Skip to main content
Logo image

Applied Discrete Structures

Al Doerr, Ken Levasseur

Section A.2 The Invariant Relation Theorem

Subsection A.2.1 Two Exponentiation Algorithms

Consider the following algorithm implemented in Sage to compute \(a^m mod \, n\text{,}\) given an arbitrary integer \(a\text{,}\) non-negative exponent \(m\text{,}\) and a modulus \(n\text{,}\) \(n \ge 0\text{.}\) The default sample evaluation computes \(2^5\, mod\,7 = 32\,mod\,7 = 4\text{,}\) but you can edit the final line for other inputs.
It should be fairly clear that this algorithm will successfully compute \(a^m (mod\, n)\) since it mimics the basic definition of exponentiation. However, this algorithm is highly inefficient. The algorithm that is most commonly used for the task of exponentiation is the following one, also implemented in Sage.
The only difficulty with the "fast algorithm" is that it might not be so obvious that it always works. When implemented, it can be verified by example, but an even more rigorous verification can be done using the Invariant Relation Theorem. Before stating the theorem, we define some terminology.

Subsection A.2.2 Proving the correctness of the fast algorithm

Definition A.2.1. Pre and Post Values.

Given a variable \(x\text{,}\) the pre value of \(x\text{,}\) denoted \(\grave x\text{,}\) is the value before an iteration of a loop. The post value, denoted \(\acute x\text{,}\) is the value after the iteration.
In the fast exponentiation algorithm, the relationships between the pre and post values of the three variables are as follows.
\begin{equation*} \acute{b} \equiv \grave{b} \grave{t}^{\grave{k} mod\,2}(mod\, n) \end{equation*}
\begin{equation*} \acute{t} \equiv \grave t^2(mod\,n) \end{equation*}
\begin{equation*} \acute k = \grave k//2 \end{equation*}

Definition A.2.3. Invariant Relation.

Given an algorithm’s inputs and a set of variables that are used in the algorithm, an invariant relation is a set of one or more equations that are true prior to entering a loop and remain true in every iteration of the loop.
We claim that the invariant relation in the fast algorithm is \(b t^k = a^m (mod\,n)\text{.}\) We will prove that this is indeed true below.
The condition that the loop ends in a finite number of iterations lets us apply mathematical induction with the induction variable being the number of iterations. We leave the details to the reader.
We can verify the correctness of the fast exponentiation algorithm using the Invariant Relation Theorem. First we note that prior to entering the loop, \(b t^k = 1 a^m = a^m (mod\,n)\text{.}\) Assuming the relation is true at the start of any iteration, that is \(\grave{b} \grave{t}^{\grave k} = a^m (mod\,n)\text{,}\) then
\begin{equation*} \begin{split} \acute{b} \acute{t}^{\acute{k}} & \equiv (\grave{b} \grave{t}^{\grave{k}\,mod\,2})(\grave t^2)^{ \grave k//2}(mod\,n)\\ & \equiv\grave{b} \grave{t}^{2(\grave{k}//2) +\grave{k}\,mod\,2 }(mod\,n) \\ & \equiv \grave{b} \grave{t}^{\grave{k}}(mod\,n)\\ & \equiv a^m (mod\,n) \end{split} \end{equation*}
Finally, the value of \(k\) will decrease to zero in a finite number of steps because the number of binary digits of \(k\) decreases by one with each iteration. At the end of the loop,
\begin{equation*} b = b t^0 = b t^k \equiv a^m(mod\,n) \end{equation*}
which verifies the correctness of the algorithm.

Exercises A.2.3 Exercises

1.

How are the pre and post values in the slow exponentiation algorithm related? What is the invariant relation between the variables in the slow algorithm?

2.

Verify the correctness of the following algorithm to compute the greatest common divisor of two integers that are not both zero.
Hint.
The invariant of this algorithm is \(gcd(r0,r1)=gcd(a,b)\text{.}\)

4.

A dragon has 100 heads. A knight can cut off 15, 17, 20, or 5 heads, respectively, with one blow of his sword. In each of these cases 24, 2, 14, or 17 new heads grow on its shoulders, respectively. If all heads are blown off, the dragon dies. Can the dragon ever die? (problem attributed to Biswaroop Roy)
<Prev^TopNext>