Probability that the k-gcd of products of positive integers is B-friable

Probability that the k-gcd of products of positive integers is B-friable

Journal of Number Theory 168 (2016) 72–80 Contents lists available at ScienceDirect Journal of Number Theory www.elsevier.com/locate/jnt Probabilit...

276KB Sizes 1 Downloads 18 Views

Journal of Number Theory 168 (2016) 72–80

Contents lists available at ScienceDirect

Journal of Number Theory www.elsevier.com/locate/jnt

Probability that the k-gcd of products of positive integers is B-friable Jung Hee Cheon, Duhyeong Kim ∗ Department of Mathematical Sciences, Seoul National University, Seoul 151-747, Republic of Korea

a r t i c l e

i n f o

Article history: Received 24 December 2015 Received in revised form 4 April 2016 Accepted 4 April 2016 Available online 1 June 2016 Communicated by David Goss Keywords: gcd of products of positive integers B-friable k-gcd

a b s t r a c t In 1849, Dirichlet [5] proved that the probability that two positive integers are relatively prime is 1/ζ(2). Later, it was generalized into the case that positive integers have no nontrivial kth power common divisor. In this paper, we further generalize this result: the probability that the gcd of m products of n positive integers is B-friable is    n m   1 for m ≥ 2. We show that it p>B 1 − 1 − 1 − p m

1 is lower bounded by ζ(s) for some s > 1 if B > n m−1 , which completes the heuristic proof in the cryptanalysis of cryptographic multilinear maps by Cheon et al. [2]. We extend this result of k-gcd: the probability  to the n case  m   Hk−1 1 n H1 1 − 1 − 1 − 1 + , is + · · · + npk−1 p>B p p

where n Hi = n+i−1 . i © 2016 Elsevier Inc. All rights reserved.

* Corresponding author. E-mail addresses: [email protected] (J.H. Cheon), [email protected] (D. Kim). http://dx.doi.org/10.1016/j.jnt.2016.04.013 0022-314X/© 2016 Elsevier Inc. All rights reserved.

J.H. Cheon, D. Kim / Journal of Number Theory 168 (2016) 72–80

73

1. Introduction In 1849, Dirichlet [5] proved that the probability that two positive integers are relatively prime is 1/ζ(2). To be precise,

(x1 , x2 ) ∈ {1, 2, .., N }2 : gcd(x1 , x2 ) = 1 1 . lim = 2 N →∞ N ζ(2) Lehmer [7] and more recently Nymann [9] extended this result that the probability that the r positive integers are relatively prime is 1/ζ(r). Meanwhile, in 1885, Gegenbauer [6] proved that the probability that a positive integer is not divisible by rth power for an integer r ≥ 2 is 1/ζ(r). In 1976, Benkoski [1] combined Gegenbauer and Lehmer’s results and obtain that the probability that r positive integers are relatively k-prime is 1/ζ(rk). For positive integers x1 , ..., xr and k, we denote by gcdk (x1 , .., xr ) or k-gcd of x1 , ..., xr the largest kth power that divides x1 , ..., xr . If gcdk (x1 , .., xr ) = 1, we call x1 , .., xr are relatively k-prime. Later, study on the probability of gcd was extended by changing domain from Z to other Principal Ideal Domains. One extension is the result of Collins and Johnson [3] in 1989 that the probability that two Gaussian integers are relatively prime is 1/ζQ(i) (2). In 2004, Morrison and Dong [8] extended Benkoski’s result to the ring Fq [x] for a finite field Fq . More recently, in 2010, Sittinger [10] extended Benkoski’s result to the algebraic integers over the algebraic number field K: the probability that k algebraic integers are relative r-prime is 1/ζOK (rk) while OK is the ring of algebraic integers in K, and ζO (rk) denotes the Dedekind zeta function over OK . In this paper, we move our question to the probability that the gcd of products of positive integers is B-friable. We investigate the probability that the gcd of products of positive integers is B-friable. Given positive integers m ≥ 2 and n, assume that rij ’s are positive integers chosen randomly and independently in [1, N ] for 1 ≤ i ≤ m and n n 1 ≤ j ≤ n. Our theorem states that the probability that gcd( j=1 r1j , ..., j=1 rmj ) is     n  m  as N → ∞. This is proved by using B-friable converges to p>B 1 − 1 − 1 − p1 Lebesgue Dominated Convergence Theorem and the inclusion and exclusion principle.    n m   1 is lower bounded by We show that the value of p>B 1 − 1 − 1 − p           m n m   1 1 · nˆ
r = n m−1 + 1, rˆ = max{ˆ n, r} and s = m(1 − logrˆ n) > 1. Note that the first product term is equal to 1 if B = n ˆ , and the second product term is equal to 1 if n ˆ = rˆ. Thus our theorem proves the heuristic argument in the lemma in [2, page 10] to tell that this probability is lower bounded by 1/ζ(s) in case of B = 2n and logm2n > 1. The 2 lemma is used to guarantee the success probability of the cryptanalysis of cryptographic multilinear maps proposed by Coron et al. [4].

