 This lecture is part of Berkeley Math 115, an introductory undergraduate course on number theory. And today I'll be discussing more on numerical calculation. So the first problem I'm going to look at is the following problem. How do we solve x squared is conglant to minus 1 modulo p? P is a prime and we saw earlier that the prime has a square root of minus 1 if and only if p is conglant to 1 modulo 4 or I guess p equals 2, which is kind of trivial, so we will ignore that. And we saw how to solve this in an earlier lecture. We saw that we can get a solution x is equal to p minus 1 over 2 factorial using Wilson's theorem. So we have the rather curious identity that if you write i for the square root of minus 1, then we find i is equal to p minus 1 over 2 factorial, which looks a bit weird, but whatever. And you might think, well, there we've solved the problem. The trouble is this formula is useless, almost useless. The problem is that if p is large, this takes a lot of effort to calculate directly. If p is a billion, we're going to have to do a billion different multiplications to get this. And this is obviously far too slow for large p. So we want to know, can we find a faster method? So here's an example of a faster method. Let's pick a number b. And I'm not going to tell you how we're going to pick b yet. We'll have to discuss that later. And let's put a equals b to the p minus 1 over 2 modulo p. And you know, this is very fast to calculate because we can work out powers modulo a number very quickly as we saw earlier. And then we notice that a squared is b to the p minus 1, which is plus 1 modulo p. So a is congruent to plus or minus 1 modulo p. That's because the number 1 only has two square roots modulo p because there are no zero divisors. You remember modulo some other numbers, the number 1 can have a rather disturbing large number of square roots. But that problem doesn't arise if p is prime. So if a is equal to minus 1 mod p, then we're done. Because we can now look at b to the p minus 1 over 4 squared is now a, which is equal to minus 1. So we now have a solution b to the p minus 1 over 4 has square minus 1. So all we've got to do is solve a problem. How to choose b so that b to the p minus 1 over 2 is congruent to minus 1 and not plus 1. And there's a very easy way of doing this, which is to guess at random. So you're always told that it's a really bad idea to try and solve a problem by random guessing. But in computational number theory, it's actually quite a good method. The point is each guess has, well, you might say, you know, this number could be either 1 or minus 1. And it's reasonable to assume that it's takes the answer 1 and minus 1 equally often. And we'll see that this is in fact true a bit later. So each guess is approximately a 50% chance to work. So it's it's like tossing a coin and you keep on tossing the coin until heads turns up. And, you know, if you do this, it doesn't take very long to get heads. It takes an average of about two tosses, depending on how biased your coin is. Unless as long as there really is a 50% chance. So so so this gives gives an algorithm to to find a square root of minus 1. You just keep guessing numbers B and working at B to the P minus 1 over 2 until you get minus 1. And then you know B to the P minus 1 over 4 is a solution. It's a bit of a problem to ask how fast is this. And this is a bit tricky because calculating B to P minus 1 over 4 is really fast. This is polynomial time. If we've got B to the P minus 1 over 2, that is just polynomial time in the length of the input. However, the number of guesses might be bounded by a prop about P, maybe P over 2 or something. I mean, turns out that half of all numbers work. So so you only need to check P over 2. But this is going to give you exponential time. So if you're really unlucky with your guesses and just kept on guessing more and more numbers that didn't work, it might take an absurdly long time to calculate this. So the worst case of this algorithm is exponential time. Actually, you can do better than that if you don't guess entirely at random, but that's that's getting rather complicated. However, the average case is just polynomial time. In fact, as I said, the average number of guesses you need to make, if you choose these numbers B at random, is about 2. So the average time is just 2 times polynomial time, which is, of course, just polynomial time. So this sort of problem is quite common in computational number theory. There are actually quite a few probabilistic algorithms which in practice are very fast, but it's kind of difficult to actually prove they're fast because of this probabilistic aspect to them. So let's just see an example of this. Let's solve x squared is congruent to minus 1 modulo 41. So we know 41 is equal to 4 times 10 plus 1. So we pick B and form B to the 10, where 10 is P minus 1 over 4. And if it is plus or minus 1, we have sort of failed because all we've done is we found one of the square roots of 1. If not, it is a square root of minus 1. So we now just start this. What will be, shall we start? Let's just pick B equals 2. We might as well pick the smallest non-trivial one. Obviously, B equals 1 is a bit of a waste of time. That's not going to work. So we work out 2 to the 10 modulo 41. Well, 2 to the 10 is congruent to minus 1 mod 41. So we have failed. We have not managed this. This is not a square root of minus 