 # 1 Deciding Primality is in P M. Agrawal, N. Kayal, N. Saxena Presentation by Adi Akavia.

## Presentation on theme: "1 Deciding Primality is in P M. Agrawal, N. Kayal, N. Saxena Presentation by Adi Akavia."— Presentation transcript:

1 Deciding Primality is in P M. Agrawal, N. Kayal, N. Saxena Presentation by Adi Akavia

2 Background Sieve of Eratosthenes 240BC -  (n) Sieve of Eratosthenes 240BC -  (n) Fermat’s Little Theorem (17 th century): Fermat’s Little Theorem (17 th century): p is prime, a  0 (mod p)  a p-1  1 (mod p) (The converse does not hold – Carmichael numbers) Polynomial-time algorithms: Polynomial-time algorithms: [Miller 76] deterministic, assuming Extended Riemann Hypothesis. [Miller 76] deterministic, assuming Extended Riemann Hypothesis. [Solovay, Strassen 77; Rabin 80] unconditional, but randomized. [Solovay, Strassen 77; Rabin 80] unconditional, but randomized. [Goldwasser, Kilian 86] randomized produces certificate for primality! (for almost all numbers) [Goldwasser, Kilian 86] randomized produces certificate for primality! (for almost all numbers) [Atkin 86; Adelman Huang 92] primality certificate for all numbers. [Atkin 86; Adelman Huang 92] primality certificate for all numbers. [Adelman, Pomerance, Rumely 83] deterministic (log n) O(log log log n) -time. [Adelman, Pomerance, Rumely 83] deterministic (log n) O(log log log n) -time.

3 This Paper unconditional, deterministic, polynomial Def (Sophie-Germain primes): primes (p-1)/2 s.t. p is also prime. Def (Sophie-Germain primes): primes (p-1)/2 s.t. p is also prime. Def: r is special with respect to n if: Def: r is special with respect to n if: r is prime, r is prime, r-1 has a large prime factor q =  (r 2/3 ), and r-1 has a large prime factor q =  (r 2/3 ), and q|O r (n). q|O r (n). Tools: Tools: simple algebra simple algebra High density conjecture for primes p s.t. (p-1)/2 is Sophie-Germain High density conjecture for primes p s.t. (p-1)/2 is Sophie-Germain High density Thm for primes p s.t. p-1 has a large (  (r 2/3 )prime factor. [Fou85, BH96] High density Thm for primes p s.t. p-1 has a large (  (r 2/3 )) prime factor. [Fou85, BH96] Def: order n mod r, denoted O r (n), is the smallest power t s.t. n t  1 (mod r).

4 This Paper unconditional, deterministic, polynomial Def (Sophie-Germain primes): primes (p-1)/2 s.t. p is also prime. Def (Sophie-Germain primes): primes (p-1)/2 s.t. p is also prime. Def: r is “almost Sophie-Germain“ (ASG) if: Def: r is “almost Sophie-Germain“ (ASG) if: r is prime, r is prime, r-1 has a large prime factor q =  (r 2/3 ) r-1 has a large prime factor q =  (r 2/3 ) Tools: Tools: simple algebra simple algebra High density conjecture for primes p s.t. (p-1)/2 is Sophie-Germain High density conjecture for primes p s.t. (p-1)/2 is Sophie-Germain High density Thm for primes p that are ‘almost Sophie-Germain’. [Fou85, BH96] High density Thm for primes p that are ‘almost Sophie-Germain’. [Fou85, BH96]

5 Basic Idea Fact: For any a s.t (a,n)  =1: Fact: For any a s.t (a,n)  =1: n is prime  (x-a) n  x n -a (mod n) n is prime  (x-a) n  x n -a (mod n) n is composite  (x-a) n  x n -a (mod n) n is composite  (x-a) n  x n -a (mod n) Naive algo: Pick an arbitrary a, check if (x-a) n  x n -a (mod n) Naive algo: Pick an arbitrary a, check if (x-a) n  x n -a (mod n) Problem: time complexity -  (n). Problem: time complexity -  (n). Proof: Develop (x-a) n using Newton-binomial. Assume n is prime, then Assume n is prime, then Assume n is composite, then let q|n, let q k ||n, then and, hence x q has non zero coefficient (mod n). Assume n is composite, then let q|n, let q k ||n, then and, hence x q has non zero coefficient (mod n).

