zero vector. Since Z = dj=1 xj rj and Z 0 (mod pR0 ) we have shown that opt modSIR1 (3a) . x0j 6= x00j

then

ut

Lemma 3.7. Let I be the Minimum Good Diophantine Appoximation instance de ned by

0 := p1R0 ; ? j := QrjTj ; 1 j d;

where rj? , 1 rj? < QTj , is the unique inverse of rj (mod QTj ). Then, we have

9Z : Z 6= 0 ^ jZ j H ^ Z 0 (mod pR0 ) ^ 18jd Z x^j rj (mod QTj ) ^ 18jd x^j 2 f0; 1g jZ ? nj Q1T1 =) 9Z : Z = 6 0 ^ jZ j H ^ 08jd min n2Z j 8Z : Z = 6 0 ^ jZ j H ^ Z 0 (mod pR0 ) ^ 18jd Z x^j rj (mod QTj ) ) 19jd x^j 62 [?; ] \ Z =) 8Z : Z = 6 0 ^ jZ j H ) 09jd min jZ ? nj > QT1 n2Z j

Proof. First, assume there exists a Z 6= 0 ; such that: jZ j H ^ Z 0 (mod pR0 ) ^ 18jd Z x^j rj (mod QTj ) ^ 18jd x^j 2 f0; 1g: Obviously, we have Z 6= 0 ^ jZ j H and also by Z 0 (mod pR0 )

min Z1 n2Z pR0 ? n = 0:

Moreover, by (2c) and (a) of Lemma A we infer for 1 j d

^j rj rj rj x x ^ j ? n 1 1 : ? n = min min Z QT ? n = min QT QTj QT1 n2Z j n2Z QTj n2Z j Thus, there exists a denominator Z with the required properties. In order to prove the second implication let us now assume 9Z : Z 6= 0 ^ jZ j H ^ 8 min jZ ? nj QT1 : n2Z j

?

?

0j d

Obviously, again we have Z 6= 0 ^ jZ j H and by (c) of Lemma A we have 1 > ;

pR0 QT1 which together with minn2ZjZ p1R0 ? nj QT1 forces minn2ZjZ p1R0 ? nj = 0: Thus, Z 0 (mod pR0 ): By (a) and (d) of Lemma A it follows that +1 > ; QTj QT1

which together with minn2ZjZ QrjTj ? nj QT1 enforces minn2ZjZ QrjTj ? nj QTj : But this is only possible if Z x^j rj (mod QTj ) ^ x^j 2 [?; ] \ Z; 1 j d: This of course proves the lemma. ut ?

?

Combining the solution equivalence of the systems (1a; 1b) and (3a; 3b) with Lemma 3.6 and Lemma 3.7 yields the desired polynomial-time transformation , since all operations of our reduction can clearly be carried out in time polynomial in jI j. ut

3.2 Hardness of Approximating Diophantine Approximations By piecing together the results of Theorem 4 and Theorem 5, we obtain the following:

Main Theorem 8 Unless NP DTIME(npoly(log n)), there exists no polynomial-time algorithm which on0:5?input 2 Q d and N 2 N + computes a denomi d log nator Q with 1 Q 2 N such that kQ mod Zk1 2log0:5? d 1min kq mod Zk1; qN where is an arbitrary small positive constant.

Corollary 9. Approximating MinGDA1 in polynomial-time within a factor 2log0:5? d for an arbitrary small positive constant is almost NP-hard.

4 The Nonhomogeneous Case To capture the nonhomogeneous case, i.e., the problem MinGNDA1 , we will reduce from a well-suited problem, namely: Minimum Diophantine Equation Solution in `1-norm (MinDES1 ) INSTANCE: An equation x1 a1 + + xnP an = b with a1 ; : : : ; an ; b 2 Z SOLUTION: A vector x 2 Zn such that ni=1 xi ai = b MEASURE: The `1 -norm kxk1 := max1in jxi j of the vector x

Majewski and Havas [13] proved the NP-completeness of MinDES1 in its feasibility recognition form. Using the Parallel Repetition Theorem of Raz [14] and the techniques of Arora et al. [2] it is not dicult to modify the proof of Theorem 4 from [16] such that even the following holds, see [15] for a detailed proof.

