# Randomized Quicksort

Given as input a permutation ${\displaystyle \pi }$ of ${\displaystyle n}$ numbers, we want to reorder the numbers in ${\displaystyle \pi }$ in increasing order. This is the problem of sorting, one of the most classic problem in Computer Science. The famous Quicksort algorithm has very good performance in practice.

 Quicksort if the length of ${\displaystyle \pi }$ is greater than 1 do: pick an ${\displaystyle i\in [n]}$ and choose ${\displaystyle \pi _{i}}$ as the pivot; partition ${\displaystyle \pi }$ into three parts: ${\displaystyle \pi '}$, ${\displaystyle \pi _{i}}$, and ${\displaystyle \pi ''}$, where all numbers in ${\displaystyle \pi '}$ are smaller than ${\displaystyle \pi _{i}}$ and all numbers in ${\displaystyle \pi ''}$ are larger than ${\displaystyle \pi _{i}}$; recursively sort ${\displaystyle \pi '}$ and ${\displaystyle \pi ''}$;

The time complexity of this sorting algorithm is measured by the number of comparisons.

For the deterministic quicksort algorithm, the pivot is picked from a fixed position ${\displaystyle i}$ (e.g. the first element ${\displaystyle \pi _{0}}$). The worst-case time complexity in terms of number of comparisons is ${\displaystyle \Theta (n^{2})}$, though the average-case complexity is ${\displaystyle O(n\log n)}$, matching the lower bound for comparison-based sorting.

We consider the following randomized version of the quicksort.

 Randomized Quicksort if the length of ${\displaystyle \pi }$ is greater than 1 do: pick an ${\displaystyle i\in [n]}$ uniformly at random and choose ${\displaystyle \pi _{i}}$ as the pivot; partition ${\displaystyle \pi }$ into three parts: ${\displaystyle \pi '}$, ${\displaystyle \pi _{i}}$, and ${\displaystyle \pi ''}$, where all numbers in ${\displaystyle \pi '}$ are smaller than ${\displaystyle \pi _{i}}$ and all numbers in ${\displaystyle \pi ''}$ are larger than ${\displaystyle \pi _{i}}$; recursively sort ${\displaystyle \pi '}$ and ${\displaystyle \pi ''}$;

We assume that the complexity is measured in terms of number of comparisons, and the deterministic quicksort chooses the first element in the permutation as the pivot.

## Average-case vs. Randomization

We show that the expected running time of randomized quicksort on any input is equal to the average-case complexity of deterministic quicksort. Formally, we have the following theorem.

 Theorem For any permutation ${\displaystyle \pi }$ of ${\displaystyle n}$ numbers, let ${\displaystyle t(\pi )}$ be the complexity of the deterministic quicksort algorithm on input ${\displaystyle \pi }$, and let ${\displaystyle T(\pi )}$ be the random variable representing the complexity of the randomized quicksort on input ${\displaystyle \pi }$. Let ${\displaystyle \Pi }$ be a uniformly random permutation of ${\displaystyle n}$ numbers. ${\displaystyle \mathrm {E} [T(\pi )]=\mathrm {E} [t(\Pi )]}$ where the first expectation is taken over the randomness of the algorithm, and the second expectation is taken over the random permutation ${\displaystyle \Pi }$.

We know that the average-case complexity of deterministic quicksort is ${\displaystyle O(n\log n)}$, i.e. ${\displaystyle \mathrm {E} [t(\Pi )]=O(n\log n)}$. Then the above theorem implies that the expected running time of the randomized quicksort is ${\displaystyle \mathrm {E} [T(\pi )]=O(n\log n)}$ on any input ${\displaystyle \pi }$.

For the deterministic quicksort, there exists some bad input ${\displaystyle \pi }$ such that the running time of the algorithm is as bad as ${\displaystyle \Omega (n^{2})}$, each time we run the algorithm on that input. However, for the randomized quicksort, for any input ${\displaystyle \pi }$, the running time of the algorithm is random and exhibits a well-behaved distribution.

We now prove the theorem.