1. Well, we don't give up. Let's try B equals 3. So 3 to the 10 modulo 41 is congruent to 9. So 9 is a square root of minus 1 mod 41. In fact, even by 9 squared is 81. It's congruent to minus 1 mod 41. So it just took two guesses. By the way, that's what a computer would do. If you were a human, not a computer, you might notice that this step here we could have actually stopped if we wanted. Because this number 10 happens to be even. And we found 2 to the 10 is minus 1. This means 2 to the 5 squared is congruent to minus 1. So in fact, 2 to the 5, which is 32, would give us a square root of minus 1. So if we were really paying attention during this calculation, we could have actually shortened it a bit there. As you will see, this idea turning up a little bit later on in a different context. So another important algorithm is Euclid's algorithm. I'm not going to discuss this because I discussed it in an earlier lecture. So the problem of solving linear equations and finding greatest common divisors has a really fast solution. As I mentioned earlier, there is actually a slightly faster version of Euclid's algorithm that doesn't involve long division, but only division by 2. So it's a sort of Russian peasant form of Euclid algorithm. Instead of doing long division, you just keep dividing by 2. But anyway, what I'm going to do now is some algorithms to test if x is prime. So how can we do this? Well, the first thing is to test all factors less than the square root of x. And the trouble is this is OK for x up to a few hundred by hand, or x up to a few trillion by computer. But it's really pretty slow in general because it takes about root of x steps. And each step we should probably multiply by log of x or something because it takes some time to do this. And this is actually exponential time. You remember exponential time means exponential in the number of digits needed to write x, not in the number x itself. So exponential time algorithms are sort of OK for small input, but not for big input. So what I want to do is to give some examples of faster algorithms. And the simplest one is let's try and write x as a difference of squares. So we're going to write x is equal to a squared minus b squared. And if we can do that, then we've factored x because we can just write this as a minus b times a plus b. And this method was actually used by Fermat to factorise a few numbers. And let's see an example of it. Well, you might say, how are you going to write x as a difference of two squares? Well, you can sometimes do this quite quickly. So let's try x equals 7 3 1 3. And what we do is we pick a square slightly larger than x. So let's have a look. If you try 85 squared is 7 2 2 5. Well, that's a bit small. So we try 86 squared is 7 3 9 6. Well, that's a little bit bigger. But 7 3 9 6 minus 7 3 1 3 is 83. And this is not a square. So that's no good. And then we go to 87 squared. And 87 squared is 7 5 6 9. And now the difference is 7 5 6 9 minus 7 3 1 3 is equal to 256. Now this is now 16 squared. So now we've factorised x. x is equal to 87 plus 16 times 87 minus 16, which is 103 times 71. Well, that sort of worked. But you may be a bit suspicious of this algorithm. You know, it seems to be that we had to be a little bit lucky that this was a square. And you may wonder if I sort of faked this example by choosing something that works easily. And now it says, yes, I did fake it a bit. And the trouble with this method is it sometimes works really well, but it sometimes doesn't. It works best if x is equal to a is equal to 2 numbers a times b with a and b very close. Because if these are very close, then x is equal to a plus b over 2 squared minus a minus b over 2 squared. And if a and b are very close, this will be very small. So this number won't be much bigger than x. And we will hit it fairly quickly by looking at the first few squares. So this sometimes works very quickly, but sometimes doesn't. You may think it works quite well with the first method where we just test all primes up to the square root of x. Because you might say, well, if x is a small prime factor, then we're going to find it with test one. And if both prime factors of x are very big near the square root of x, then we will find it using method two. Unfortunately, for most numbers, they don't want more than one or two very small prime factors. And the other prime factors tend to be rather different from each other. So a typical very large number with hundreds of digits will have one would guess it's going to have one very small prime factor, maybe two, three, or five. And then it will have something with two or three digits. And then it might have something with five digits. And then the next factor might have 10 or 15 digits and so on. So the number of digits in each prime tends to increase quite rapidly. And this method simply doesn't work very well for most numbers because their prime factors are increasing too rapidly. There's one way you can speed this up quite a lot. It turns out there are several congruent conditions that these numbers have to satisfy, as we will see when we discuss quadratic reciprocity later on. So you can, in fact, speed up this method by a factor of many thousands by using various congruent conditions. And this gives some factorization methods called sieving methods, which used to be used quite a bit in the days before digital computers. And people would actually build mechanical