74

J.H. Cheon, D. Kim / Journal of Number Theory 168 (2016) 72–80

Finally, we extend the theorem to the case of k-gcd. When rij ’s are chosen randomly n and independently from {1, · · · , N }, we show that the probability that gcdk ( j=1 r1j , n ..., j=1 rmj ) is B-friable converges to   n  m   1 n H1 n Hk−1 1− 1− 1− 1+ + · · · + k−1 p p p

p>B

as N → ∞, where n Hi =

n+i−1

. This result is another generalized form of Benkoski’s. i

Notations. For an integer x, if x has no prime divisor larger than B, we say that x is B-friable. For a finite set X, the number of elements of X is denoted by |X|. All of the error terms in this paper are only about the positive integer N , i.e. O is actually ON . For positive integers x1 , ..., xr , and k, we denote by gcdk (x1 , ..., xr ) or the k-gcd of x1 , ..., xr the largest kth power that divides x1 , ..., xr . Note that the usual gcd is 1-gcd. From now on, alphabet p always denotes a prime number, and is a disjoint union. 2. Probability that the gcd of products of positive integers is B-friable 2.1. The gcd of products of positive integers In this section, we fix the positive integers m ≥ 2 and n. For a positive integer N , rij ’s are integers uniformly and independently chosen in [1, N ] for 1 ≤ i ≤ m and 1 ≤ j ≤ n. n n The aim of this section is to compute the probability that gcd( j=1 r1j , ..., j=1 rmj ) is B-friable when N → ∞. Denote by p1 , p2 , p3 , ... the prime numbers larger than B in increasing order, and define T (, N ) be the number of ordered pairs (rij ) such n n that gcd( j=1 r1j , ..., j=1 rmj ) is coprime to p1 , ..., p for 1 ≤ rij ≤ N . Note that n n lim→∞ T (, N )/N mn is the probability that gcd( j=1 r1j , ..., j=1 rmj ) is B-friable where rij are chosen randomly and independently in {1, 2, ..., N }. By following two steps, we obtain the value of limN →∞ lim→∞ T (, N )/N mn . Theorem 2.1. Let p1 , p2 , ... be the prime numbers larger than B in increasing order. Then,   n  m    T (, N )  1 = 1 − 1 − 1 − . N →∞ N mn pi i=1 lim

(2.1)

Proof. Let X = {p1 , p2 , ..., p } and 1 ≤ rij ≤ N for a positive integer N . By the inclusion and exclusion principle, ⎧ ⎫ ⎨ n n ⎬   (rij ) : gcd( r1j , ..., rmj ) is coprime to p1 , ..., p ⎩ ⎭ j=1 j=1

J.H. Cheon, D. Kim / Journal of Number Theory 168 (2016) 72–80

=

 P ⊂X

75

⎧ ⎫ ⎨ n n ⎬    |P | (−1) (rij ) : p | gcd( r1j , ..., rmj ) ⎭ ⎩ j=1

p∈P

j=1

⎧ ⎫ m ⎨ n ⎬    |P | = (−1) (r1j ) : p| r1j , ⎩ ⎭ j=1 P ⊂X p∈P where obtain

 p∈P

p = 1 for P = φ. Applying the inclusion and exclusion principle again, we

⎧ ⎫ ⎧ ⎫ ⎨ ⎨ n n ⎬ ⎬     |Q| (r1j ) : p| r1j = (−1) (r1j ) : p  r1j , ∀p ∈ Q ⎩ ⎩ ⎭ ⎭ j=1 j=1 p∈P Q⊂P ⎛ ⎞n    N ⎠ . = (−1)|Q| ⎝ (−1)|R|  p∈R p Q⊂P