6 Basic Idea Idea: Pick an arbitrary a, and some polynomial x r -1, with r = poly log n, check if (x-a) n  x n -a (mod x r -1, n) Idea: Pick an arbitrary a, and some polynomial x r -1, with r = poly log n, check if (x-a) n  x n -a (mod x r -1, n) time complexity – poly(r) time complexity – poly(r) n is prime  (x-a) n  x n -a (mod x r -1, n) n is prime  (x-a) n  x n -a (mod x r -1, n) n is composite ??  ?? (x-a) n  x n -a (mod x r -1, n) n is composite ??  ?? (x-a) n  x n -a (mod x r -1, n) Not true for some (few) values of a,r !

7 Improved Idea Improved Idea: Pick many (poly log n) a’s, check for all of them if: (x-a) n  x n -a (mod x r -1, n) Accept if equality holds for all a’s Improved Idea: Pick many (poly log n) a’s, check for all of them if: (x-a) n  x n -a (mod x r -1, n) Accept if equality holds for all a’s

8 Algebraic Background – Extension Field Def: Consider fields F, E. E is an extension of F, if F is a subfield of E. Def: Galois field GF(p k ) (p prime) is the unique (up to isomorphism) finite field containing p k elements. (The cardinality of any finite fields is a prime-power.) Def: A polynomial f(x) is called irreducible in GF(p) if it does not factor over GF(p)

9 Multiplicative Group Def: GF * (p k ) is the multiplicative group of the Galois Field GF(p k ), that is, GF * (p k ) = GF(p k )\{0}. Thm: GF * (p k ) is cyclic, thus it has a generator g:

10 Constructing Galois Fields Def: F p denotes a finite field of p elements (p is prime). Def: Let f(x) be a k-degree polynomial. Def: Let F p [x]/f(x) be the set of k-1-degree polynomials over F p, with addition and multiplication modulo f(x). Thm: If f(x) is irreducible over GF(p), then GF(p k )  F p [x]/f(x).

11 F p [x]/f(x) - Example Let the irreducible polynomial f(x) be: Represent polynomials as vectors (k-1 degree polynomial  vector of k coefficient) : Addition:

12 F p [x]/f(x) - Example Multiplication: First, multiply ‘mod p’: First, multiply ‘mod p’: Next, apply ’mod f(x)’: Next, apply ’mod f(x)’:

13 The Algorithm Input: integer n 1. Find r  O(log 6 n), s.t. r is special, 2. Let l = 2r 1/2 log n. 3. For t=2,…,l, if t|n output COMPOSITE 4. If n is (prime) power -- n=p k, for k>1 output COMPOSITE. 5. For a =1,…,l, if (x-a) n  x n -a (mod x r -1, n), output COMPOSITE. 6. Otherwise: output PRIME.  Def: r is special if:  r is Almost Sophie-Germain, and  q|O r (n) (where qthe large prime factor of r-1).  q|O r (n) (where q is the large prime factor of r-1).

14 Proof’s Structure Saw: primality test. We next show: Special r  O(log 6 n) exists. Special r  O(log 6 n) exists. For such r: if n is composite s.t. n passes steps (3) and (4), then  a  [1..l] s.t. (x-a) n  x n -a (mod x r -1, n) (hence, returns COMPOSITE at step (5)) For such r: if n is composite s.t. n passes steps (3) and (4), then  a  [1..l] s.t. (x-a) n  x n -a (mod x r -1, n) (hence, returns COMPOSITE at step (5)) 1. Find r  O(log 6 n), s.t. r is special, 2. Let l = 2r 1/2 log n. 3. For t=2,…,l, if t|n output COMPOSITE 4. If n is a prime power, i.e. n=p k, for some prime p, output COMPOSITE. 5. For a =1,…,l, if (x-a) n  x n -a (mod x r -1, n), output COMPOSITE. 6. Otherwise output PRIME.

15 Finding Suitable r Elaborating on step (1): 1. while r < c log 6 n 1. if r is prime 2. let q be the largest prime factor of r-1 3. if (q  4r 1/2 log n) and (n (r-1)/q  1 (mod r)) break; 4. r  r+1 Complexity: O(log 6 n) iterations, each taking: O(r 1/2 poly log r), hence total poly log n. when ‘break’ is reached: r is prime, q is large, and q|O r (n)when ‘break’ is reached: r is prime, q is large, and q|O r (n) 1. Find r  O(log 6 n), s.t. r is special, 2. Let l = 2r 1/2 log n. 3. For t=2,…,l, if t|n output COMPOSITE 4. If n is a prime power, i.e. n=p k, for some prime p, output COMPOSITE. 5. For a =1,…,l, if (x-a) n  x n -a (mod x r -1, n), output COMPOSITE. 6. Otherwise output PRIME.