Each running instance of the quicksort can be represented by a binary recursion tree. Each node corresponds to a recursive call of the quciksort algorithm, and the node is labeled with the size of the current input permutation ${\displaystyle \pi }$. The running time of the algorithm is the sum of the labels of the nodes.

We can show that the distribution of the labels of the tree defined by the deterministic quicksort on a random permutation ${\displaystyle \Pi }$ is equivalent to the distribution of the labels of the tree defined by the randomized quicksort on any fixed permutation ${\displaystyle \pi }$. The argument uses an important principle for the probabilistic analysis of algorithms: the principle of deferred decisions.

## Principle of deferred decisions

For the average-case analysis, the input is a uniformly random permutation which is generated before the running of the algorithm. We can defer the decision of the random choices to the time when they are actually used by the algorithm.

For the deterministic quicksort, each time we choose the first element in the current permutation as the pivot. For a uniformly random inout permutation ${\displaystyle \Pi }$. Once the random choice of ${\displaystyle \Pi }$ is determined, all the pivots and the labels of the recursion tree are accordingly fixed. We defer the random choice of the uniform input permutation ${\displaystyle \Pi }$ to the time when the pivots are determined. At each step, the pivot is uniformly sampled from the current permutation. This deferring of random choices does not change the distribution of the pivots since the element in a fixed position of a random permutation is equally distributed as the element in a random position of a fixed permutation.

Observe that the resulting process (each time the pivot is uniformly sampled from the current permutation) has exactly the same way of sampling pivots as the randomized quicksort. Thus, the expected complexity of randomized quicksort on any fixed input is equal to the expected complexity of deterministic quicksort on a random input. The theorem is proved.

# Primality Test

A primality test is an algorithm that given as input a number ${\displaystyle n}$ determines whether ${\displaystyle n}$ is prime.

## Fermat Test

Recall the Fermat's little theorem.

 Fermat's little theorem If ${\displaystyle n>2}$ is prime, then ${\displaystyle a^{n-1}\equiv 1{\pmod {n}}}$ for every ${\displaystyle a\in \{1,2,\ldots ,n-1\}}$.

There are several proofs for this famous theorem. We will not prove the theorem but will only use it here.

If we can find an ${\displaystyle a\in \{1,2,\ldots ,n-1\}}$ such that ${\displaystyle a^{n-1}\not \equiv 1{\pmod {n}}}$, it will prove that ${\displaystyle n}$ is composite. This inspires the following "primality testing" algorithm.

 Fermat test Choose a uniformly random ${\displaystyle a\in \{1,2,\ldots ,n-1\}}$. If ${\displaystyle a^{n-1}\not \equiv 1{\pmod {n}}}$, then return "composite". Else return "probably prime".

### Complexity of Fermat test

The time complexity of this algorithm depends on the computational cost ${\displaystyle a^{n-1}{\bmod {n}}}$, whose straightforward computing takes ${\displaystyle n-2}$ multiplications, which is too expensive. We describe an efficient way of computing the modular exponent ${\displaystyle a^{x}{\bmod {n}}\,}$ where ${\displaystyle x\in [n]}$.

We first make the following observations regarding the modular exponentiations:

• If the values of ${\displaystyle a^{x}{\bmod {n}}}$ and ${\displaystyle a^{y}{\bmod {n}}}$ are both known, then ${\displaystyle a^{x+y}{\bmod {n}}}$ can be computed by multiplying (modulo ${\displaystyle n}$) them.
• ${\displaystyle a^{2^{i}}}$ can be computed by letting ${\displaystyle a_{0}=a}$ and ${\displaystyle a_{j}=a_{j-1}^{2}{\pmod {n}}}$ for ${\displaystyle j=1,2,\ldots ,i}$, which takes only ${\displaystyle i}$ modular multiplications.

Let ${\displaystyle \ell =\lceil \log _{2}n\rceil }$. A number ${\displaystyle x\in [n]}$ can be represented in its binary form: ${\displaystyle x_{\ell }x_{\ell -1}\cdots x_{1}x_{0}}$, where each ${\displaystyle x_{i}\in \{0,1\}}$, so that ${\displaystyle x=\sum _{i=0}^{\ell }x_{i}\cdot 2^{i}}$.