R⊂Q

Consequently, we have

T (, N ) =



(−1)|P |

P ⊂X

Finally, using N/

T (, N ) = N mn

 P ⊂X

 p∈R

⎧ ⎨ ⎩

⎛ (−1)|Q| ⎝

Q⊂P

p/N = 1/

(−1)|P |

⎧ ⎨ ⎩



 (−1)|R|

R⊂Q

 p∈R

p + O(1/N ), we have

⎛ (−1)|Q| ⎝

Q⊂P

⎞n ⎫m ⎬ N ⎠  . ⎭ p∈R p



⎞n ⎫m   1 1 ⎠ ⎬ (−1)|R|  +O ⎭ p N p∈R

R⊂Q

  n  m       1 1 1− 1− 1− +O , = p N i i=1 which gives the theorem as N → ∞. 2 Theorem 2.1 gives the probability that the gcd of products of positive integers is not divisible by the first  primes greater than B. To obtain the probability that this gcd is B-friable, we need to take  → ∞ before taking N → ∞ in Theorem 2.1. To swap the orders of limits, we use the Lebesgue Dominated Convergence Theorem for counting measure on set of natural numbers, which states: Let {fn : N → R} be a sequence of functions. Suppose that limn→∞ fn exists point"∞ wisely and there exists a function g : N → R s.t. |fn | ≤ g, and x=1 g(x) < ∞. Then we have

J.H. Cheon, D. Kim / Journal of Number Theory 168 (2016) 72–80

76

∞ 

lim

n→∞

fn (x) =

x=1

∞  x=1

lim fn (x).

n→∞

Theorem 2.2. When rij ’s are chosen randomly and independently from {1, 2, ..., N }, the n n probability that gcd( j=1 r1j , ..., j=1 rmj ) is B-friable converges to  p>B





1 1− 1− 1− p

n  m 

as N → ∞. Proof. Define gN () = (T ( − 1, N ) − T (, N ))/N mn and T (0, N ) = N mn . Note that n n gN () is the probability that gcd( j=1 r1j , ..., j=1 rmj ) is coprime to p1 , ..., p−1 and divisible by p for randomly and independently chosen rij ’s from {1, ..., N }, and so is non-negative. We claim that lim

∞ 

N →∞

gN () =

=1

∞  =1

lim gN ().

N →∞

(2.2)

" Since 1≤s≤ gN (s) = 1 − T (, N )/N mn , this claim gives the proof of the theorem. m To prove the claim, we show that gN () is bounded by the function g() = npm and  "∞ m =1 g() ≤ n ζ(m) < ∞. As the final step, we have ⎡ gN () = Pr ⎣gcd( ⎡

n 

r1j , ...,

j=1

≤ Pr ⎣p | gcd(

⎤ rmj ) coprime to p1 , ..., p−1 and divisible by p ⎦

j=1 n  j=1

=

n 

r1j , ...,

n 

⎤ rmj )⎦

j=1

  m n (r1j ) : p | j=1 r1j N mn

n m

 =

(N n − |{r11 : p  r11 }| ) = N mn   n m 1 nm ≤ 1− 1− ≤ m, p p =

  m n N n − (r1j ) : p  j=1 r1j



N mn  ' (n m 1 N 1− 1− N p

where the last inequality is from Bernoulli’s inequality. 2 m

Corollary 2.3. Let n ˆ = max{n, B}, r = n m−1 + 1 and rˆ = max{ˆ n, r}. Then the n n probability that gcd( j=1 r1j , ..., j=1 rmj ) is B-friable is upper bounded by

J.H. Cheon, D. Kim / Journal of Number Theory 168 (2016) 72–80

77

−1  1 1 · 1− m , ζ(m) p p≤B

and lower bounded by    m  n  m      1 1 n 1− 1− 1− · 1− · , p p ζ(s)

