Solving nonlinear Diophantine equations such as (8+3n)m = 11? - algorithm

Are there any efficient algorithms that could be used to generate all integer solutions to equations such as the ones below?
(8+3n)m = 11 | n ∈ {0,1}, m ∈ ℤ+
(5+(7+3x+2y)a+3z)b = 30 | x,y,z ∈ {0,1}, a,b ∈ ℤ+
Ideally I would like to be able to generate the set of all valid integer values for n,m and a,b,x,y,z respectively. At the very least I would like a way of testing if the equations are solvable at all. Given that these equations are nonlinear I would imagine that typical methods used to solve simple Diophantine equations would fail here.
I would really appreciate any help I could get!

Since 11 is prime, there are only 4 possible factorizations in Z:
8+3n=11 and m=1
8+3n=1 (impossible) and m=11
8+3n=-11 (impossible) and m=-1
8+3n=-1 m=-11
By restricting n in {0,1} only one solution remains...
For second case, there are quite more possibilities, since 30 is 2*3*5, you will have 16 possible products for your two terms in Z...
If you replace (x,y,z) by their 8 possible combinations, the first term degenerates in a 1st order polynomial in a, so that's only 8*16 = 128 polynomials to test for an integer root.
If all the problems degenerate in a product of polynomials of one variable after substitution of the variables that are in finite set (by brute force), then it's like finding integer roots of polynomials, which is trivial for 1st order polynomials like in the two problems above, and equivalent to factor a polynomial over the integers for higher degree...
If the factors remain multivariate, but linear (total order 1), then it's like solving linear systems. But finding integer solutions is not necessarily trivial, I recommend reading http://sites.math.rutgers.edu/~sk1233/courses/ANT-F14/lec3.pdf
Else if factors remain multivariate and of total order > 1, that's equivalent to solving polynomial systems... In some cases, that's possible, see https://en.wikipedia.org/wiki/Gr%C3%B6bner_basis.

Related

Optimal algorithm for a solution vector that minimizes its own matrix-vector product with a given sparse matrix

Given A, a sparse matrix of binary values with 36 columns and n rows (where each row is random with the only constraint of each having at least 1 one and at most 12 ones), is it possible to find an optimal strategy to create x, a column vector of binary values (with exactly 12 ones and 24 zeros), such that each row of the n by 1 column vector b = Ax contains a real number (a number between 0 and 12, inclusive), the maximum of which is as small as possible?
I am having trouble with this subset of an optimization problem and I have been attempting to brute-force it to no avail (by generating and testing pseudo-random numbers for x). Is the task actually NP-hard, or am I just not thinking out of the box enough?
There's an O(binomial(36, 12) n) = O(n) time algorithm for the problem as stated, but generalizing 36 to m, there's a polynomial-time reduction from independent set to this problem that shows NP-hardness. (Idea: given a graph, emit its adjacency matrix but with ones on the diagonal. The maximum number of vector entries we can set to 1 without causing the infinity norm to exceed 1 equals the size of the maximum independent set. The graph can be assumed cubic so that handles a more stringent version of your L1 norm constraint on the rows.)
36 choose 12 is less than 1.3 billion, which doesn't seem like that many, but you could also try to solve this problem via an integer programming formulation, since integer program solvers often excel at these kinds of packing problems. (If you need a rec, I use OR-Tools at work and am pretty happy with it.)

