Analyzing and Testing justified Prime Numbers Concrete Mathematics Final Presentation 20032047 Jeong-Kyu YANG 20032003 Seok-Kyu Kang

OUTLINE Introduction The Primality Testing Algorithms Analyzing Probabilistic Algorithms Deterministic Algorithms Analyzing Solovay-Strassen Algorithm Miller-Rabin Algorithm AKS Algorithm Implements & Experiments Conclusion & Future Works References

Introduction What is Prime Number & Primality Testing? The importance of testing primality Applications in cryptography RSA, etc. uses primality testing algorithm in the part of key generation. How fast and efficient? Brief History 200 BC: Eratosthenes Sieve 1976: NP(Nondeterministic Polynomial-time), Pratt 1977: coRP(Complementary Randomized Polynomial-time), Solovay and Strassen 1987: RP(Randomized Polynomial-time), adleman and Huang 1992: UP(Unambiguous Polynomial-time), Fellows and Koblitz 2002: PRIMES is in P(Polynomial-time), Agrawal et al.

The Primality Testing Algorithms Probabilistic Algorithms Lehamann-Peralta Solovay-Strassen Miller-Rabin Deterministic Algorithms Eratosthenes Sieve Euclidean algorithm Fermat’s Theorem Wilson’s Theorem AKS

Analyzing of Solovay-Strassen Probabilistic Algorithms Solovay-Strassen Algorithm (Cont.) Based on Euler Pseudoprime More effective than the simpler Fermat’s test A number N called an Euler Pseudoprime to base b, if b(N-1)/2 =(b/N) (mod N). ((b/N) is the Jacobi symbol) Legendre symbol, L(a,P) =

Analyzing of Solovay-Strassen Probabilistic Algorithms Solovay-Strassen Algorithm Jacobi’s symbol, J(a,n) is generalized from Legendre’s symbol, L(a, n) Legendre’s symbol, L(a, n)

Analyzing of Miller-Rabin Probabilistic Algorithms Miller-Rabin Algorithm (Cont.) More efficient than Solovay-Strassen Algorithm Emerged by Miller in 1976, modified by Rabin in 1980 Definitely correct if it returns COMPOSITE, input a maybe a pseudoprime if it returns PRIME The probability of Miller-Rabin is not greater than (1/4)s Strong primality test of pseudoprime

Analyzing of Miller-Rabin Probabilistic Algorithms Miller-Rabin Algorithm Reducing the probability of misjudgment Reducing the probability of misjudgment

Analyzing of AKS Deterministic Algorithm AKS Algorithm By Manindra Agrawal, Neeraj Kyal and Nitin Saxena August 2002 Always returns right answer Works in polynomial time Basic Idea (x – a)n ≡ xn – a (mod n) a, n: relatively prime if n is prime: true if n is composite: false Compare n coefficients – O(n) = O(2lg n)

Analyzing of AKS Deterministic Algorithm Find Useful Prime AKS Algorithm Find Useful Prime Set of congruence Brute force can be used

Analyzing of AKS Deterministic Algorithm Filter 1 Filter 2 Filter 3 AKS Algorithm Filter 1 Filter 2 Filter 3

Analyzing of AKS Complexity Filter 1: O(log n)3 Filter 2: O(log n)3 Computation: ai mod n=0 for all 0<i<n. Using square and multiply method requires O(log n) multiplications of polynomials of degree smaller than r Multiplication of 2 such polynomials, takes O(r2) operations in Z/nZ, whereas, multiplication in Z/nZ is O(log n)2 additions. Then the for loop requires O(s* r2*log n*(log n)2)=O(2sqrt r log n* r2*log n*(log n)2), r is O((log n)6) => O((log n)19) O((log n)12f(log log n)), where f is a polynomial function

Implementations – SS, MR and AKS Environment Hardware Pentium III 550mhz, 384 RAM Language: Java (j2sdk1.4.0_02), Boland Jbuilder 6.0 The way to implement Solovay-Strassen & Miller-Rabin Run simultaneously with a same random number generator Same iterations to check better performance Same bit lengths Demo Program-1 AKS Testing with far smaller lengths (Long integer operation is for further works) Testing for polynomial time of AKS Demo Program-2, Program-3

Experiments - Probabilistic Comparison of primality between Solovay-Strassen and Miller-Rabin

Experiments - Deterministic Testing for polynomial time of AKS Limitations: with no memory fluctuation n = 524287 powerTest output: r=23159, s=5784 polyTest: each “for-loop” iteration of the for-loop takes about 355sec (about 6mins). So, overall runtime is 6mins*5784 (value of s in this case), which is about 34704mins = 578.4hours = 24 days!!! Solovay-Strassen & Miller-Rabin: less than 1 sec.

Experiments – Comparison Primality Comparisons among tree algorithms Limitations The range of Positive Odd Integers: 3 ~ 499 Iterations: 130 (SS & MR also has 50 iterations internally)

Conclusion The importance of strong & very big prime numbers from the experiments of this project Miller-Rabin has better performance than Solovay-Strassen However, two algorithms probably declare lots of pseudoprimes AKS is a breakthrough result Always declares real primes Solves a long-standing theoretical problem AKS has no practical relevance Prohibitively slow runtimes Not likely to change any time soon Polynomial computations are just too inefficient Theoretically correctness V.S. practical efficiency? Depend on purposes

Future Works More analysis of complexity for each algorithms Further Experiments for AKS Find useful prime numbers and analyze its characteristics Further Implementation for AKS Try to get over inefficiency of AKS Algorithm Improving to handle very long integers Continue to compare results of each algorithms

References [1] M.Agrawal, N.Kayal and N.Saxena, “PRIMES is in P”, August 6, 2002 [2] William Stallings, “Cryptography and Network security”, second edition. Prentice Hall, 1998 [3] J.Menezes, C.vaz Oorschot and A.Vanstone, “Handbook of Applied Cryptography” CRC,1977 [4] Takeshi Aoyama, “Polynomial Time Primality Testing Algorithm”, 2003 [5] Frontline. “Volume19-Issue 17”, August 17-30.2002 [6] http://www.javastudy.co.kr/docs/techtips/020821.html [7] http://www-fs.informatik.uni-uebingen.de/~reinhard/krypto/primzt.html [8] http://www.cse.iitk.ac.in/news/primality.html [9] http://random.mat.sbg.ac.at/generators/