%
% This is the LaTeX template file for lecture notes for CS294-8,
% Computational Biology for Computer Scientists.  When preparing 
% LaTeX notes for this class, please use this template.
%
% To familiarize yourself with this template, the body contains
% some examples of its use.  Look them over.  Then you can
% run LaTeX on this file.  After you have LaTeXed this file then
% you can look over the result either by printing it out with
% dvips or using xdvi.
%
% This template is based on the template for Prof. Sinclair's CS 270.

%\documentclass{article}
\documentclass[]{article}
%\usepackage[a4paper, total={7in, 8in}]{geometry}
\usepackage{layout}
\usepackage[usenames,dvipsnames,svgnames,table]{xcolor}
\definecolor{darkgreen}{rgb}{0.0,0,0.9}
\usepackage[colorlinks=true,pdfpagemode=UseNone,citecolor=OliveGreen,linkcolor=BrickRed,urlcolor=BrickRed,
%pagebackref,
pdfstartview=FitW]{hyperref}

\usepackage{graphics,amsmath,amsthm,thmtools,amssymb,tikz,mathtools, algorithm, algpseudocode}

\usepackage[capitalize]{cleveref}
%\usepackage[backref=true, backend=biber, isbn=false, url=true, firstinits=true, maxnames=20, style=alphabetic,]{biblatex}
\usepackage{paralist}
%\usepackage{pgfplots}
%\usepackage{xspace}
\usepackage{natbib}
\usetikzlibrary{calc}

\setlength{\oddsidemargin}{0 in}
\setlength{\evensidemargin}{0 in}
\setlength{\topmargin}{-0.6 in}
\setlength{\textwidth}{6.5 in}
\setlength{\textheight}{8.5 in}
\setlength{\headsep}{0.75 in}
\setlength{\parindent}{0 in}
\setlength{\parskip}{0.1 in}

%\advance\hoffset by -3mm  % A4 is narrower.
%\advance\voffset by  8mm  % A4 is taller.
%\setlength{\footskip}{1cm}

\def\X{b}
\def\tX{\tilde{b}}
\def\mX{B}
\def\tmX{\tilde{B}}
%\def\bone{{\bf 1}}
%\def\N{\mathbb{N}}
%\def\R{\mathbb{R}}
\def\mP{\mathbb{P}}
\def\mE{\mathbb{E}}
\def\mI{\mathbb{I}}
%\def\cT{{\cal T}}
%\def\cB{{\cal B}}
\def\reff{\textup{Reff}}
%
% The following commands set up the lecnum (lecture number)
% counter and make various numbering schemes work relative
% to the lecture number.
%
\newcounter{lecnum}
\renewcommand{\thepage}{\thelecnum-\arabic{page}}
%\renewcommand{\thesection}{\thelecnum.\arabic{section}}
\renewcommand{\thesection}{\arabic{section}}
%\renewcommand{\theequation}{\thelecnum.\arabic{equation}}
\renewcommand{\theequation}{\thesection.\arabic{equation}}
\renewcommand{\thefigure}{\thesection.\arabic{figure}}
\renewcommand{\thetable}{\thesection.\arabic{table}}
\newcommand{\PP}[2]{\mP_{#1}\left[#2\right]}
\newcommand{\weight}[1]{w(#1)}
\renewcommand{\P}[1]{\mP\left[#1\right]}
\newcommand{\I}[1]{\mI\left[#1\right]}
\newcommand{\E}[1]{\mE\left[#1\right]}
\newcommand{\EE}[2]{\mE_{#1}\left[#2\right]}
\newcommand{\norm}[1]{\|#1\|}
\newcommand{\therank}{{\mathsf{rank}_{1-\eps}}}
\newcommand{\cutcone}{{\textsf{CutCone}}}
\newcommand{\mincut}{{\textsf{Min-Cut}}}
\newcommand{\sparcut}{{\textsf{SparsestCut}}}
\newcommand{\scut}{{\textsf{SC}}}
\newcommand{\LR}{{\textsf{LR}}}
\DeclareMathOperator{\trace}{Tr}
\DeclareMathOperator{\vol}{vol}
\DeclareMathOperator{\sspan}{span}