B
n ˆ
for s = m(1 − logrˆ n) > 1. The first product term is equal to 1 if B = n ˆ , and the second product term is equal to 1 if n ˆ = rˆ. Proof. Since inequality  p>B



p>B [1

− {1 − (1 − 1/p)n }m ] decreases as n increases, we can obtain an

   −1 n m    1 1 1 1 1− 1− 1− ≤ 1− m = 1− m · . p p ζ(m) p p>B

p≤B

Using Bernoulli’s inequality, we can also obtain   n m   1 1− 1− 1− ≥ p

p>B

   m  n m      1 n 1− 1− 1− · 1− . p p

B
p>ˆ n

We can easily check that nm /pm ≤ 1/ps for prime p larger than rˆ. Therefore, we obtain   n m   1 1− 1− 1− p p>B     m     n m     1 n 1 1− 1− 1− · 1− · 1− s ≥ p p p Bˆ r           n m m   1 n 1 ≥ 1− 1− 1− · 1− · . p p ζ(s) B
n ˆ
Finally, s = m(1 − logrˆ n) > 1 since rˆ ≥ r > n m−1 , and the proof is completed. 2 Remark 2.4. Suppose B = 2n, and can check that B > n

m m−1

m log2 2n

is a positive integer larger than 1. Then we

, so rˆ = B ≥ r ≥ n. Applying Corollary 2.3, we have

  n m   1 1 1− 1− 1− ≥ , p ζ(s)

p>B

for s = m(1 − logrˆ n) = m(1 − log2n n) = suggested in the lemma of [2, page 10].

m log2 2n .

This is exactly same lower bound

J.H. Cheon, D. Kim / Journal of Number Theory 168 (2016) 72–80

78

2.2. Generalization to k-gcd Now, we extend Theorem 2.1 and 2.2 to the case of k-gcd. For a positive integer N , rij ’s are chosen randomly and independently in {1, 2, ..., N }. We compute the probn n ability that gcdk ( j=1 r1j , ..., j=1 rmj ) is B-friable when N → ∞. Define Tk (, N ) n n be the number of ordered pairs (rij ) such that gcdk ( j=1 r1j , ..., j=1 rmj ) is coprime to p1 , ..., p for 1 ≤ rij ≤ N . Note that lim→∞ Tk (, N )/N mn is the probability that n n gcdk ( j=1 r1j , ..., j=1 rmj ) is B-friable where rij ’s are chosen randomly and independently in {1, 2, ..., N }. Similarly to Theorem 2.1 and 2.2, we obtain the value of limN →∞ lim→∞ Tk (, N )/N mn by following two steps. Theorem 2.5. Let p1 , p2 , ... be the prime numbers larger than B in increasing order. Then, ) * ,-m . n +   1 Tk (, N )  n H1 n Hk−1 lim = + · · · k−1 1− 1− 1− 1+ . N →∞ N mn pi pi pi i=1 Proof. Similarly to Theorem 2.1, we apply the inclusion and exclusion principle. Note n   n  that p∈P p | gcdk ( j=1 r1j , ..., j=1 rmj ) if and only if p∈P pk | j rij for any i. For X = {p1 , ..., p } and 1 ≤ rij ≤ N , we can get Tk (, N ) = N mn

 P ⊂X

⎛ (−1)|P | ⎝



⎡ (−1)|Q| Pr ⎣pk 

n 

⎤⎞m r1j for all p ∈ Q⎦⎠ .

j=1

Q⊂P

Let pa x denotes that pa | x and pa+1  x, and ap,j ’s be the non-negative integers for p ∈ Q and 1 ≤ j ≤ n. Note that the number of n-tuples of non-negative integers

(ap,1 , ..., ap,n ) satisfying ap,1 + · · · + ap,n = i is n Hi = n+i−1 . Then we have i ⎡ Pr ⎣pk 

n 





r1j for all p ∈ Q⎦ =

j=1

Pr [pap,j r1j for all p, j]

ap,1 +···ap,n


=

n 

Pr [pap,j r1j for all p ∈ Q] .

ap,1 +···ap,n
Using inclusion and exclusion principle, |{(r1j ) : pap,j r1j for all p ∈ Q}|        N N N |Q|   =  − + · · · + (−1) ap,j ap,j +1 q · p∈Q pap,j p∈Q p p∈Q p q∈Q   1 1 =N + O(1). − pap,j pap,j +1 p∈Q

