Download presentation

Presentation is loading. Please wait.

Published bySophie Hortense Sherman Modified over 3 years ago

1
1 Deciding Primality is in P M. Agrawal, N. Kayal, N. Saxena Presentation by Adi Akavia

2
2 Background Sieve of Eratosthenes 240BC - (n) Sieve of Eratosthenes 240BC - (n) Fermat’s Little Theorem (17 th century): Fermat’s Little Theorem (17 th century): p is prime, a 0 (mod p) a p-1 1 (mod p) (The converse does not hold – Carmichael numbers) Polynomial-time algorithms: Polynomial-time algorithms: [Miller 76] deterministic, assuming Extended Riemann Hypothesis. [Miller 76] deterministic, assuming Extended Riemann Hypothesis. [Solovay, Strassen 77; Rabin 80] unconditional, but randomized. [Solovay, Strassen 77; Rabin 80] unconditional, but randomized. [Goldwasser, Kilian 86] randomized produces certificate for primality! (for almost all numbers) [Goldwasser, Kilian 86] randomized produces certificate for primality! (for almost all numbers) [Atkin 86; Adelman Huang 92] primality certificate for all numbers. [Atkin 86; Adelman Huang 92] primality certificate for all numbers. [Adelman, Pomerance, Rumely 83] deterministic (log n) O(log log log n) -time. [Adelman, Pomerance, Rumely 83] deterministic (log n) O(log log log n) -time.

3
3 This Paper unconditional, deterministic, polynomial Def (Sophie-Germain primes): primes (p-1)/2 s.t. p is also prime. Def (Sophie-Germain primes): primes (p-1)/2 s.t. p is also prime. Def: r is special with respect to n if: Def: r is special with respect to n if: r is prime, r is prime, r-1 has a large prime factor q = (r 2/3 ), and r-1 has a large prime factor q = (r 2/3 ), and q|O r (n). q|O r (n). Tools: Tools: simple algebra simple algebra High density conjecture for primes p s.t. (p-1)/2 is Sophie-Germain High density conjecture for primes p s.t. (p-1)/2 is Sophie-Germain High density Thm for primes p s.t. p-1 has a large ( (r 2/3 )prime factor. [Fou85, BH96] High density Thm for primes p s.t. p-1 has a large ( (r 2/3 )) prime factor. [Fou85, BH96] Def: order n mod r, denoted O r (n), is the smallest power t s.t. n t 1 (mod r).

4
4 This Paper unconditional, deterministic, polynomial Def (Sophie-Germain primes): primes (p-1)/2 s.t. p is also prime. Def (Sophie-Germain primes): primes (p-1)/2 s.t. p is also prime. Def: r is “almost Sophie-Germain“ (ASG) if: Def: r is “almost Sophie-Germain“ (ASG) if: r is prime, r is prime, r-1 has a large prime factor q = (r 2/3 ) r-1 has a large prime factor q = (r 2/3 ) Tools: Tools: simple algebra simple algebra High density conjecture for primes p s.t. (p-1)/2 is Sophie-Germain High density conjecture for primes p s.t. (p-1)/2 is Sophie-Germain High density Thm for primes p that are ‘almost Sophie-Germain’. [Fou85, BH96] High density Thm for primes p that are ‘almost Sophie-Germain’. [Fou85, BH96]

5
5 Basic Idea Fact: For any a s.t (a,n) =1: Fact: For any a s.t (a,n) =1: n is prime (x-a) n x n -a (mod n) n is prime (x-a) n x n -a (mod n) n is composite (x-a) n x n -a (mod n) n is composite (x-a) n x n -a (mod n) Naive algo: Pick an arbitrary a, check if (x-a) n x n -a (mod n) Naive algo: Pick an arbitrary a, check if (x-a) n x n -a (mod n) Problem: time complexity - (n). Problem: time complexity - (n). Proof: Develop (x-a) n using Newton-binomial. Assume n is prime, then Assume n is prime, then Assume n is composite, then let q|n, let q k ||n, then and, hence x q has non zero coefficient (mod n). Assume n is composite, then let q|n, let q k ||n, then and, hence x q has non zero coefficient (mod n).

6
6 Basic Idea Idea: Pick an arbitrary a, and some polynomial x r -1, with r = poly log n, check if (x-a) n x n -a (mod x r -1, n) Idea: Pick an arbitrary a, and some polynomial x r -1, with r = poly log n, check if (x-a) n x n -a (mod x r -1, n) time complexity – poly(r) time complexity – poly(r) n is prime (x-a) n x n -a (mod x r -1, n) n is prime (x-a) n x n -a (mod x r -1, n) n is composite ?? ?? (x-a) n x n -a (mod x r -1, n) n is composite ?? ?? (x-a) n x n -a (mod x r -1, n) Not true for some (few) values of a,r !