\newcommand{\algorithmautorefname}{Algorithm}
\newcommand{\xmod}[1]{\ (\mathrm{mod}\ #1)}

\newcommand{\np}{\textsf{NP}}
%\newcommand{\nph}{\ensuremath{\mathsf{NP}}-\ensuremath{\mathsf{Hard}}\xspace}
%\newcommand{\npc}{\ensuremath{\mathsf{NP-Complete}}\xspace}

\newcommand{\ds}{\displaystyle}
\newcommand{\den}{\texttt{den}}
\newcommand{\dash}[1]{{#1}'}
\renewcommand{\qedsymbol}{\ensuremath{\blacksquare}}

%
% The following macro is used to generate the header.
%
\newcommand{\handout}[5]{
   \renewcommand{\thepage}{#1-\arabic{page}}
   \noindent
   \begin{center}
   \framebox{
      \vbox{
    \hbox to 6.35in { {\bf CS760 Topics in Computational Complexity}
     	 \hfill #2 }
       \vspace{4mm}
       \hbox to 6.35in { {\Large #5  \hfill} }
       \vspace{2mm}
       \hbox to 6.35in { {\it #3 \hfill #4} }
      }
   }
   \end{center}
   \vspace*{4mm}
}

\newcommand{\lecture}[5]{\handout{#1}{#2}{Lecturer:
#3}{Scribe: #4}{Lecture #1: #5}}


\makeatletter
\def\fnum@figure{{\bf Figure \thefigure}}
\def\fnum@table{{\bf Table \thetable}}
\long\def\@mycaption#1[#2]#3{\addcontentsline{\csname
  ext@#1\endcsname}{#1}{\protect\numberline{\csname
  the#1\endcsname}{\ignorespaces #2}}\par
  \begingroup
    \@parboxrestore
    \small
    \@makecaption{\csname fnum@#1\endcsname}{\ignorespaces #3}\par
  \endgroup}
\def\mycaption{\refstepcounter\@captype \@dblarg{\@mycaption\@captype}}
\makeatother



%Use this command for a figure; it puts a figure in wherever you want it.
%usage: \fig{NUMBER}{SPACE-IN-INCHES}{CAPTION}
\newcommand{\fig}[3]{
			\vspace{#2}
			\begin{center}
			Figure \thelecnum.#1:~#3
			\end{center}
	}
% Use these for theorems, lemmas, proofs, etc.
%\newtheorem{theorem}{Theorem}[lecnum]
\newtheorem{theorem}{Theorem}[section]
\newtheorem{lemma}[theorem]{Lemma}
\newtheorem{fact}[theorem]{Fact}
\newtheorem{problem}[theorem]{Problem}
\newtheorem{notation}[theorem]{Notation}
\newtheorem{proposition}[theorem]{Proposition}
\newtheorem{claim}[theorem]{Claim}
\newtheorem{corollary}[theorem]{Corollary}
\newtheorem{example}[theorem]{Example}
\newtheorem{definition}[theorem]{Definition}
\newtheorem{remark}[theorem]{Remark}
%\newtheorem{item}[theorem]{Item}
%\newtheorem{equation}[theorem]{Equation}
\newenvironment{proofof}[1]{\textcolor{BrickRed}{\em Proof of #1.}}{\hfill%\rule{2mm}{2mm}
\qed}
\newenvironment{proofsk}[1]{\textcolor{BrickRed}{\em Proof Sketch for #1.}}{\hfill%\rule{2mm}{2mm}
%\newenvironment{proofof}[1]{{\em Proof of #1.}}{\hfill%\rule{2mm}{2mm}
\qed}

\newcommand{\bigO}{\mathcal{O}}

\usepackage{a4,geometry}

\begin{document}
\lecture{4}{13 August 2024}{Prof. Rohit Gurjar}{Arnav (210050018)}{$\mathsf{PRIMES}\in\mathsf{NP}$; NTM definition of $\mathsf{NP}$}