Theorem 10. There exists an almost polynomial-time, i.e., DTIME(npoly(log n)) transformation from 3-Sat to Minimum Diophantine Equation Solution in `1 -norm such that, for all instances I ,

I 2 3-Sat =) opt MinDES1 ( (I )) = 1 I 2= 3-Sat =) opt MinDES1 ( (I )) > 2log1? j (I )j;

where is an arbitrary small positive constant.

Adapting the reduction in the proof of Theorem 5 to the nonhomogeneous case, the following can be shown: Theorem 11. There exists a polynomial-time transformation from Shortest Integer Relation in `1 -norm to Minimum Good Nonhomogeneous Diophantine Appoximation in `1 -norm, : I 7! h(a0 =b0; : : : ; ad=bd); ; N i, such that, for all instances I and for all 1, kq ? mod Zk1 b11 opt MinDES1 (I ) = 1 =) 1min qN 1 opt MinDES1 (I ) > =) 1Qmin N kQ ? mod Zk1 > b1 : (For the reduction from the MinDES1 {instance h(a1 ; : : : ; an ; b)i we have to ensure that p0 6 j b. Then, de ning the vector of the instance of Minimum Good Nonhomogeneous Diophantine Approximation in `1 -norm by 0 = b=pR0 ; i = 0 ; i = 1; : : : ; d; admits a straightforward adaption of the proof of Theorem 5.) By the last Theorem and the NP-completeness of MinDES1 we infer: Main Theorem 12 MinGNDA1 is NP-complete (in its feasibility recognition form). Moreover, Theorem 10 and Theorem 11 imply: Main Theorem 13 Unless NP DTIME(npoly(log n)), there exists no polynomial-time algorithm which on input ; 2 Q d and N 2 N + computes a 1? d log denominator Q with 1 Q 2 N such that kQ ? mod Zk1 2log1? d 1min kq ? mod Zk1; qN where is an arbitrary small positive constant.

Corollary 14. Approximating MinGNDA1 in polynomial-time within a factor 2log1? d for an arbitrary small positive constant is almost NP-hard. Acknowledgment We would like to thank Je Lagarias for several helpful comments on possible improvements of this paper.

References 1. S. Arora. Probabilistic Checking of Proofs and Hardness of Approximation Problems. Ph.D. thesis, University of California at Berkeley, 1994. 2. S. Arora, L. Babai, J. Stern and Z Sweedyk. The hardness of approximate optima in lattices, codes and systems of linear equations. In Proc. 34th IEEE Symp. on Foundations of Computer Science, pages 724{730, 1993.

3. S. Arora and C. Lund. Hardness of approximation. In D. Hochbaum (editor), Approximation Algorithms for NP{hard problems, Chapter 11. PWS Publ., 1996. 4. S. Arora, C. Lund, R. Motwani, M. Sudan and M. Szegedy. Proof veri cation and hardness of approximation problems. In Proc. 33rd IEEE Symp. on Foundations of Computer Science, pages 14{23, 1992. 5. G. Ausiello, P. Crescenzi and M. Protasi. Approximate solutions of NP optimization problems. Theoretical Computer Science, Volume 150, pages 1{55, 1995. 6. P. Crescenzi and V. Kann. A list of NP-complete optimization problems. Surveys on complexity, Electronic Colloqium on Computational Complexity, http://www.informatik.uni-trier.de/eccc/, 1996. 7. U. Feige and L. Lovasz. Two-prover one-round proof systems: Their power and their problems. In Proc. 24th ACM Symp. Theory of Computing, pages 643{654, 1992. 8. A. Frank and E . Tardos. An application of simultaneous diophantine approximation in combinatorial optimization. Combinatorica, Volume 7, pages 49{65, 1987. 9. D. R. Heath-Brown. The number of primes in a short interval. J. reine angew. Math., Volume 389, pages 22{63, 1988. 10. D. R. Heath-Brown and H. Iwaniec. On the dierence between consecutive primes. Inventiones math., Volume 55, pages 49{69, 1979. 11. R. Kannan, A. K. Lenstra and L. Lovasz. Polynomial factorization and nonrandomness of bits of algebraic and some transcendental numbers. Math. Comp., Volume 50, pages 235{250, 1988. 12. J. C. Lagarias. The computational complexity of simultaneous diophantine approximation problems. SIAM J. Comput., Volume 14, pages 196{209, 1985. 13. B. S. Majewski and G. Havas. The complexity of greatest common divisor computations. In Proc. 1st International Symposium on Algorithmic Number Theory, pages 184{193. Springer, 1994. LNCS 877. 14. R. Raz. A parallel repetition theorem. In Proc. 27th ACM Symp. Theory of Computing, pages 447{456, 1995. 15. C. R}ossner and J.-P. Seifert. The complexity of approximate optima for greatest common divisor computations. In Proc. 2nd Algorithmic Number Theory Symposium, pages ?{? Springer, 1996. LNCS. 16. C. R}ossner and J.-P. Seifert. On the hardness of approximating shortest integer relations among rational numbers. In Proc. CATS'96 (Computing: The Australasian Theory Symposium), pages 180{186, 1996. 17. C. P. Schnorr. Factoring integers and computing discrete logarithms via diophantine approximations. AMS DIMACS Series in Disc. Math. and Theoretical Comp. Science, Volume 13, pages 171{181, 1993. 18. A. Schoenhage. Factorization of univariate integer polynomials by diophantine approximation and an improved basis reduction algorithm. In 11th ICALP, pages 436{447. Springer, 1987. LNCS 172. 19. P. van Emde Boas. Another NP-complete partition problem and the complexity of computing short vectors in a lattice. Technical Report 81-04, Math. Inst., University of Amsterdam, 1981.