sieving devices to factorize numbers. But as I said, that would be easier to discuss later on. So now I want to discuss a bit more about testing if x is prime. Well, we've got this really slow method. You can just test lots of factors of x. And this will work eventually, but it's pretty slow. And we had another faster method. We take a look at a to the m minus 1 and ask, is this congruent to 1 modulo m? And we saw the answer was, if no, this implies m is not prime. And if it's yes, this implies who knows. m is probably prime, but it might be a Carmichael number. For instance, it might be 561. And there are an infinite number of numbers with this funny property. So what I'm going to do now is explain how to have an improved version of this test. So suppose a to the 2n is congruent to 1 modulo m. And if m is prime, this implies that a to the n squared is congruent to 1. So a to the n is congruent to plus or minus 1. So what we can do is, if we've got a to the m minus 1 is congruent to 1, we can look at a to the m minus 1 over 2 and see if that's plus or minus 1. And if it isn't, then m is not prime. And we could even look at a to the m minus 1 over 4 if m happens to be 1 mod 4 and so on. So as an example, let's test the Carmichael number 561 to see if it is prime. And of course, we know it isn't prime. It's divisible by 3 for heaven's sake. But this is just to show you how the method works. So what we do is we take 561 minus 1, which is 560. And we write this as 2 to the 4 times 35. So we take out the highest power of 2 in the number p minus 1. So here we're, I guess we shouldn't call it p because it's not prime in m minus 1. And now we pick a random number, b. And we're going to look at powers of b. And I'm going to take b equals 2 because it's the smallest number. And what we do is we now compute 2 to the 35 modulo 561. So 35 is the biggest odd factor of m minus 1. And 2 is our random number b. And we work this out. And we find 2 to the 35 is congruent to, well, let's just compute it using the Russian peasant exponentiation method we compute 2 to the 1, 2 to the 2, 2 to the 4, and so on. And we find these are congruent to 2, 4, 16, 256, 460, and 103 modulo 561. And now you remember, we write 35 in binary as 35 is equal to 2 to the 5 plus 2 plus 1. So 2 to the 35 is congruent to 103 times 4 times 2, which is congruent to 263 modulo 561. And you think, well, what does that tell you? Well, it doesn't tell us anything very much yet. What we now do is we keep squaring this. So we now take 2 to the 35 squared, which is 2 to the 17. Now we just square this. So this is equal to 263 squared, which is congruent to 166. Well, that's still no good. It doesn't tell us anything. So we now work out 2 to the 70 squared, which is congruent to 2 to the 140, which is 166 squared, which, if I've calculated it right, is congruent to 67 mod 561. OK, well, we just keep going. 2 to the 140 squared is now 67 squared, which is actually congruent to 1. So this is 2 to the 280. So 2 to the 560 would be 2 to the 280 squared, which is 1 squared, which is congruent to 1. So since it was a Carmichael number, we already knew that 2 to the 560 was congruent to 1, but we don't actually need this. And now let's look at our calculation. The key point is this bit here. We have found square root of 1 that isn't minus 1. So 67 is square root of 1 not equal to plus 1 or minus 1. Well, this shows that 561 is not a prime, because if a squared is congruent to 1 modulo p for p of prime, then a must be congruent to plus or minus 1. So by doing this refined form of the test, we can sometimes detect that Carmichael numbers are prime. So let's just write out what the test does in general. So to test m to c to c if it's prime, what we do is we put m minus 1 is equal to 2 to the c times d, where d is odd. And now we pick some random number b and we find b to the power of d modulo m. And then we just calculate the squares of this. So we form b to the d squared mod m and b to the d to the 4 mod m until we get up to b to the d times 2 to the c mod m. So this is just b to the m minus 1. And now we take a look at these. And we can see if it's not 1, then the number is not prime. The number m is not prime. So suppose it's 1, then we look at the next one before it. And if it's 1, then we just continue. If it's not plus or minus 1, then this is not prime. Because this number here would be a square root of 1. So it'd have to be plus or minus 1 if number m is prime. So if it's not plus or minus 1, we give up. If it's minus 1, we're stuck. We don't know what the answer is. If it's 1, you continue to the next one and see. So if this one is not plus or minus 1, then the number is not prime. And if it's minus 1, we have to give up. We don't know what the answer is. And if it's 1, you just keep going. So this will quite often work for even four Carmichael numbers and tell you whether the number is prime or not. Of course, it's possible that all these numbers here might be equal to 1, in which case you just can't tell whether the number is prime or not. Or this one might be minus 1 and all the others might be 1 or something like that. So if ever one of these is minus 1, then we're kind of a bit stuck. But that's sort of unlikely. I mean, most of the time, this will tell you that number isn't prime if it's not prime. OK, next, we're going to do some more methods for factorizing numbers. But I'll leave those for the next video.