Combining the above two observations, all ${\displaystyle a^{x_{i}2^{i}}{\bmod {n}}}$ can be computed in ${\displaystyle O(\log n)}$ many multiplications, and ${\displaystyle a^{x}{\bmod {n}}}$ can be computed by multiplying (modulo ${\displaystyle n}$) them together.

The time complexity of Fermat test thus can be made in polynomial of ${\displaystyle \log n}$.

### Accuracy of Fermat test

If the output is "composite", then ${\displaystyle a^{n-1}\not \equiv 1{\pmod {n}}}$ for some ${\displaystyle a\in \{1,2,\ldots ,n-1\}}$. By the Fermat's little theorem, ${\displaystyle n}$ must be composite. Therefore, for any prime ${\displaystyle n}$, the output is always "probably prime".

For composite ${\displaystyle n}$, it is possible that the algorithm picks an ${\displaystyle a}$ such that ${\displaystyle a^{n-1}\equiv 1{\pmod {n}}}$ and outputs "probably prime". But if the fraction of such bad ${\displaystyle a}$ in ${\displaystyle \{1,2,\ldots ,n-1\}}$ is small enough, then the testing algorithm may still correctly output "composite" with a good chance. However, there exist (though very rare) such composites, called Carmichael numbers, that may fool the Fermat test.

 Definition (Carmichael number) A composite number ${\displaystyle n}$ is a Carmichael number if ${\displaystyle a^{n-1}\equiv 1{\pmod {n}}}$ for all ${\displaystyle a\in \mathbb {Z} _{n}^{*}}$.

Here ${\displaystyle \mathbb {Z} _{n}^{*}}$ is the multiplicative group modulo ${\displaystyle n}$, defined as ${\displaystyle \mathbb {Z} _{n}^{*}=\{a\mid 1\leq a\leq n-1\wedge \mathrm {gcd} (a,n)=1\}}$.

For non-Carmichael composites, the Fermat test may detect the compositeness with a fairly good chance. Let ${\displaystyle B=\{a\in \mathbb {Z} _{n}^{*}\mid a^{n-1}\equiv 1{\pmod {n}}\}}$. Note that ${\displaystyle B}$ is closed under multiplication (modulo ${\displaystyle n}$), thus ${\displaystyle B}$ is a subgroup of ${\displaystyle \mathbb {Z} _{n}^{*}}$. Therefore, ${\displaystyle |\mathbb {Z} _{n}^{*}|}$ is divisible by ${\displaystyle |B|}$.

If ${\displaystyle n}$ is neither prime nor Carmichael, then ${\displaystyle \mathbb {Z} _{n}^{*}\setminus B}$ is nonempty, i.e. ${\displaystyle B}$ is a proper subgroup of ${\displaystyle \mathbb {Z} _{n}^{*}}$, thus ${\displaystyle |\mathbb {Z} _{n}^{*}|/|B|}$ is at least 2 and there are at least half ${\displaystyle a\in \{1,2,\ldots ,n-1\}}$ satisfying ${\displaystyle a^{n-1}\not \equiv 1}$.

In conclusion,

• if ${\displaystyle n}$ is prime, then the Fermat test returns "probably prime" with probability 1;
• if ${\displaystyle n}$ is non-Carmichael composite, then the Fermat test returns "composite" with probability at least ${\displaystyle 1/2}$;
• if ${\displaystyle n}$ is a Carmichael number, the Fermat test breaks down.

As long as the input is not a Carmichael number, we can repeat the Fermat test independently for ${\displaystyle k}$ times and reduce the error probability to ${\displaystyle 2^{-k}}$.

The Carmichael numbers are very rare. Let ${\displaystyle c(n)}$ be the "Carmichael density" that

${\displaystyle c(n)={\frac {{\text{number of Carmichael numbers }}\leq n}{n}}}$.