\section{Proof of Pratt's Theorem}
\subsection{Lucas' Primality Test}
\begin{theorem}
    $p$ is prime iff $\exists z$
    \begin{itemize}
        \item $z^{p-1} \equiv 1 \xmod{p}$ and
        \item $\forall r<p-1 \:: z^r \not\equiv 1 \xmod{p}$
    \end{itemize}
\end{theorem}
The latter condition is equivalent to
    $$\text{for each prime factor }q\text{ of }p - 1\text{, }z^{(p-1)/q} \not\equiv 1 \xmod{p}$$
(since if for some $r < p-1$ we have $z^r \equiv 1 \xmod{p}$ then $r | (p-1)$ and thus (since $r < (p-1)$) for some prime factor $q$ of $p-1$, $r | \frac{p-1}{q}$ and hence $z^{(p-1)/q} \equiv 1 \xmod{p}$)
\subsection{Proof of Lucas' Primality Test}
\begin{claim}\label{claim:1}
If $p$ is prime then $\forall z \not\equiv 0\xmod{p}$ we have $z^{p-1}\equiv 1\xmod{p}$.
\end{claim}
\begin{proof}
    We work in $\mathbb{Z}_p$. We first note that since $z\not\equiv 0$,
    $$\left\{z\cdot i \middle| i\in\mathbb{Z}_p\right\} = \mathbb{Z}_p$$
    (If possible let $a\not\equiv b$ be st $za\equiv zb \implies z(a-b)\equiv 0 \implies a-b\equiv 0$ since $z\neq 0$, a contradiction!)

    Now consider $y = z^{p-1}\cdot 1\cdot 2\cdot 3\cdot (p - 1)$. By the above result we must have
    \begin{align*}
        z^{p-1}\cdot 1\cdot 2\cdot 3\cdot (p - 1) &\equiv 1\cdot 2\cdot 3\cdot (p - 1)
    \end{align*}
    Since, $1\cdot 2\cdot 3\cdot (p - 1)\not\equiv 0$ and $p$ is prime, hence it has a multiplicative inverse in $\mathbb{Z}_p^*$. Thus we conclude that
    $$z^{p-1} \equiv 1$$
\end{proof}

\begin{claim}
    If $p$ is prime then $\forall z \not \equiv 0 \xmod{p}$ and $k\geq 1$, we have $z^{p^{k-1}(p-1)} \equiv 1 \xmod{p^k}$
\end{claim}
\begin{proof}
    We proceed by induction.
    \begin{description}
        \item[Base case $k = 1$:] Proven above
        \item[Inductive step $k \geq 2$:]
            If possible let $k \geq 2$ be such that
                        $$z^{p^{k-2}(p-1)} \equiv 1\xmod{p^{k-1}}$$
            Then $z^{p^{k-2}(p-1)} = 1 + mq^{k - 1}$ and
            \begin{align*}
                z^{p^{k-1}(p-1)} &= \left(1 + mp^{k - 1}\right)^p \\
                &= 1 + \sum\limits_{i = 1}^{q - 1}\binom{p}{i}m^ip^{i(k-1)} + m^pp^{p(k-1)}
            \end{align*}
            Note that in each term of the sum, power of $p$ is $\geq k$. Thus for some $m'$
            \begin{align*}
                z^{p^{k-1}(p-1)} = 1 + m'p^k
            \end{align*}
            and we get $z^{p^{k-1}(p-1)} \equiv 1 \xmod{p^k}$.
    \end{description}
    Thus by principal of mathematical induction, the assertion holds for all $k \geq 1$.
\end{proof}

Now we prove one direction of the statement.
\begin{theorem}
    If $q$ is not prime then for all $z$ there exists $r<q-1$ such that
    $$z^r \equiv 1 \xmod{q}$$
\end{theorem}
\begin{proof}
    Let $q$ have a prime factorisation $p_1^{n_1}p_2^{n_2}\ldots p_k^{n_k}$.
    Then we have for each $z$
    \begin{align*}
        z^{p_i - 1} &\equiv 1 \xmod{p_i} \\
        \implies z^{p_i^{n_i-1}(p_i - 1)}  &\equiv 1 \xmod{p_i^{n_i}} \\
        \implies z^{\prod\limits_{i=1}^kp_i^{n_i-1}(p_i - 1)}  &\equiv 1 \xmod{p_i^{n_i}}
    \end{align*}
    and since all the $p_i^{n_i}$'s are coprime, we then get
    \begin{align*}
        z^{\prod\limits_{i=1}^k p_i^{n_i-1}(p_i - 1)} &\equiv 1 \xmod{q}
    \end{align*}
    Exponent on LHS is $< q - 1$ for composite $q$, so we are done.
\end{proof}