Appendix We will prove that for suitable choices of T we can nd in O(n50 ) bit operations an interval containing d prime numbers Q1 ; : : : ; Qd satisfying the conditions (a)-

(d) of Lemma A. Proof. (of Lemma A) Let n := jI j denote the length of the given SIR1 instance I , i.e., the vector a = (a1 ; : :Q: ; ad) 2 Zd. Obviously, n d. As the binary length of di=1 ai is bounded by dn, this product has at most dn n2 distinct prime factors. Therefore, p0 will be one of the rst (n2 + 1) primes which can be found by a brute force trial division in O(n4 ) bit operations. Using n and the speci c choice of p0 and R we have d X 2 2 2 23n 2n +1 2log 2n log d 2n +1 jaj j pR0 : j=1 2 T Hence, setting T := 4n ; guarantees Q1 4(d + 1)pR0 , i.e., condition (c) holds. In order to nd a set of primes fQ1; : : : ; Qdg satisfying the remaining conditions of Lemma A we invoke the following primitive search routine:

for every x = 1; 2; if [1=T x; ( + 1)1=T x] =: Ix contains d + n2 + 1 distinct primes then stop; If this search stops with x, we are guaranteed that for this choice of x at least Q d primes in Ix satisfy the condition (b) since p0 di=1 ai has at most n2 +1 distinct

prime factors. Moreover, the conditions (a) and (d) are satis ed by selecting the suited primes in the interval Ix . The main diculty is now to prove that the above search routine performs at most nk bit operations for some k 2 N . Thus, we must give an upper bound for the value of x for which the search algorithm stops. We use the following number-theoretic result on the number of primes in a short interval. Theorem [10, 9]. For each > 2011 there exists a constant x such that the interval [x; x + x ] contains for all x > x a prime. From n, we derive +1 1 1 1 1 1=T ( +1 ) 1 + ln( ) T 1 + 2 4n2 1 + 8n3 : 20

Setting x := n1=T ; we infer

20 20 1 17 1=T 20 Ix = [1=T x; ( + 1)1=T x] = [n20 ; ( +1 ) n ] [n ; n + 8 n ]: For the choice of := 35 the above Theorem guarantees that we can nd in the interval [n20 ; n20 + n12 ] a prime, if n is suciently large. Since we can locate in the interval [n20 ; n20 + n17 ] all the intervals of the form [n20 + i n12 ; n20 + (i + 1) n12 ]; i = 0; : : : ; n5 ? 1; we will be able to nd at least n5 distinct primes. As the primality of each number x in Ix can be tested in O((x3=2 +xn2 )(log x)2 ) bit operations, the above search routine uses at most O(n50 ) bit operations. ut

This article was processed using the LaTEX macro package with LLNCS style

Recommend Documents

Simultaneous Approximations for Adversarial and Stochastic Online ...

Simultaneous Diophantine Approximation in Non-degenerate p-adic ...

GOOD DESIGN IS GOOD BUSINESS.