Presentation is loading. Please wait.

Presentation is loading. Please wait.

Agrawal-Kayal-Saxena Presented by: Xiaosi Zhou

Published byValentine Burns Modified over 9 years ago

Similar presentations

Presentation on theme: "Agrawal-Kayal-Saxena Presented by: Xiaosi Zhou"— Presentation transcript:

1 Agrawal-Kayal-Saxena Presented by: Xiaosi Zhou
PRIMES is in P Agrawal-Kayal-Saxena Presented by: Xiaosi Zhou

2 Outline Introduction 1. What is PRIMES AKS algorithm 1. Basic idea
2. Algorithms for PRIMES before AKS AKS algorithm 1. Basic idea 2. Notation and Preliminaries 3. The algorithm and its correctness 4. Time complexity analysis 5. Conclusions

3 Introduction What is PRIMES:
The decision problem of efficiently determining whether or not a given integer n is prime. Efficiently means in polynomial time, i.e, O(logn) - the size of the input. Referred to as primality testing problem.

4 Algorithms before AKS (1)
The ancient method Try dividing n by every number If any m divides n then n is composite otherwise prime Inefficient--

5 Algorithms before AKS (2)
Fermat Little Theorem — incorrect testing For any prime number n, and any number a which has no common divisors with n, Efficient — O(logn) Counterexample: , but 4 is composite However, it became the basis of many efficient primality tests.

6 Algorithms before AKS (3)
In 1975, Pratt showed that PRIMES is in NP. In 1976, Miller obtained a deterministic polynomial-time algorithm based on Fermat’s Little Theorem assuming Extended Riemann Hypothesis (ERH). In 1977, Solovay and Strassen came up with a randomized algorithm which has a probability of error that can be made arbitrarily small for all inputs. Rabin modified Miller’s algorithm to yield an unconditional but randomized polynomial-time algorithm. In 1986, Goldwasser and Killian proposed a randomized algorithm based on elliptic curves, running in expected polynomial-time on almost all inputs. In 1992, Adleman and Huang modified the Goldwasser-Killian algorithm to obtain a randomized polynomial time algorithm that always produced a certificate of primality.

7 AKS algorithm There does exist a polynomial-time algorithm for proving primality before AKS algorithm.  But what is surprising is that AKS algorithm is a relatively simple deterministic algorithm which relies on no unproved assumptions.

8 AKS algorithm – the idea
This test is based on the generalization of Fermat’s Little Theorem. Theorem: Suppose that a and p are relatively prime integers with p > 1.  p is prime if and only if The theorem suggests a simple test: given input p, choose an a and test whether the above congruence is satisfied. Too many coefficients to check, O(n)

9 The idea (Cont’d) A simpler condition to reduce the coefficients,
test if the following equation is satisfied This must hold if p is prime The problem now is that some composites n may satisfy the equation for a few values of a and r. n must be a prime power if the equation holds for several a’s and an appropriately chosen r.

10 Notation and Preliminaries
denotes the order of a modulo r, which is the smallest number k such that is Euler’s totient function giving the number of numbers less than r that are relatively prime to r.

11 AKS algorithm Input: integer n > 1. If , output COMPOSITE;
Find the smallest r such that If 1 < (a, n) < n for some , output COMPOSITE; If , output PRIME; For a=1 to do if ( ), output COMPOSITE; Output PRIME;

12 Correctness (1) Theorem. The algorithm returns PRIME if and only if n is prime. Proof. [if] If n is prime, steps 1 and 3 can never return COMPOSITE. By the modified Fermat Little Theorem, the for loop also cannot return COMPOSITE. Therefore the algorithm will identify n as PRIME either in step 4 or in step 6.

13 Correctness (2) Proof. [only if] If the algorithm returns PRIME in step 4 then n must be prime since otherwise step 3 would have found a non-trivial factor of n. How about the algorithm returns PRIME in step 6 ? We need more lemmas.