In 1956, Erdős proved that

${\displaystyle c(n)\leq \exp \left(-\Omega \left({\frac {\log n\log \log \log n}{\log \log n}}\right)\right)=n^{-\Omega \left({\frac {\log \log \log n}{\log \log n}}\right)}}$.

If one only needs to generates a prime number instead of testing the primality of a given number, then we can generates a random number, and apply the Fermat test. Due to the prime number theorem, the number of prime numbers less than or equal to ${\displaystyle n}$ is ${\displaystyle \pi (n)\sim {\frac {n}{\ln n}}}$. This scheme will generates a prime number in a reasonable number of independent trials with a good chance.

## Miller-Rabin Test

The Fermat test is based on the following way to prove that a number ${\displaystyle n}$ is composite:

• there exists a number ${\displaystyle a}$ such that ${\displaystyle a^{n-1}\not \equiv 1{\pmod {n}}}$.

The Miller-Rabin primality test is based on an additional way to prove that a number ${\displaystyle n}$ is composite:

• 1 has a nontrivial square root, that is, a number ${\displaystyle a}$ satisfying that ${\displaystyle a^{2}\equiv 1{\pmod {n}}}$ but ${\displaystyle a\not \equiv \pm 1{\pmod {n}}}$.

The following theorem states that the existence of nontrivial square root of 1 is a valid proof of compositeness of ${\displaystyle n}$.

 Theorem If ${\displaystyle n>2}$ is prime, then ${\displaystyle 1}$ does not have a nontrivial square root.
Proof.
 Suppose ${\displaystyle a}$ is a square root of 1, that is, ${\displaystyle a^{2}\equiv 1{\pmod {n}}}$. Therefore, ${\displaystyle (a-1)(a+1)=a^{2}-1\equiv 0{\pmod {n}}}$, which means that ${\displaystyle (a-1)(a+1)|n\,}$. If ${\displaystyle a\not \equiv \pm 1{\pmod {n}}}$, then ${\displaystyle n}$ divides neither ${\displaystyle (a-1)}$ nor ${\displaystyle (a+1)}$, which contradicts that ${\displaystyle n}$ is prime and divides ${\displaystyle (a-1)(a+1)}$.
${\displaystyle \square }$

The idea of Miller-Rabin test is to find either a Fermat proof of compositeness, or a nontrivial square root of 1.

 Miller-Rabin Primality Test Choose a uniformly random ${\displaystyle a\in \{1,2,\ldots ,n-1\}}$. Let ${\displaystyle t}$ and ${\displaystyle m}$ be such that ${\displaystyle t\geq 1}$, ${\displaystyle m}$ is odd, and ${\displaystyle n-1=2^{t}m}$. Let ${\displaystyle a_{0}=a^{m}{\bmod {\,}}n\,}$. For ${\displaystyle i=1}$ to ${\displaystyle t}$, let ${\displaystyle a_{i}=a_{i-1}^{2}{\bmod {\,}}n}$. If ${\displaystyle a_{t}\not \equiv 1{\pmod {n}}}$, then return "composite". If there is an ${\displaystyle i}$, ${\displaystyle 1\leq i\leq t}$, such that ${\displaystyle a_{i}\equiv 1{\pmod {n}}}$ but ${\displaystyle a_{i-1}\not \equiv \pm 1{\pmod {n}}}$, then return "composite". Else return "probably prime".

An easy inductive proof shows that ${\displaystyle a_{i}=a^{2^{i}m}{\bmod {\,}}n}$ for all ${\displaystyle i}$, ${\displaystyle 0\leq i\leq t}$. In particular, ${\displaystyle a_{t}\equiv a^{2^{t}m}=a^{n-1}{\pmod {n}}}$.

The original algorithm due to Miller is deterministic, which test all small ${\displaystyle a}$ up to an ${\displaystyle O(\log n)}$ order. The correctness of this deterministic algorithm relies on the unproven conjecture of Generalized Riemann hypothesis. It was observed by Rabin that the deterministic searching can be replaced by random sampling.