16 Lemma: Special r  O(log 6 n) s.t. q|O r (n) exists. Proof: let ,  =O(log 6 n), consider the interval [ ..  ]. let ,  =O(log 6 n), consider the interval [ ..  ]. special numbers are dense in [ ..  ] special numbers are dense in [ ..  ] there are only few primes r  [ ..  ] s.t O r (n) <  1/3. there are only few primes r  [ ..  ] s.t O r (n) <  1/3. Hence, by counting argument, exists a special r  [ ..  ] s.t. O r (n) >  1/3. Hence, by counting argument, exists a special r  [ ..  ] s.t. O r (n) >  1/3. Moreover, O r (n) >  1/3  q | O r (n). Moreover, O r (n) >  1/3  q | O r (n). Therefore, exists a special r  [ ..  ] s.t. q|O r (n). Therefore, exists a special r  [ ..  ] s.t. q|O r (n). #special  [ ..  ]  #special  [1..  ] - #primes  [1..  ] =  (log 6 n / loglog n) (using density of special numbers, and lower bound on density of primes) O r (n) <  1/3  r |  =(n-1)(n 2 -1)...(n^  1/3 -1). However,  has no more than  2/3 log n prime divisors assumeq O r (n), then n (r-1)/q  1, therefore O r (n)  (r-1)/q. However(r-1)/q  1/3 -- a contradiction. assume q doesn’t divide O r (n), then n (r-1)/q  1, therefore O r (n)  (r-1)/q. However (r-1)/q <  1/3 -- a contradiction.

17 Lemma: Special r  O(log 6 n) exists. Proof: let ,  =O(log 6 n), consider the interval [ ..  ]. let ,  =O(log 6 n), consider the interval [ ..  ]. ASG numbers are dense in [ ..  ] ASG numbers are dense in [ ..  ] there are only few primes r  [ ..  ] s.t O r (n) <  1/3. there are only few primes r  [ ..  ] s.t O r (n) <  1/3. Hence, by counting argument, exists a ASG r  [ ..  ] s.t. O r (n) >  1/3. Hence, by counting argument, exists a ASG r  [ ..  ] s.t. O r (n) >  1/3. Moreover, O r (n) >  1/3  q | O r (n). Moreover, O r (n) >  1/3  q | O r (n). Therefore, exists a special r  [ ..  ]. Therefore, exists a special r  [ ..  ]. #ASG  [ ..  ]  #ASG  [1..  ] - #primes  [1..  ] =  (log 6 n / loglog n) (using density of ASG numbers, and upper bound on density of primes) O r (n) <  1/3  r |  =(n-1)(n 2 -1)...(n^  1/3 -1). However,  has no more than  2/3 log n prime divisors assumeq O r (n), then n (r-1)/q  1, therefore O r (n)  (r-1)/q. However(r-1)/q  1/3 -- a contradiction. assume q doesn’t divide O r (n), then n (r-1)/q  1, therefore O r (n)  (r-1)/q. However (r-1)/q <  1/3 -- a contradiction.

18 Correctness Proof Lemma: n is composite  step (5) returns ‘composite’. That is, If n is composite, and If n is composite, and n has no factor t  l, and n has no factor t  l, and n is not a prime-power n is not a prime-power then  a  [1..l] s.t. (x-a) n  x n -a (mod x r -1, n) then  a  [1..l] s.t. (x-a) n  x n -a (mod x r -1, n) 1. Find r  O(log 6 n), s.t. r is special, 2. Let l = 2r 1/2 log n. 3. For t=2,…,l, if t|n output COMPOSITE 4. If n is a prime power, i.e. n=p k, for some prime p, output COMPOSITE. 5. For a =1,…,l, if (x-a) n  x n -a (mod x r -1, n), output COMPOSITE. 6. Otherwise output PRIME.

19 Proof Let p be a prime factor of n, and let h(x) be an irreducible factor of x r -1, Let p be a prime factor of n, and let h(x) be an irreducible factor of x r -1, It suffices to show inequality (mod h(x), p) instead of (mod x r -1, n), i.e.  a  [1..l] s.t. (x-a) n  x n -a (mod h(x), p) It suffices to show inequality (mod h(x), p) instead of (mod x r -1, n), i.e.  a  [1..l] s.t. (x-a) n  x n -a (mod h(x), p) Choose p and h(x) s.t. Choose p and h(x) s.t. q|O r (p), and q|O r (p), and deg(h(x)) = O r (p) deg(h(x)) = O r (p) Such p exists: Let n=p 1 p 2 …p k, then O r (n) = lcm{Or(p i )}. Therefore: q|O r (n)   i q|O r (p i ) (as q is prime) Such h exists: by previous claim.

