Characterized logic circuit and a logical CNF formula for SAT problem

Question

I have a problem.

Assume that we have a logic circuit realizing fast modular exponentiation. On the basis of this circuit we build a logical formula CNF.

We know basis (number) for fast modular exponentiation. Of course, this number is written to the circuit (and formulas CNF) in the form of binary variables 0/1: $a_{1}, a_{2} ... a_{k}$. We have also binary variables defining the exponent - but they are not defined, and we will look for them in our problem.

The logic circuit is constructed such that the result of the exponentiation must be equal to $r$ (binary variables $r_{1}, r_{2} ... r_{k}$). CNF formula is true only when the result is correct.

The question is as follows. The exponent in fast modular exponentiation can have $y$ bits.

Is when we add one bit to the length of the exponent of the computational complexity of the formula CNF our problem should increase $2x$?

In theory, the algorithm has to search a lot more combinations, because increasing the length exponent of $1$ bit means that we have not up to $A^{2^{y}}$, but to the number: $A^{2^{y+1}}$.

We are talking about the worst case.

From my initial calculations show, however, that complexity does not increase exponentially. Increases linearly (I use MiniSAT to solve CNF formula). I do not know if I'm incorrect in my software code (maybe so).

What can you say about the problem? What should have complexity?

Answer 1

While the worst-case complexity of the algorithm used by MiniSAT (CDCL) is exponential, the great practical success of SAT solvers owes much to the fact that worst-case performance is not that common.

On the other had, if it looks too good to be true, you are right in wanting to investigate further. In particular, if I understand your problem, you have a (combinational?) circuit from which you derive a formula that is satisfied if and only if $b^e \equiv r \pmod n$. The SAT solver has to find $e$. That is, you use the SAT solver to compute the discrete logarithm function.

The fact that the runtime grows linearly with the number of bits of the exponent would have me scratch my head. Have you verified that the solutions are correct by independent means?