Download presentation

Presentation is loading. Please wait.

Published byTamsin Howard Modified about 1 year ago

1
Scott CH Huang COM 5336 Cryptography Lecture 7a COM 5336 Cryptography Lecture 7a Primality Testing Scott CH Huang 1

2
Definition prime A prime number is a positive integer p having exactly two positive divisors, 1 and p. composite A composite number is a positive integer n > 1 which is not prime. COM 5336 Cryptography Lecture 7a

3
Scott CH Huang Primality Test vs Factorization Factorization’s outputs are non-trivial divisors. Primality test’s output is binary: either PRIME or COMPOSITE COM 5336 Cryptography Lecture 7a

4
Scott CH Huang Naïve Primality Test Input: Integer n > 2 Output: PRIME or COMPOSITE for (i from 2 to n-1){ if (i divides n) return COMPOSITE; } return PRIME; COM 5336 Cryptography Lecture 7a

5
Scott CH Huang Still Naïve Primality Test Input/Output: same as the naïve test for (i from 1 to ){ if (i divides n) return COMPOSITE; } return PRIME; COM 5336 Cryptography Lecture 7a

6
Scott CH Huang Sieve of Eratosthenes Input/Output: same as the naïve test Let A be an arry of length n Set all but the first element of A to TRUE for (i from 2 to ){ if (A[i]=TRUE) Set all multiples of i to FALSE } if (A[i]=TRUE) return PRIME else return COMPOSITE COM 5336 Cryptography Lecture 7a

7
Scott CH Huang Primality Testing Two categories of primality tests Probablistic – Miller-Rabin Probabilistic Primality Test – Cyclotomic Probabilistic Primality Test – Elliptic Curve Probabilistic Primality Test Deterministic – Miller-Rabin Deterministic Primality Test – Cyclotomic Deterministic Primality Test – Agrawal-Kayal-Saxena (AKS) Primality Test COM 5336 Cryptography Lecture 7a

8
Scott CH Huang Running Time of Primality Tests Miller-Rabin Primality Test – Polynomial Time Cyclotomic Primality Test – Exponential Time, but almost poly-time Elliptic Curve Primality Test – Don’t know. Hard to Estimate, but looks like poly-time. AKS Primality Test – Poly-time, but only asymptotically good. COM 5336 Cryptography Lecture 7a

9
Scott CH Huang Fermat’s Primality Test It’s more of a “compositeness test” than a primality test. Fermat’s Little Theorem: If p is prime and, then If we can find an a s.t., then n must be a composite. If, for some a, n passes the test, we cannot conclude n is prime. Such n is a pseudoprime. If this pseudoprime n is not prime, then this a is called a Fermat liar. If, for all we have can we conclude n is prime? No. Such n is called a Carmichael number. COM 5336 Cryptography Lecture 7a

10
Scott CH Huang Pseudocode of Fermat’s Primality Test FERMAT(n,t){ INPUT: odd integer n ≥ 3, # of repetition t OUTPUT: PRIME or COMPOSITE for (i from 1 to t){ Choose a random integer a s.t. 2 ≤ a ≤ n-2 Compute if ( ) return COMPOSITE } return PRIME } COM 5336 Cryptography Lecture 7a

11
Scott CH Huang Miller-Rabin Probabilistic Primality Test It’s more of a “compositeness test” than a primality test. It does not give proof that a number n is prime, it only tells us that, with high probability, n is prime. It’s a randomized algorithm of Las Vegas type. COM 5336 Cryptography Lecture 7a

12
Scott CH Huang A Motivating Observation FACT: Let p be an odd prime.. If then Moreover, if, and m is odd. Let. Then either or for some COM 5336 Cryptography Lecture 7a

13
Scott CH Huang Miller-Rabin If and Then a is a strong witness for the compositeness of n. If or for some then n is called a pseudoprime w.r.t. base a, and a is called a strong liar. COM 5336 Cryptography Lecture 7a

14
Scott CH Huang Miller-Rabin: Algorithm Pseudocode MILLER-RABIN(n,t){ INPUT: odd integer n ≥ 3, # of repetition t Compute k & odd m s.t. for ( i from 1 to t ){ Choose a random integer a s.t. Compute if ( or ){ Set while( and ){ Set if ( ) return COMPOSITE } if ( ) return COMPOSITE } return PRIME } COM 5336 Cryptography Lecture 7a

15
Scott CH Huang Miller-Rabin: Example n = = 2*45, s = 1, r = 45 {1,9,10,12,16,17,22,29,38,53,62,69,74, 75,79,81,82,90} are all strong liars. – 9 45 = 1 mod 91 – = 1 mod 91 – …. All other bases are strong witnesses. – 9 7 = 9 mod 91 – 9 8 = 81 mod 91 COM 5336 Cryptography Lecture 7a

16
Scott CH Huang Miller-Rabin: Main Theorem Theorem: Given n > 9. Let B be the number of strong liars. Then If the Generalized Riemann Hypothesis is true, then Miller-Rabin primality test can be made deterministic by running MILLER-RABIN(n, 2log 2 n) COM 5336 Cryptography Lecture 7a

Similar presentations

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google