J.H. Cheon, D. Kim / Journal of Number Theory 168 (2016) 72–80

79

Therefore, we obtain ⎡ Pr ⎣pk 

n 

⎤ r1j , ∀p ∈ Q⎦ =

j=1



⎛ ⎝

p∈Q

=

ap,1 +···+ap,n
⎧  ⎨

p∈Q

=



1 1− ⎩ p



1−

p∈Q

1 p

n

n 

⎞   n  p−1 ⎠ 1 + O ap,j +1 p N j=1 

ap,1 +···+ap,n
1+

n H1

p

⎫ ⎬

1

pap,1 +···+ap,n ⎭

+···+

n Hk−1 pk−1

 +O



 +O

1 N

1 N



 ,

which gives the theorem when substituting in above equation and taking the limit N → ∞. 2 Theorem 2.6. When rij ’s are chosen randomly and independently from {1, 2, ..., N }, the n n probability that gcdk ( j=1 r1j , ..., j=1 rmj ) is B-friable converges to   m  n   1 n H1 n Hk−1 1− 1− 1− 1+ + · · · k−1 p p p

p>B

as N → ∞. Proof. The statement is proved by exactly the same way with Theorem 2.2. Since ⎡ ⎤ n n   Tk ( − 1, N ) − Tk (, N ) ≤ Pr ⎣p | gcdk ( r1j , ..., rmj )⎦ N mn j=1 j=1 ⎡

= Pr ⎣pk | gcd( ⎡ ≤ Pr ⎣p | gcd(

n  j=1

j=1

n 

n 

j=1



r1j , ...,

n 

r1j , ...,



rmj )⎦ ⎤ rmj )⎦

j=1

nm , pm 

we can apply Lebesgue Dominated Convergence Theorem in the same way to Theorem 2.2 to obtain the theorem. 2 Theorem 2.6 is a generalized form of Benkoski’s theorem [1] and Theorem 2.2. As we mentioned in Introduction, Benkoski’s theorem is that the probability that r positive n Hk−1 1 integers are relatively k-prime is 1/ζ(rk). When k = 1, 1 + n H p + · · · + pk−1 = 1,

80

J.H. Cheon, D. Kim / Journal of Number Theory 168 (2016) 72–80

so the result is same with Theorem 2.2. Also when B = n   n = 1, the same condition with n Hk−1 1 n H1 Benkoski’s theorem, 1 − p 1 + p + · · · + pk−1 = 1 − p1k . Therefore,   n  m      1 1 1 n H1 n Hk−1 1− 1− 1− 1+ + · · · + k−1 = 1 − mk = . p p p p ζ(mk) p

p>B

This is exactly the same result of Benkoski.   n   The value of p>B 1 − 1 − 1 − p1 1+

n H1

p

+ ··· +

n Hk−1 pk−1

m  can be lower

bounded by the case of k = 1. Therefore, we can conclude   n  m   1 n H1 n Hk−1 1− 1− 1− 1+ + · · · + k−1 p p p p>B    m  n m      1 1 n 1− 1− 1− · 1− · , ≥ p p ζ(s) B
n ˆ
m

for n ˆ = max{n, B}, r = n m−1 + 1, rˆ = max{ˆ n, r}, and s = m(1 − logrˆ n). References [1] S.J. Benkoski, The probability that k integers are relatively r-prime, J. Number Theory 8 (1973) 218–223. [2] J. Cheon, K. Han, C. Lee, H. Ryu, D. Stehle, Cryptanalysis of the multilinear map over the integers, available at https://eprint.iacr.org/2014/906.pdf, 2014. [3] G.E. Collins, J.R. Johnson, The probability of relative primality of Gaussian integers, in: International Symposium Symbolic and Algebraic Computation, Springer-Verlag, 1989, pp. 252–258. [4] J. Coron, T. Lepoint, M. Tibouchi, Practical multilinear maps over the integers, in: CRYPTO, vol. 1, 2013, pp. 476–493. [5] G. Dirichlet, Über die Bestimmung der mittleren Werte in der Zahlentheorie, Abh. K. Preuss. Akad. Wiss., 1849. [6] L. Gegenbauer, Asymptotische Gesetze der Zahlentheorie, Denkschr. Akad. Wien 49 (1885) 37–80. [7] D.N. Lehmer, Asymptotic evaluation of certain totient sums, Amer. J. Math. 22 (1900) 293–355. [8] K. Morrison, Z. Dong, The probability that random polynomials are relatively r-prime, available at http://www.calpoly.edu/~kmorriso/Research/RPFF04-2.pdf, 2004. [9] J.E. Nymann, On the probability that k positive integers are relatively prime, J. Number Theory 4 (1970) 469–473. [10] Brain D. Sittinger, The probability that random algebraic integers are relatively r-prime, J. Number Theory 130 (2009) 164–171.