Line 4 of the algorithm is equivalent to that ${\displaystyle a^{n-1}\not \equiv 1{\pmod {n}}}$, thus line 4 is just the Fermat test. If ${\displaystyle n}$ passes the Fermat test, line 5 tries to find a nontrivial square root of 1 in form of ${\displaystyle a^{2^{i}m}}$.

If ${\displaystyle n}$ is prime, then due to the Fermat little theorem and the fact that prime numbers do not have nontrivial square roots of 1, the conditions in line 4 and line 5 will never hold, thus the algorithm will return "probably prime". If ${\displaystyle n}$ is a non-Carmichael composite, as in the Fermat test, line 4 returns "composite" with probability at least ${\displaystyle 1/2}$. The only remaining case is when ${\displaystyle n}$ is a Carmichael number.

We pick the largest ${\displaystyle j}$ such that there is a ${\displaystyle b\in \mathbb {Z} _{n}^{*}}$ satisfying ${\displaystyle b^{2^{j}m}\equiv -1{\pmod {n}}}$, and define

${\displaystyle B=\{a\in \mathbb {Z} _{n}^{*}\mid a^{2^{j}m}\equiv \pm 1{\pmod {n}}\}}$.
 Theorem If ${\displaystyle n}$ is a Carmichael number, then the ${\displaystyle B}$ defined as above is a proper subgroup of ${\displaystyle \mathbb {Z} _{n}^{*}}$.

Since ${\displaystyle j}$ is fixed, it is easy to verify that ${\displaystyle B}$ is closed under multiplication, thus ${\displaystyle B}$ is a subgroup of ${\displaystyle \mathbb {Z} _{n}^{*}}$. It is a bit complicated to show that ${\displaystyle \mathbb {Z} _{n}^{*}\setminus B}$ is nonempty and we will not give the full proof here.

The accuracy of Miller-Rabin test on Carmichael numbers is implied by this theorem. Suppose ${\displaystyle n}$ is a Carmichael number. We call an ${\displaystyle a\in \{1,2,\ldots ,n-1\}}$ a liar if it fools the test in line 5, i.e. there is no such ${\displaystyle i}$ that ${\displaystyle a^{2^{i}m}\equiv 1{\pmod {n}}}$ but ${\displaystyle a^{2^{i-1}m}\not \equiv \pm 1{\pmod {n}}}$.

We claim that all liars belong to ${\displaystyle B}$. Due to the maximality of ${\displaystyle j}$, ${\displaystyle a^{2^{i}m}\not \equiv -1}$ for all ${\displaystyle i>j}$. Since ${\displaystyle n}$ is a Carmichael number, ${\displaystyle a^{n-1}\equiv 1{\pmod {n}}}$, if ${\displaystyle a}$ is a liar then it mus hold that ${\displaystyle a^{2^{i}m}\equiv 1{\pmod {n}}}$ for all ${\displaystyle i>j}$ or otherwise ${\displaystyle a}$ cannot be a liar. In particular, ${\displaystyle a^{2^{j+1}m}\equiv 1{\pmod {n}}}$. Again, since ${\displaystyle a}$ is a liar, ${\displaystyle a^{2^{j}m}\equiv \pm 1{\pmod {n}}}$, therefore ${\displaystyle a\in B}$.

We show that when ${\displaystyle n}$ is a Carmichael number, all numbers ${\displaystyle a}$ that fools the Miller-Rabin test belongs to a proper subgroup of ${\displaystyle \mathbb {Z} _{n}^{*}}$, therefore the Miller-Rabin test returns a "composite" with probability ${\displaystyle 1/2}$.

In conclusion,

• if ${\displaystyle n}$ is prime, the algorithm returns "probably prime";
• if ${\displaystyle n}$ is a non-Carmichael composite, the algorithm returns "composite" in line 4 with probability at least ${\displaystyle 1/2}$;
• if ${\displaystyle n}$ is a Carmichael number, the algorithm returns "composite" in line 5 with probability at least ${\displaystyle 1/2}$.