Calculate the probability of one set to be covered by random subsets

Suppose these two sets are given as input:
One set U as universe
And one set S containing some of the subsets of U.
The members of S are assigned with random flags 0 or 1. For each member of S, the probability of flag 1 is p and flag 0 is (1-p).
The desired output is: The probability of 'Union of the flag 1 subsets in S = U'
Although considering all the possible combinations of the flag 1 subsets in S is the trivial algorithm to lead to output, the running time of this brute force method is obviously exponential.
Is there any polynomial time algorithm which leads to the exact or approximate output? Or can we reduce the problem to any famous one like set-cover?
Getting an exact answer is #P-hard (counting analog of NP, thus at least as hard), since this problem generalizes monotone 2-CNF-SAT, which is known to be #P-hard (Welsh, Dominic; Gale, Amy (2001), "The complexity of counting problems", Aspects of complexity: minicourses in algorithmics, complexity and computational algebra: mathematics workshop, Kaikoura, January 7–15, 2000, pp. 115ff, Theorem 57.). The reduction is to set U to the set of clause identifiers and let each subset in S be the set of clauses in which some variable appears. EDIT: set p = 1/2 for each set, natch.

polynomial algorithm for Permutation in matrix

(can't make the sigma sign look good on the browser).
For an integer n, we will mark F_n as the group of the Injective functions
f:{1,2,3…,n}→{1,2,3…,n}
For a given matrix A from order nXn with non-negative values we will mark:
P(A)=∑_(f∈F_n)▒〖A_(1,f(1))*A_(2,f(2)) 〗…*A_(1,f(1) )*A_(n,f(n))
Plan a polynomial algorithm that determines if P(A)=0.
I was thinking to look for n^2-n+1 zeros in the matrix and then in any Permutation there will be zero in the product and then the sum will be zero, that’s gives run time of O(n^2). not sure about the solution.
any thoughts?
thanks
Example:
Your question is the complement of "Is there a way to place N rooks on a NxN chessboard, so that they can't attack each other, while avoiding the marked (zero) squares.
For example if one row or one column is all zeros then it is impossible and P(A) = 0, so looking for n^2 - n + 1 zeros doesn't cut it.
There is answer over here, however, that gives a lovely polynomial-time solution to this problem: https://cs.stackexchange.com/questions/28413/how-hard-is-this-constrained-n-rooks-problem
The sum of the 27 product combinations is simple after you've applied the distributive law at all three layers.
(a+b+c) * (d+e+f) * (g*h*i)
Thus, all you have to do is to check whether any row sum is 0.

This puzzle- subset sum?

In today's edition of the Guardian (a newspaper in the UK), in the "Pyrgic puzzles" section on page 43 by Chris Maslanka, the following puzzle was given:
The 3 wise men ... went to Herrods to do their Christmas shopping. Caspar bought Gold, Melchior bought Frankincense, and Balthazar bought a copy of the Daily Myrrh. The cashier tapped in the number of euros of each of these things cost, and meant to add the three numbers, but multiplied them instead. ... the marvel of the thing was that the result was exactly the same: €65.52. What were the three sums [I assume he meant the three numbers]?
My interpretation is: Find an a, b and c such that a + b + c = abc = 65.52 (exactly) where a, b and c are positive decimal numbers with no more than two decimal places. It follows that a, b and c must also be less than 65.52 (approximately).
My approach is thus: I shall find all the candidate sets of a, b and c where a + b + c = 6552 and a, b and c are integers from {1 ... 6550} (Notionally I have multiplied all the operands by 100 for convenience). Then, for all the candidate sets, it is trivial to satisfy the other condition by dividing all the operands by 100 then multiplying them (with arbitrary-precision arithmetic).
This, as I see it, is an instance of the subset sum problem. So I implemented a dirty (exponential time) algorithm which found one distinct solution: a=0.52, b=2, c=63.
Ok, there are better algorithms for the subset sum problem, but don't you think this is getting a little out-of-reach for an average Guardian reader?
On page 40 the answer is listed:
This is easy, by trial and error. Guess 52p for the Daily Myrrh. But by multiplying by 0.52 is roughly halving, so we need one sum to be about 2; so try 2 X 63 X 0.52. Et voilà. Is this answer unique?
Well, we know that the answer is unique (disregarding the other permutations of 2, 63 and 0.52).
What I want to know is: How can this be "easy"? Am I right in characterising the puzzle as an instance of the subset sum problem? Have I overlooked some characteristic of the puzzle which can be utilized to simplify the solution? Was anyone able to adopt a similar "trial and error" approach and if so can they take me through it? Is Chris Maslanka simply undaunted by NP-complete problems?
No, it is not an instance of the subset sum problem, because:
The subset size is limited to 3, making it O(n^3) solution worst case with naive exhaustive search (and not exponential)
There is additional data in here, the product of the numbers.
You are not actually given a set, a set of all integers is just a subproblem of subset-sum, a much easier one.
The important thing to understand here is: if a problem can be solved by an NP-Hard problem - it doesn't mean it is NP-Hard as well, the other way around holds - if you have a problem, and you can solve some NP-Hard problem (polynomially) with it, then your problem is NP-Hard. It is called polynomial reduction1.
The approach is easy because all you have to do is "guess" (by iterating all candidates) a value for a, and from this you can derive what is the possible solution for b,c - (2 variables, two equations if a is known - and in each iteration - it is), thus the solution is even linear - not only sub exponential.
It might even be optimized to use a variation of binary search to get a sub-linear optimization, but I cannot think of that optimization at the moment.
(1) Note: this is some intuitive explanation, and not a formal definition.