7
7 Improved Idea Improved Idea: Pick many (poly log n) a’s, check for all of them if: (x-a) n x n -a (mod x r -1, n) Accept if equality holds for all a’s Improved Idea: Pick many (poly log n) a’s, check for all of them if: (x-a) n x n -a (mod x r -1, n) Accept if equality holds for all a’s

8
8 Algebraic Background – Extension Field Def: Consider fields F, E. E is an extension of F, if F is a subfield of E. Def: Galois field GF(p k ) (p prime) is the unique (up to isomorphism) finite field containing p k elements. (The cardinality of any finite fields is a prime-power.) Def: A polynomial f(x) is called irreducible in GF(p) if it does not factor over GF(p)

9
9 Multiplicative Group Def: GF * (p k ) is the multiplicative group of the Galois Field GF(p k ), that is, GF * (p k ) = GF(p k )\{0}. Thm: GF * (p k ) is cyclic, thus it has a generator g:

10
10 Constructing Galois Fields Def: F p denotes a finite field of p elements (p is prime). Def: Let f(x) be a k-degree polynomial. Def: Let F p [x]/f(x) be the set of k-1-degree polynomials over F p, with addition and multiplication modulo f(x). Thm: If f(x) is irreducible over GF(p), then GF(p k ) F p [x]/f(x).

11
11 F p [x]/f(x) - Example Let the irreducible polynomial f(x) be: Represent polynomials as vectors (k-1 degree polynomial vector of k coefficient) : Addition:

12
12 F p [x]/f(x) - Example Multiplication: First, multiply ‘mod p’: First, multiply ‘mod p’: Next, apply ’mod f(x)’: Next, apply ’mod f(x)’:

13
13 The Algorithm Input: integer n 1. Find r O(log 6 n), s.t. r is special, 2. Let l = 2r 1/2 log n. 3. For t=2,…,l, if t|n output COMPOSITE 4. If n is (prime) power -- n=p k, for k>1 output COMPOSITE. 5. For a =1,…,l, if (x-a) n x n -a (mod x r -1, n), output COMPOSITE. 6. Otherwise: output PRIME. Def: r is special if: r is Almost Sophie-Germain, and q|O r (n) (where qthe large prime factor of r-1). q|O r (n) (where q is the large prime factor of r-1).

14
14 Proof’s Structure Saw: primality test. We next show: Special r O(log 6 n) exists. Special r O(log 6 n) exists. For such r: if n is composite s.t. n passes steps (3) and (4), then a [1..l] s.t. (x-a) n x n -a (mod x r -1, n) (hence, returns COMPOSITE at step (5)) For such r: if n is composite s.t. n passes steps (3) and (4), then a [1..l] s.t. (x-a) n x n -a (mod x r -1, n) (hence, returns COMPOSITE at step (5)) 1. Find r O(log 6 n), s.t. r is special, 2. Let l = 2r 1/2 log n. 3. For t=2,…,l, if t|n output COMPOSITE 4. If n is a prime power, i.e. n=p k, for some prime p, output COMPOSITE. 5. For a =1,…,l, if (x-a) n x n -a (mod x r -1, n), output COMPOSITE. 6. Otherwise output PRIME.

15
15 Finding Suitable r Elaborating on step (1): 1. while r < c log 6 n 1. if r is prime 2. let q be the largest prime factor of r-1 3. if (q 4r 1/2 log n) and (n (r-1)/q 1 (mod r)) break; 4. r r+1 Complexity: O(log 6 n) iterations, each taking: O(r 1/2 poly log r), hence total poly log n. when ‘break’ is reached: r is prime, q is large, and q|O r (n)when ‘break’ is reached: r is prime, q is large, and q|O r (n) 1. Find r O(log 6 n), s.t. r is special, 2. Let l = 2r 1/2 log n. 3. For t=2,…,l, if t|n output COMPOSITE 4. If n is a prime power, i.e. n=p k, for some prime p, output COMPOSITE. 5. For a =1,…,l, if (x-a) n x n -a (mod x r -1, n), output COMPOSITE. 6. Otherwise output PRIME.