# Graph Coloring

A coloring of a graph ${\displaystyle G(V,E)}$ is a mapping ${\displaystyle \sigma :V\rightarrow [q]}$ for some integer ${\displaystyle q}$, satisfying that ${\displaystyle \sigma (u)\neq \sigma (v)}$ for all ${\displaystyle uv\in E}$.

The problem of deciding whether an input graph is colorable by some fixed number of colors is a classic problem in Computer Science. Denote by ${\displaystyle \Delta }$ the maximum degree of ${\displaystyle G}$.

• If ${\displaystyle q\geq \Delta +1}$, there always exists a coloring. Moreover, the coloring can be found by a simple greedy algorithm.
• If ${\displaystyle q=\Delta }$, ${\displaystyle G}$ has a coloring unless it contains a ${\displaystyle (\Delta +1)}$-clique or it is an odd cycle. (Brooks Theorem)
• If ${\displaystyle q<\Delta }$, the problem of deciding whether ${\displaystyle G}$ is ${\displaystyle q}$-colorable is NP-hard.

## Sampling a graph coloring

We consider the problem of sampling a uniformly random coloring of a given graph.

Sampling a random coloring is at least as hard as deciding its existence, so we don't expect to solve the sampling problem when ${\displaystyle q<\Delta }$. The decision problem for the case ${\displaystyle q=\Delta }$ is also nontrivial. Thus people are interested only in the case when ${\displaystyle q\geq \Delta +1}$.

Unlike sampling a number from ${\displaystyle [n]}$ uniformly at random, which can be done by flipping a fair coin for ${\displaystyle O(\log n)}$ times, sampling a coloring cannot be easily done, because of the constraint that any two adjacent vertices cannot have the same color. Such constraints (also called "structures") tremendously increase the difficulty of random sampling a combinatorial object as well as counting the number of combinatorial objects.

The following is a simple randomized algorithm for sampling colorings.

 Sampling Graph Coloring Start with an arbitrary coloring of ${\displaystyle G(V,E)}$. At each step: Pick a vertex ${\displaystyle v\in V}$ and a color ${\displaystyle c\in [q]}$ uniformly at random. Change the color of ${\displaystyle v}$ to ${\displaystyle c}$ if it results a valid coloring; do nothing if otherwise. Repeat this process for sufficiently many steps.

This very simple algorithm uses an important idea called random walks. There is a huge class of randomized algorithms for random sampling based on this principle.

The algorithm start with a fixed coloring, and "walks" to more and more random colorings as it runs. In finite steps, it will get "close" enough to a uniform random coloring. There are two issues:

• How do we measure the randomness of the coloring, or how doe we measure how close the current random coloring to the uniform random coloring?
• How many steps it takes to get close enough to a random coloring?

We will introduce the formal concepts addressing these issues in future lectures. We will introduce a beautiful theory of random walks, which is fundamental to the analysis of randomized algorithms.

The followings are the two most important conjectures regarding the graph coloring problem.

 Conjecture The above simple algorithm returns a nearly uniform random coloring in ${\displaystyle O(n\ln n)}$ steps whenever ${\displaystyle q\geq \Delta +2}$. Random sampling a nearly uniform graph colorings can be done in polynomial time whenever ${\displaystyle q\geq \Delta +1}$.

These two conjectures are still open. We will not solve them in this class, but we will approach them by some important techniques for analyzing random walks.

## Counting by sampling

Given a graph ${\displaystyle G(V,E)}$ of ${\displaystyle n}$ vertices, we want to compute the number of different colorings of graph ${\displaystyle G}$. This is a well-defined computational problem.

Enumerating all colorings will take exponential time in the worst case. Since we only need a number instead of a list of all colorings, we expect cleverer ways of computing this number than the brute force enumeration.

The problem of counting graph colorings has the following formulation. Let ${\displaystyle A}$ be a ${\displaystyle q\times q}$ matrix defined as

${\displaystyle A={\begin{bmatrix}A_{00}&A_{01}&\cdots &A_{0,q-1}\\A_{10}&A_{11}&\cdots &A_{1,q-1}\\\vdots &\vdots &\ddots &\vdots \\A_{q-1,0}&A_{q-1,1}&\cdots &A_{q-1,q-1}\\\end{bmatrix}}}$, where ${\displaystyle A_{ij}={\begin{cases}0&i=j\\1&i\neq j\end{cases}}}$.