14 Correctness (3) Let p be a prime divisor of n. Also, let Two sets: and

15 Correctness (4) Define two groups based on the two sets.
1. The first group G is the set of all residues of numbers in I modulo r. We have |G| = t > 2. The second group U is the set of all non-zero residues of polynomials in P modulo h(X) and p, where h(X) is one irreducible factor of degree of

16 Correctness (5) Lemma. Lemma. If n is not a power of p then
Lemma. If the algorithm returns PRIME then n is prime. Proof. We have t=|G| and Therefore, for some k>0. If k>1 then the algorithm will return COMPOSITE in step 1. Thus, n=p. QED

17 Time complexity We use the symbol for Ex.
Theorem. The asymptotic time complexity of the algorithm is

18 Time complexity (Cont’d)
Input: integer n > 1. If , output COMPOSITE; Find the smallest r such that If 1 < (a, n) < n for some , output COMPOSITE; If , output PRIME; For a=1 to do if ( ), output COMPOSITE; Output PRIME; 1 2 3 4 5

19 Conclusions AKS algorithm is an unconditional deterministic polynomial-time algorithm for primality testing. The complexity of the original algorithm of AKS is , and can be improved to by improving the estimate for r. This algorithm can be further reduced to if one additional number theoretical conjecture can be proved.

20 Thank you very much!

Download ppt "Agrawal-Kayal-Saxena Presented by: Xiaosi Zhou"

Similar presentations

Presented by Alex Atkins.  An integer p >= 2 is a prime if its only positive integer divisors are 1 and p.  Euclid proved that there are infinitely.

Presented by Alex Atkins.  An integer p >= 2 is a prime if its only positive integer divisors are 1 and p.  Euclid proved that there are infinitely.
Shortest Vector In A Lattice is NP-Hard to approximate

Shortest Vector In A Lattice is NP-Hard to approximate
Number Theory Algorithms and Cryptography Algorithms Prepared by John Reif, Ph.D. Analysis of Algorithms.

Number Theory Algorithms and Cryptography Algorithms Prepared by John Reif, Ph.D. Analysis of Algorithms.
Cryptography and Network Security

Cryptography and Network Security
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Primality Testing) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Primality Testing) Prof. Dr. Th. Ottmann.
Chapter 8 – Introduction to Number Theory. Prime Numbers prime numbers only have divisors of 1 and self –they cannot be written as a product of other.

Chapter 8 – Introduction to Number Theory. Prime Numbers prime numbers only have divisors of 1 and self –they cannot be written as a product of other.
1 Deciding Primality is in P M. Agrawal, N. Kayal, N. Saxena Presentation by Adi Akavia.

1 Deciding Primality is in P M. Agrawal, N. Kayal, N. Saxena Presentation by Adi Akavia.
Computability and Complexity

Computability and Complexity
Having Proofs for Incorrectness

Having Proofs for Incorrectness
MS 101: Algorithms Instructor Neelima Gupta

MS 101: Algorithms Instructor Neelima Gupta
Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)

Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)
Lecture 8: Primality Testing and Factoring Piotr Faliszewski

Lecture 8: Primality Testing and Factoring Piotr Faliszewski
Introduction to Modern Cryptography Lecture 6 1. Testing Primitive elements in Z p 2. Primality Testing. 3. Integer Multiplication & Factoring as a One.

Introduction to Modern Cryptography Lecture 6 1. Testing Primitive elements in Z p 2. Primality Testing. 3. Integer Multiplication & Factoring as a One.
COM 5336 Cryptography Lecture 7a Primality Testing

COM 5336 Cryptography Lecture 7a Primality Testing
Notation Intro. Number Theory Online Cryptography Course Dan Boneh

Notation Intro. Number Theory Online Cryptography Course Dan Boneh
Complexity 18-1 Complexity Andrei Bulatov Probabilistic Algorithms.

Complexity 18-1 Complexity Andrei Bulatov Probabilistic Algorithms.
CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.

CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.
1 Chapter 7– Introduction to Number Theory Instructor: 孫宏民 Room: EECS 6402, Tel:03- 5742968, Fax : 886-3-572-3694.

1 Chapter 7– Introduction to Number Theory Instructor: 孫宏民 Room: EECS 6402, Tel: , Fax :
1 Fingerprint 2 Verifying set equality Verifying set equality v String Matching – Rabin-Karp Algorithm.

1 Fingerprint 2 Verifying set equality Verifying set equality v String Matching – Rabin-Karp Algorithm.
The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.

The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.

Similar presentations

Ads by Google