16
16 Lemma: Special r O(log 6 n) s.t. q|O r (n) exists. Proof: let , =O(log 6 n), consider the interval [ .. ]. let , =O(log 6 n), consider the interval [ .. ]. special numbers are dense in [ .. ] special numbers are dense in [ .. ] there are only few primes r [ .. ] s.t O r (n) < 1/3. there are only few primes r [ .. ] s.t O r (n) < 1/3. Hence, by counting argument, exists a special r [ .. ] s.t. O r (n) > 1/3. Hence, by counting argument, exists a special r [ .. ] s.t. O r (n) > 1/3. Moreover, O r (n) > 1/3 q | O r (n). Moreover, O r (n) > 1/3 q | O r (n). Therefore, exists a special r [ .. ] s.t. q|O r (n). Therefore, exists a special r [ .. ] s.t. q|O r (n). #special [ .. ] #special [1.. ] - #primes [1.. ] = (log 6 n / loglog n) (using density of special numbers, and lower bound on density of primes) O r (n) < 1/3 r | =(n-1)(n 2 -1)...(n^ 1/3 -1). However, has no more than 2/3 log n prime divisors assumeq O r (n), then n (r-1)/q 1, therefore O r (n) (r-1)/q. However(r-1)/q 1/3 -- a contradiction. assume q doesn’t divide O r (n), then n (r-1)/q 1, therefore O r (n) (r-1)/q. However (r-1)/q < 1/3 -- a contradiction.

17
17 Lemma: Special r O(log 6 n) exists. Proof: let , =O(log 6 n), consider the interval [ .. ]. let , =O(log 6 n), consider the interval [ .. ]. ASG numbers are dense in [ .. ] ASG numbers are dense in [ .. ] there are only few primes r [ .. ] s.t O r (n) < 1/3. there are only few primes r [ .. ] s.t O r (n) < 1/3. Hence, by counting argument, exists a ASG r [ .. ] s.t. O r (n) > 1/3. Hence, by counting argument, exists a ASG r [ .. ] s.t. O r (n) > 1/3. Moreover, O r (n) > 1/3 q | O r (n). Moreover, O r (n) > 1/3 q | O r (n). Therefore, exists a special r [ .. ]. Therefore, exists a special r [ .. ]. #ASG [ .. ] #ASG [1.. ] - #primes [1.. ] = (log 6 n / loglog n) (using density of ASG numbers, and upper bound on density of primes) O r (n) < 1/3 r | =(n-1)(n 2 -1)...(n^ 1/3 -1). However, has no more than 2/3 log n prime divisors assumeq O r (n), then n (r-1)/q 1, therefore O r (n) (r-1)/q. However(r-1)/q 1/3 -- a contradiction. assume q doesn’t divide O r (n), then n (r-1)/q 1, therefore O r (n) (r-1)/q. However (r-1)/q < 1/3 -- a contradiction.

18
18 Correctness Proof Lemma: n is composite step (5) returns ‘composite’. That is, If n is composite, and If n is composite, and n has no factor t l, and n has no factor t l, and n is not a prime-power n is not a prime-power then a [1..l] s.t. (x-a) n x n -a (mod x r -1, n) then a [1..l] s.t. (x-a) n x n -a (mod x r -1, n) 1. Find r O(log 6 n), s.t. r is special, 2. Let l = 2r 1/2 log n. 3. For t=2,…,l, if t|n output COMPOSITE 4. If n is a prime power, i.e. n=p k, for some prime p, output COMPOSITE. 5. For a =1,…,l, if (x-a) n x n -a (mod x r -1, n), output COMPOSITE. 6. Otherwise output PRIME.

19
19 Proof Let p be a prime factor of n, and let h(x) be an irreducible factor of x r -1, Let p be a prime factor of n, and let h(x) be an irreducible factor of x r -1, It suffices to show inequality (mod h(x), p) instead of (mod x r -1, n), i.e. a [1..l] s.t. (x-a) n x n -a (mod h(x), p) It suffices to show inequality (mod h(x), p) instead of (mod x r -1, n), i.e. a [1..l] s.t. (x-a) n x n -a (mod h(x), p) Choose p and h(x) s.t. Choose p and h(x) s.t. q|O r (p), and q|O r (p), and deg(h(x)) = O r (p) deg(h(x)) = O r (p) Such p exists: Let n=p 1 p 2 …p k, then O r (n) = lcm{Or(p i )}. Therefore: q|O r (n) i q|O r (p i ) (as q is prime) Such h exists: by previous claim.