Why don't genetic algorithms work on problems like factoring RSA?

Some time ago i was pretty interested in GAs and i studied about them quite a bit. I used C++ GAlib to write some programs and i was quite amazed by their ability to solve otherwise difficult to compute problems, in a matter of seconds. They seemed like a great bruteforcing technique that works really really smart and adapts.
I was reading a book by Michalewitz, if i remember the name correctly and it all seemed to be based on the Schema Theorem, proved by MIT.
I've also heard that it cannot really be used to approach problems like factoring RSA private keys.
Could anybody explain why this is the case ?
Genetic Algorithm are not smart at all, they are very greedy optimizer algorithms. They all work around the same idea. You have a group of points ('a population of individuals'), and you transform that group into another one with stochastic operator, with a bias in the direction of best improvement ('mutation + crossover + selection'). Repeat until it converges or you are tired of it, nothing smart there.
For a Genetic Algorithm to work, a new population of points should perform close to the previous population of points. Little perturbation should creates little change. If, after a small perturbation of a point, you obtain a point that represents a solution with completely different performance, then, the algorithm is nothing better than random search, a usually not good optimization algorithm. In the RSA case, if your points are directly the numbers, it's either YES or NO, just by flipping a bit... Thus using a Genetic Algorithm is no better than random search, if you represents the RSA problem without much thinking "let's code search points as the bits of the numbers"
I would say because factorisation of keys is not an optimisation problem, but an exact problem. This distinction is not very accurate, so here are details.
Genetic algorithms are great to solve problems where the are minimums (local/global), but there aren't any in the factorising problem. Genetic algorithm as DCA or Simulated annealing needs a measure of "how close I am to the solution" but you can't say this for our problem.
For an example of problem genetics are good, there is the hill climbing problem.
GAs are based on fitness evaluation of candidate solutions.
You basically have a fitness function that takes in a candidate solution as input and gives you back a scalar telling you how good that candidate is. You then go on and allow the best individuals of a given generation to mate with higher probability than the rest, so that the offspring will be (hopefully) more 'fit' overall, and so on.
There is no way to evaluate fitness (how good is a candidate solution compared to the rest) in the RSA factorization scenario, so that's why you can't use them.
GAs are not brute-forcing, they’re just a search algorithm. Each GA essentially looks like this:
candidates = seed_value;
while (!good_enough(best_of(candidates))) {
candidates = compute_next_generation(candidates);
}
Where good_enough and best_of are defined in terms of a fitness function. A fitness function says how well a given candidate solves the problem. That seems to be the core issue here: how would you write a fitness function for factorization? For example 20 = 2*10 or 4*5. The tuples (2,10) and (4,5) are clearly winners, but what about the others? How “fit” is (1,9) or (3,4)?
Indirectly, you can use a genetic algorithm to factor an integer N. Dixon's integer factorization method uses equations involving powers of the first k primes, modulo N. These products of powers of small primes are called "smooth". If we are using the first k=4 primes - {2,3,5,7} - 42=2x3x7 is smooth and 11 is not (for lack of a better term, 11 is "rough"). Dixon's method requires an invertible k x k matrix consisting of the exponents that define these smooth numbers. For more on Dixon's method see https://en.wikipedia.org/wiki/Dixon%27s_factorization_method.