20 Proof Assume by contradiction that n is composite, and passes all the tests, i.e. Assume by contradiction that n is composite, and passes all the tests, i.e. n has no small factor, and n has no small factor, and n is not a prime-power, and n is not a prime-power, and  a  [1..l] (x-a) n  x n -a (mod h(x), p),  a  [1..l] (x-a) n  x n -a (mod h(x), p),

21 Proof Consider the group generated by {(x-a)} a  [1..l] (mod h(x), p), i.e. Consider the group generated by {(x-a)} a  [1..l] (mod h(x), p), i.e. Note:  f(x)  G, f(x) n  f(x n ) Note:  f(x)  G, f(x) n  f(x n ) Let I = { m |  f  G, f(x) m  f(x m ) }. Let I = { m |  f  G, f(x) m  f(x m ) }. Lemma: I is multiplicative, i.e. u,v  I  uv  I. Lemma: I is multiplicative, i.e. u,v  I  uv  I. Proof: x r -1|x vr -1, therefore Proof: x r -1|x vr -1, thereforehence

22 Proof - n  I  I is large Prop:  (i,j)  (i’,j’) n i p j  n i’ p j (since n  p k ) Prop:  (i,j)  (i’,j’) n i p j  n i’ p j (since n  p k ) Lemma: , if  u,v  I s.t.  (i,j)  (i’,j’) u i v j  u i’ v j’, then |I|  [u  v  ] >  2. Lemma: , if  u,v  I s.t.  (i,j)  (i’,j’) u i v j  u i’ v j’, then |I|  [u  v  ] >  2. Corollary: , n  I  |I|  [u  v  ] >  2. Proof: p  I. Corollary: , n  I  |I|  [u  v  ] >  2. Proof: p  I. However, Lemma: However, Lemma: Corollary: n  I  |I|  [|G|] > r. Corollary: n  I  |I|  [|G|] > r. (  +1) 2 different pairs (i,j), each give a distinct value Consider all polynomials of degree bound <d. There are all distinct in F p [x]/h(x). Therefore

23 Irreducible Factors of (x r -1)/(x-1) Def: Let h(x) denote any irreducible factor of (x r -1)/(x-1), and d = deg(h(x)) Def: Let h(x) denote any irreducible factor of (x r -1)/(x-1), and d = deg(h(x)) Claim: h(x), d=O r (p) Claim: h(x), d=O r (p) Proof: Denote k=O r (p). Note F p [x]/h(x) is of size p d, therefore F p [x]/h(x)* is cyclic of order p d -1. Proof: Denote k=O r (p). Note F p [x]/h(x) is of size p d, therefore F p [x]/h(x)* is cyclic of order p d -1. k|dx r  1 (mod h(x)), hence O h(x) (x) is r, therefore r|p d -1, i.e., p d  1 (mod r), and hence k|d (recall d=O r (p)). k|d: x r  1 (mod h(x)), hence O h(x) (x) is r, therefore r|p d -1, i.e., p d  1 (mod r), and hence k|d (recall d=O r (p)). d|kg be a generator, then hencep d -1 |p k -1therefore d|k. d|k: let g be a generator, then hence p d -1 | p k -1. and therefore d|k. Recall, if r is special with respect to n, then r-1 has a large prime factor q, s.t. q|O r (n). Choose p s.t. q|O r (p) (exists). Then d is large. exists

24 Proof – I is small Lemma: Letm1, m2  I, then m1  m2 (mod |G|)  m1  m2 (mod r) Lemma: Let m1, m2  I, then m1  m2 (mod |G|)  m1  m2 (mod r) Lemma(I is small): |I|  [|G|]  r Lemma(I is small): |I|  [|G|]  r Proof: Proof: Each two elements in |I|  [|G|] are different mod |G|. Each two elements in |I|  [|G|] are different mod |G|. Therefore they are different mod r. Therefore they are different mod r. Hence |I|  [|G|]  r. Hence |I|  [|G|]  r. Contradiction! Contradiction! Proof: Let g(x) be a generator of G. Let m2=m1+kr. (*) m1  m2 (mod r), then x m1  x m2 (mod h(x)) (as x r  1 (mod h(x)))

25 The End

26 Proof - G is large, Cont. Hence, Prop: d  2l Proof: Recall d=O r (p) and q|O r (p), hence d  q  2l (recall q  4r 1/2 log n, l=2r 1/2 log n) Hence This is the reason for seeking a large q s.t. q|O r (n)

Download ppt "1 Deciding Primality is in P M. Agrawal, N. Kayal, N. Saxena Presentation by Adi Akavia."

Similar presentations