Let $O_p(z)$ represent the smallest nonzero power (order) of $z$ that is $\equiv 1 \xmod{p}$.
\begin{claim}
    For prime $p$, if we have $z_1, z_2$ st $r_1 = O_p(z_1), r_2 = O_p(z_2)$ with $\textsc{gcd}(r_1, r_2) = 1$ then $O_p(z_1z_2) = r_1r_2$.
\end{claim}
\begin{proof}
    By definition of order we must have $\left(z_1z_2\right)^{r_1r_2} \equiv 1 \xmod{p}$.
    
    If possible let $\exists r, 0 < r < r_1r_2$ st $\left(z_1z_2\right)^r \equiv 1 \xmod{p}$.

    Let us write
    \begin{align*}
        r = m_1r_1 + n_1 = m_2r_2 + n_2
    \end{align*}
    for some $0\leq n_1<r_1, 0\leq n_2<r_2$.
    
    Now $n_1$ and $n_2$ can't both be zero since $\textsc{gcd}(r_1, r_2) = 1$. If $n_1 = 0$ then $1\equiv \left(z_1z_2\right)^r \equiv z_2^{n_2} \xmod{p}$, a contradiction since $n_2 < r_2$. So we must have $n_1>0, n_2>0$.

    Thus
    \begin{align*}
        z_1^{n_1}z_2^{n_2} &\equiv 1 \xmod{p}
    \end{align*}
    Raising to $r_1$, we get
    \begin{align*}
        z_1^{n_1r_1}z_2^{n_2r_1} &\equiv 1 \xmod{p} \\
        \implies z_2^{n_2r_1} &\equiv 1 \xmod{p}
    \end{align*}
    Thus we must have $r_2 | n_2r_1$, and since $r_1, r_2$ are coprime,
    \begin{align*}
        r_2 | n_2
    \end{align*}
    which is a contradiction since $0 < n_2 < r_2$. Hence $O_p(z_1z_2) = r_1r_2$.
\end{proof}

\begin{claim}
    For prime $p$, let $r$ be the maximum order among elements of $\mathbb{Z}_p^*$. Then
    $$\forall z, \: z^r \equiv 1 \xmod{p}$$
\end{claim}
\begin{proof}
    Let $z$ be such that $O_p(z) = r$.

    If possible let there be a $z'$ with order $r' < r$ st $z^r \not\equiv 1 \xmod{p}$.

    Let $w = \textsc{gcd}(r, r')$. Let $\tilde{r} = \frac{r'}{w}$ ($\tilde{r} > 1$ since $r' < r$). Then we must have $\textsc{gcd}(r,\tilde{r}) = 1$.
    
    Consider $\tilde{z} = z'^w$. Then $O_p(z) = r, O_p(\tilde{z}) = \tilde{r}$. Thus using the preceding result,
    \begin{align*}
        O_p(z\tilde{z}) = r\tilde{r} > r,
    \end{align*}
    a contradiction. Hence the assertion holds.
\end{proof}

Now we prove the reverse direction.
\begin{theorem}
    If $p$ is prime, $\exists \: z \: O_p(z) = p - 1$.
\end{theorem}
\begin{proof}
    Let $r$ be the maximum order among elements of $\mathbb{Z}_p^*$. Then the polynomial $z^r - 1$ has at most $p-1$ distinct roots. Hence $r \geq p - 1$. We also know that order $\leq p - 1$. Hence $r = p-1$ and thus some element of $\mathbb{Z}_p^*$ has order $p-1$.
\end{proof}