20
20 Proof Assume by contradiction that n is composite, and passes all the tests, i.e. Assume by contradiction that n is composite, and passes all the tests, i.e. n has no small factor, and n has no small factor, and n is not a prime-power, and n is not a prime-power, and a [1..l] (x-a) n x n -a (mod h(x), p), a [1..l] (x-a) n x n -a (mod h(x), p),

21
21 Proof Consider the group generated by {(x-a)} a [1..l] (mod h(x), p), i.e. Consider the group generated by {(x-a)} a [1..l] (mod h(x), p), i.e. Note: f(x) G, f(x) n f(x n ) Note: f(x) G, f(x) n f(x n ) Let I = { m | f G, f(x) m f(x m ) }. Let I = { m | f G, f(x) m f(x m ) }. Lemma: I is multiplicative, i.e. u,v I uv I. Lemma: I is multiplicative, i.e. u,v I uv I. Proof: x r -1|x vr -1, therefore Proof: x r -1|x vr -1, thereforehence

22
22 Proof - n I I is large Prop: (i,j) (i’,j’) n i p j n i’ p j (since n p k ) Prop: (i,j) (i’,j’) n i p j n i’ p j (since n p k ) Lemma: , if u,v I s.t. (i,j) (i’,j’) u i v j u i’ v j’, then |I| [u v ] > 2. Lemma: , if u,v I s.t. (i,j) (i’,j’) u i v j u i’ v j’, then |I| [u v ] > 2. Corollary: , n I |I| [u v ] > 2. Proof: p I. Corollary: , n I |I| [u v ] > 2. Proof: p I. However, Lemma: However, Lemma: Corollary: n I |I| [|G|] > r. Corollary: n I |I| [|G|] > r. ( +1) 2 different pairs (i,j), each give a distinct value Consider all polynomials of degree bound

23
23 Irreducible Factors of (x r -1)/(x-1) Def: Let h(x) denote any irreducible factor of (x r -1)/(x-1), and d = deg(h(x)) Def: Let h(x) denote any irreducible factor of (x r -1)/(x-1), and d = deg(h(x)) Claim: h(x), d=O r (p) Claim: h(x), d=O r (p) Proof: Denote k=O r (p). Note F p [x]/h(x) is of size p d, therefore F p [x]/h(x)* is cyclic of order p d -1. Proof: Denote k=O r (p). Note F p [x]/h(x) is of size p d, therefore F p [x]/h(x)* is cyclic of order p d -1. k|dx r 1 (mod h(x)), hence O h(x) (x) is r, therefore r|p d -1, i.e., p d 1 (mod r), and hence k|d (recall d=O r (p)). k|d: x r 1 (mod h(x)), hence O h(x) (x) is r, therefore r|p d -1, i.e., p d 1 (mod r), and hence k|d (recall d=O r (p)). d|kg be a generator, then hencep d -1 |p k -1therefore d|k. d|k: let g be a generator, then hence p d -1 | p k -1. and therefore d|k. Recall, if r is special with respect to n, then r-1 has a large prime factor q, s.t. q|O r (n). Choose p s.t. q|O r (p) (exists). Then d is large. exists

24
24 Proof – I is small Lemma: Letm1, m2 I, then m1 m2 (mod |G|) m1 m2 (mod r) Lemma: Let m1, m2 I, then m1 m2 (mod |G|) m1 m2 (mod r) Lemma(I is small): |I| [|G|] r Lemma(I is small): |I| [|G|] r Proof: Proof: Each two elements in |I| [|G|] are different mod |G|. Each two elements in |I| [|G|] are different mod |G|. Therefore they are different mod r. Therefore they are different mod r. Hence |I| [|G|] r. Hence |I| [|G|] r. Contradiction! Contradiction! Proof: Let g(x) be a generator of G. Let m2=m1+kr. (*) m1 m2 (mod r), then x m1 x m2 (mod h(x)) (as x r 1 (mod h(x)))

25
25 The End

26
26 Proof - G is large, Cont. Hence, Prop: d 2l Proof: Recall d=O r (p) and q|O r (p), hence d q 2l (recall q 4r 1/2 log n, l=2r 1/2 log n) Hence This is the reason for seeking a large q s.t. q|O r (n)

Similar presentations

Presentation is loading. Please wait....

OK

Cryptography Lecture 6 Stefan Dziembowski

Cryptography Lecture 6 Stefan Dziembowski

© 2018 SlidePlayer.com Inc.

All rights reserved.

To ensure the functioning of the site, we use **cookies**. We share information about your activities on the site with our partners and Google partners: social networks and companies engaged in advertising and web analytics. For more information, see the Privacy Policy and Google Privacy & Terms.
Your consent to our cookies if you continue to use this website.

Ads by Google

Ppt on resources and development class 10 cbse results Ppt on cross docking technique Ppt on next generation 2-stroke engine or 4-stroke Ppt on file system in unix you combine Slide show view ppt on iphone Ppt on polynomials download movies Ppt on normal distribution Ppt on art of war audio Ppt on movie 300 Small ppt on water conservation