The number of colorings for a given graph ${\displaystyle G}$ is described by the following function:

${\displaystyle Z_{A}(G)=\sum _{\sigma :V\rightarrow [q]}\prod _{(u,v)\in E}A_{\sigma (u),\sigma (v)}}$.

The sum enumerates all possible colorings, valid or invalid, and the product determines whether the present coloring is valid.

We can replace ${\displaystyle A}$ with any ${\displaystyle q\times q}$ matrix and talk about the computation of ${\displaystyle Z_{A}(G)}$. This gives us the Potts model in statistical physics. When ${\displaystyle q=2}$, it becomes the famous Ising model.

The function ${\displaystyle Z_{A}(G)}$ is called the partition function in statistical physics. Virtually all interesting information about a statistical physics system can be deduced from its partition function value.

The partition function can also be used to model many natural counting problems. For example, when ${\displaystyle q=2}$ and

${\displaystyle A={\begin{bmatrix}A_{00}&A_{01}\\A_{10}&A_{11}\\\end{bmatrix}}={\begin{bmatrix}1&1\\1&0\\\end{bmatrix}}}$

The partition function ${\displaystyle Z_{A}(G)}$ is the total number of independent sets of graph ${\displaystyle G}$.

There is a complexity class for counting problems, named #P. The NP class is for decision problems. The #P class is the analog of the NP class for counting problems. Many counting problems are known to be #P-hard, including counting graph colorings or independent sets.

It is believed that #P-hard problems do not have polynomial time algorithms. Actually it is believed that #P-hard problems are harder than NP-hard problems, partly because the existence of polynomial time algorithm for any #P-hard problem implies that P=NP, but not vice versa.

Later in this class, we will show that although the exact counting is computationally hard, for #P-hard problems such as counting graph colorings, there exist randomized algorithms which can approximately compute the problems. These algorithms are based on random samplings obtained from simulating a random walk. This powerful technique is called the Monte Carlo Markov Chain (MCMC) method.

# Identity Checking

Consider the following scenario: Two datacenters located in two far apart cities (Beijing and Nanjing), each holds a copy of a very large database. We want to check whether the two copies are identical with minimum communication between two datacenters. The cost of local computation is ignored because it is incomparable to the cost caused by remote communication.

## Communication Complexity

In 1979, Andrew Yao introduced the communication complexity to model the problems of this kind. The communication complexity is much more general, which does not just consider the problem of checking identity but any problems that can be computed by communication.

Alice and Bob are two entities. Alice has a private input ${\displaystyle x}$ and Bob has a private input ${\displaystyle y}$. Together they want to compute a function ${\displaystyle f(x,y)}$ by communicating with each other. The communication follows a predefined communication protocol (the "algorithm" in this model) which depends only on the problem ${\displaystyle f}$ but not on the inputs. The complexity of a communication protocol is measured by the number of bits communicated between Alice and Bob in the worst case.

The problem of checking identity is formally defined by the function EQ as follows: ${\displaystyle \mathrm {EQ} :\{0,1\}^{n}\times \{0,1\}^{n}\rightarrow \{0,1\}}$ and for any ${\displaystyle x,y\in \{0,1\}^{n}}$,

${\displaystyle \mathrm {EQ} (x,y)={\begin{cases}1&{\mbox{if }}x=y,\\0&{\mbox{otherwise.}}\end{cases}}}$

A trivial way to solve EQ is to let Bob send ${\displaystyle y}$ to Alice. Supposed that ${\displaystyle x,y\in \{0,1\}^{n}}$, this costs ${\displaystyle n}$ bits of communications.

It is known that for deterministic communication protocols, this is the best we can get for computing EQ.

 Theorem (Yao 1979) Any deterministic communication protocol computing EQ on two ${\displaystyle n}$-bit strings costs ${\displaystyle n}$ bits of communication in the worst-case.