Now, back to the original question: There is a genetic algorithm for finding equations for Dixon's method.
Let r be the inverse of a smooth number mod N - so r is a rough number
Let s be smooth
Generate random solutions of rx = sy mod N. These solutions [x,y] are the population for the genetic algorithm. Each x, y has a smooth component and a rough component. For example suppose x = 369 = 9 x 41. Then (assuming 41 is not small enough to count as smooth), the rough part of x is 41 and the smooth part is 9.
Choose pairs of solutions - "parents" - to combine into linear combinations with ever smaller rough parts.
The algorithm terminates when a pair [x,y] is found with rough parts [1,1], [1,-1],[-1,1] or [-1,-1]. This yields an equation for Dixon's method, because rx=sy mod N and r is the only rough number left: x and y are smooth, and s started off smooth. But even 1/r mod N is smooth, so it's all smooth!
Every time you combine two pairs - say [v,w] and [x,y] - the smooth parts of the four numbers are obliterated, except for the factors the smooth parts of v and x share, and the factors the smooth parts of w and y share. So we choose parents that share smooth parts to the greatest possible extent. To make this precise, write
g = gcd(smooth part of v, smooth part of x)
h = gcd(smooth part of w, smooth part of y)
[v,w], [x,y] = [g v/g, h w/h], [g x/g, h y/h].
The hard-won smooth factors g and h will be preserved into the next generation, but the smooth parts of v/g, w/h, x/g and y/h will be sacrificed in order to combine [v,w] and [x,y]. So we choose parents for which v/g, w/h, x/g and y/h have the smallest smooth parts. In this way we really do drive down the rough parts of our solutions to rx = sy mod N from one generation to the next.
On further thought the best way to make your way towards smooth coefficients x, y in the lattice ax = by mod N is with regression, not a genetic algorithm.
Two regressions are performed, one with response vector R0 consisting of x-values from randomly chosen solutions of ax = by mod N; and the other with response vector R1 consisting of y-values from the same solutions. Both regressions use the same explanatory matrix X. In X are columns consisting of the remainders of the x-values modulo smooth divisors, and other columns consisting of the remainders of the y-values modulo other smooth divisors.
The best choice of smooth divisors is the one that minimizes the errors from each regression:
E0 = R0 - X (inverse of (X-transpose)(X)) (X-transpose) (R0)
E1 = R1 - X (inverse of (X-transpose)(X)) (X-transpose) (R1)
What follows is row operations to annihilate X. Then apply a result z of these row operations to the x- and y-values from the original solutions from which X was formed.
z R0 = z R0 - 0
= z R0 - zX (inverse of (X-transpose)(X)) (X-transpose) (R0)
= z E0
Similarly, z R1 = z E1
Three properties are now combined in z R0 and z R1:
They are multiples of large smooth numbers, because z annihilates remainders modulo smooth numbers.
They are relatively small, since E0 and E1 are small.
Like any linear combination of solutions to ax = by mod N, z R0 and z R1 are themselves solutions to that equation.
A relatively small multiple of a large smooth number might just be the smooth number itself. Having a smooth solution of ax = by mod N yields an input to Dixon's method.
Two optimizations make this particularly fast:
There is no need to guess all the smooth numbers and columns of X at once. You can run regressions continuosly, adding one column to X at a time, choosing columns that reduce E0 and E1 the most. At no time will any two smooth numbers with a common factor be selected.
You can also start with a lot of random solutions of zx = by mod N, and remove the ones with the largest errors between selections of new columns for X.

Resources