\subsection{Proof of size of certificate}
For a prime $p$, the Pratt certificate lists the prime factors of $p-1$ and the witness $z$ that satisfies Lucas' test for $p$. Adjoined to this are the certificates for the listed prime factors (2 is a special case and does not require a certificate).
\begin{theorem}
    The Pratt certificate for a prime $p$ is of size $\bigO(\log_2(p))$.
    \footnote{\href{https://epubs.siam.org/doi/epdf/10.1137/0204018}{Pratt, V. R. (1975) 'Every Prime Has A Succint Certificate', \textit{SIAM Journal on Computing}, 4(3)}}
\end{theorem}

\section{Nondeterministic Turing Machines and $\mathsf{NP}$}

\begin{definition}
    A Nondeterministic Turing Machine is a tuple $N = \langle Q, \Gamma, b, \Sigma, \delta, q_0, F\rangle$ where
    \begin{itemize}
        \item $Q$ is a finite non-empty set of states,
        \item $\Gamma$ is a finite non-empty set of tape symbols,
        \item $b\in\Gamma$ is the blank symbol,
        \item $\Sigma \subseteq \Gamma\setminus b$ is the set of input symbols,
        \item $q_0 \in Q$ is the initial state,
        \item $F\subseteq Q$ is the set of accepting states, and
        \item $\delta: (Q\setminus F) \times \Gamma \rightarrow \mathcal{P}\left(Q\times\Gamma\times\{L, R\}\right)$ is the transition function.
    \end{itemize}
Here the  function $\delta$ takes the current state and the current tape symbol  and outputs a \emph{set} of possible transitions. 
%
Each possible transition describes the new state, the new symbol written at the head, and the movement of the head. 
%
At any step, the non-deterministic TM can choose any transition from the set of transitions given by $\delta$. 
%
That means for a given input an NTM has multiple possible computation paths (possibly exponential in the number of steps). 


    A language $L\subseteq\Sigma^*$ is said to be accepted by an NTM $N$ when
    $$x\in L \iff \exists \text{ computation path in }N\text{ with input }x\text{ halting in }F$$
\end{definition}

An NTM $N$ is said to be polytime if $\exists$ polynomial $p:\mathbb{N}\rightarrow\mathbb{N}$ such that for all inputs $x$, $N$ halts  in at most $ p(|x|)$ steps on all computation paths.

\begin{theorem}
    A language $L\subseteq \{0,1\}^*$ is in $\mathsf{NP}$ iff there exists a polytime NTM $N$ accepting $L$.
\end{theorem}
\begin{proof}
    \begin{itemize}
        \item[\underline{$L\in\mathsf{NP}\stackrel{?}{\implies} \exists\:N$}]
        Since $L\in\mathsf{NP}$, there exists verifier DTM $V$ and a polynomial bound $q$ on size of the certificate.
        We construct an NTM $N$ that on input $x$ does the following:
        \begin{enumerate}
            \item $N$ first nondeterministically writes a size $q(|x|)$ certificate to the tape.
            \item Then it runs $V$ on the resulting tape.
        \end{enumerate}
        The first step takes time $\bigO(q(|x|))$.
        
        If $x\in L$, then for some $c\in\{0,1\}^{q(|x|)}$, $V$ will halt and accept in polynomial time by definition. Thus $N$ is a polytime NTM accepting $L$.

        \item[\underline{$\exists\:N\stackrel{?}{\implies}L\in\mathsf{NP}$}]
        Let $p$ be the polynomial bounding the number of transitions taken by polytime NTM $N$ for any accepted input.
        
        For an input $x\in L$, consider the accepting run of $N$. This can be encoded as a sequence of choices made, one at each transition, by $N$. Let us encode this in $\{0,1\}^*$ as $c$; it will have size $p(|x|)$ with appropriate padding.

        Now we construct a DTM $V$ that takes an input $x$ and a certificate $c$ and simulates $N$ on the input $x$ until atmost $p(|x|)$ steps, taking a single transition at each step according to what is encoded in $c$ (if encoding is invalid or $N$ halts then $V$ halts and rejects).

        If $x\in L$ then using the certificate described before, $V$ halts and accepts in polynomial time in $|x|$.

        OTOH if $x\notin L$ then there cannot be an accepting run in $N$, so no certificate can cause $V$ to halt and accept.
    \end{itemize}
\end{proof}

\end{document}