This theorem is much more nontrivial to prove than it looks, because Alice and Bob are allowed to interact with each other in arbitrary ways. The proof of this theorem in Yao's 1979 paper initiates the field of communication complexity.

## Randomized communication protocols

If the randomness is allowed, we can solve this problem up to a tolerable probabilistic error with significantly less communications. We treat the inputs ${\displaystyle x,y\in \{0,1\}^{n}}$ as two binary numbers ${\displaystyle x,y\in [2^{n}]}$. The randomized communication protocol is as follows:

 A randomized protocol for EQ Alice does: for some parameter ${\displaystyle k}$ (to be specified), choose uniformly at random a prime ${\displaystyle p\in [k]}$; send ${\displaystyle p}$ and ${\displaystyle x{\bmod {p}}}$ to Bob; Upon receiving ${\displaystyle p}$ and ${\displaystyle x{\bmod {p}}}$, Bob does: If ${\displaystyle x{\bmod {p}}=y{\bmod {p}}}$ return "probably identical"; else return "distinct".

The number of bits to be communicated is ${\displaystyle O(\log k)}$.

This technique is called fingerprinting. The random prime ${\displaystyle p}$ induces a random fingerprinting function ${\displaystyle {\bmod {p}}}$, so that the ${\displaystyle x{\bmod {p}}}$ and ${\displaystyle y{\bmod {p}}}$ are like the "fingerprints" of ${\displaystyle x}$ and ${\displaystyle y}$. Like the fingerprints of people, the same input must have the same fingerprints and the chance that two distinct inputs have the same fingerprint is small.

If ${\displaystyle x=y}$, then it is trivial to see that the output is "probably identical". For the case that ${\displaystyle x\neq y}$, it is probable that Alice pick a wrong prime ${\displaystyle p}$ so that ${\displaystyle x\equiv y{\pmod {p}}}$ and the protocol incorrectly outputs "probably identical", however, it can be proved that this probability of error is polynomially small ${\displaystyle O({\frac {1}{\mathrm {poly} (n)}})}$ for some polynomially large ${\displaystyle k=\mathrm {poly} (n)}$.

Therefore, this randomized protocol solves the problem up to a one-sided error ${\displaystyle O({\frac {1}{\mathrm {poly} (n)}})}$ with communication cost ${\displaystyle O(\log k)=O(\log n)}$.

In the above algorithm, the random coin flips made by Alice are private to herself but not available to Bob.

We may assume that both Alice and Bob observe the same random coin flips with no additional costs. This model is called public coins (so the previous algorithm is actually communication with private coins). With this stronger assumption, we can have new randomized protocol.

We treat the inputs ${\displaystyle x,y\in \{0,1\}^{n}}$ as vectors of ${\displaystyle n}$ Boolean entries. We define the inner product ${\displaystyle \langle x,y\rangle }$ for Boolean vectors ${\displaystyle x,y\in \{0,1\}^{n}}$ as ${\displaystyle \langle x,y\rangle =\left(\sum _{i=1}^{n}x_{i}y_{i}\right){\bmod {2}}}$, which has an equivalent definition ${\displaystyle \langle x,y\rangle =\bigoplus _{i=1}^{n}(x_{i}\wedge y_{i})}$, where ${\displaystyle \oplus }$ is the Boolean operator XOR.

 A randomized (public coin) protocol for EQ Suppose that a uniformly random Boolean vector ${\displaystyle r\in \{0,1\}^{n}}$ is known to both Alice and Bob. Alice does: send ${\displaystyle \langle x,r\rangle }$ to Bob; Upon receiving ${\displaystyle \langle x,r\rangle }$, Bob does: If ${\displaystyle \langle x,r\rangle =\langle y,r\rangle }$ return "probably identical"; else return "distinct".

Same as before, if ${\displaystyle x=y}$, the output is always correct. If ${\displaystyle x\neq y}$, it is easy to check that the protocol gives a wrong anser with probability at most ${\displaystyle 1/2}$. By repeatedly running the protocol for a number of times (with independent public coins ${\displaystyle r}$), the error probability can be reduced significantly.