1. Deciding Primality is in P
M. Agrawal, N. Kayal, N. Saxena Speaker: Adi Akavia

2. p is prime, a0 (mod p)  ap-11 (mod p)
Background
Sieve of Eratosthenes 240BC -(n)
Fermat’s Little Theorem (17th century):
p is prime, a0 (mod p)  ap-11 (mod p)
(The converse does not hold – Carmichael numbers)
Polynomial-time algorithms:
[Miller 76] deterministic, assuming Extended Riemann Hypothesis.
[Solovay, Strassen 77; Rabin 80] unconditional, but randomized.
[Goldwasser, Kilian 86] randomized produces certificate for primality! (for almost all numbers)
[Adelman Huang 92] primality certificate for all numbers.
[Adelman, Pomerance, Rumely 83] deterministic (log n)O(log log log n)-time.

3. unconditional, deterministic, polynomial
This Paper
unconditional, deterministic, polynomial
Def: r is special with respect to n if:
r is prime,
r-1 has a large prime factor q = (r2/3) , and
q|Or(n).
Tools:
simple algebra
High density Thm for numbers with properties (1) and (2). [Fou85, BH96]
Def: order n mod r, denoted Or(n), is the smallest power t s.t. nt 1 (mod r).h

4. Basic Idea Fact: For any a s.t (a,n)=1:
n is prime  (x-a)nxn-a (mod n)
n is composite  (x-a)nxn-a (mod n)
Naive algo: Pick an arbitrary a, check if (x-a)nxn-a (mod n)
Problem: time complexity - (n).
Proof: Develop (x-a)n using Newton-binomial.
Assume n is prime, then
Assume n is composite, then let q|n, let qk||n, then and , hence xq has non zero coefficient (mod n).

5. Basic Idea
Idea: Pick an arbitrary a, and some polynomial xr-1, with r = poly log n, check if (x-a)nxn-a (mod xr-1, n)
time complexity – poly(r)
n is prime  (x-a)nxn-a (mod xr-1, n)
n is composite ???? (x-a)nxn-a (mod xr-1, n)
Not true for some (few) values of a,r !

6. Improved Idea
Improved Idea: Pick many (poly log n) a’s, check for all of them if: (x-a)nxn-a (mod xr-1, n) Accept if equality holds for all a’s

7. Some Algebra Reminders
Def: Fp (p is prime) denotes the finite field of p elements {0,1,…,p-1}.
Def: Fp[x] denotes the ring of polynomials over Fp.
Def: Let f(x) be a k-degree polynomial.
Def: Fp[x]/f(x) denotes the set of k-1-degree polynomials over Fp, with addition and multiplication modulo f(x).
Thm: If f(x) is irreducible over Fp, then Fp[x]/f(x)  the unique field with pk elements.

8. Fp[x]/f(x) - Addition Let the polynomial f(x) over F2 be:
Represent polynomials as vectors (k-1 degree polynomial  vector of k coefficient):
Addition:

9. Fp[x]/f(x) - Multiplication
First, multiply ‘mod p’:
Next, apply ’mod f(x)’:

10. Fp[x]/f(x) - mod f(x)
Example:
In general for f(x) = xr-1:

11. Irreducible Factors of (xr-1)/(x-1)
Fact: Consider the polynomial (xr-1)/(x-1) over Fp. All its irreducible factors are of degree d = deg(h(x))

12. The Algorithm Input: integer n Find r  O(log6n), s.t. r is special,
Let l = 2r1/2log n.
Small divisors test: For t=2,…,l, if t|n output COMPOSITE
Power test: If n is a power -- n=pk, for k>1 output COMPOSITE .
Polynomials test: For a =1,…,l, if (x-a)n  xn-a (mod xr-1, n), output COMPOSITE .
Otherwise: output PRIME.

13. Special r  O(log6n) exists (later)
Find r  O(log6n), s.t. r is special,
Let l = 2r1/2log n.
If exists a small ( < l+1) divisor, output COMPOSITE
If n is a power, output COMPOSITE .
For a = 1,…,l, if (x-a)n  xn-a (mod xr-1, n), output COMPOSITE .
Otherwise output PRIME.
Saw: algorithm
Yet to be seen:
Special r  O(log6n) exists (later)
If n is composite then one of the tests returns COMPOSITE.

14. Find r  O(log6n), s.t. r is special,
Let l = 2r1/2log n.
If exists a small ( < l+1) divisor, output COMPOSITE
If n is a power, output COMPOSITE .
For a = 1,…,l, if (x-a)n  xn-a (mod xr-1, n), output COMPOSITE .
Otherwise output PRIME.
Correctness Proof
Lemma: n is composite  algo returns ‘composite’. That is,
If n is composite, and
n has no divisor t  l, and
n is not a (prime) power
then a[1..l] s.t. (x-a)n  xn-a (mod xr-1, n)

15. In the Proof - Using p and h(x)
Let p be a prime factor of n, and let h(x) be an irreducible factor of xr-1,
Suffices to show inequality (mod h(x), p) instead of: (mod xr-1, n), i.e. a[1..l] s.t. (x-a)n  xn-a (mod h(x), p)
Choose p and h(x) s.t.
q|Or(p), and
deg(h(x)) = Or(p)
Such p exists: q|Or(n) and Or(n) = lcm{Or(pi)}, where n=p1p2…pk.
Such h(x) exists: by previous fact.

16. Proof
Assume by contradiction that n is composite, and passes all the tests, i.e.
n has no small factor, and
n is not a prime-power, and
 a[1..l] (x-a)n  xn-a (mod h(x), p),
For any f(x), which is a multiple of polynomials (x-a) (where a[1..l]), f(x)n=f(xn).
Example: [(x-a1)(x-a2)]n = (xn-a1) (xn-a2)

17. Proof Therefore, consider the group generated by {(x-a)}a[1..l]:
Are there other integers m s.t. f(x)G, f(x)m  f(xm) ?
Yes! For example: p.
Any others?
Let I = { m | fG, f(x)m  f(xm) }.
Lemma: I is multiplicative, i.e. u,vI uvI.
Hence, in particular {nipj : 0 ≤ i,j ≤ r1/2}  I.
Therefore,

18. Proof – I[|G|] is large
Lemma:
Proof: Consider all polynomials of degree < d. They are all distinct in Fp[x]/h(x). Therefore
Hence,
However, we next show that
d is big: q|Or(p)=d.

19. Proof – I[|G|] is small
Lemma: Let m1, m2 I, then m1  m2 (mod |G|)  m1  m2 (mod r)
Proof: Let g(x) be a generator of G. Let m2=m1+kr.
(*) m1m2 (mod r), then xm1xm2 (mod h(x)) (as xr  1 (mod h(x)))
Contradiction!

20. Proof Summary
We saw that I[|G|] is small (unconditionally, using properties of xr-1),
However, if n is composite and not a prime power, then passing the polynomials test (i.e. nI) implies that I[|G|] is large. (using properties of the special r and of xr-1)
Therefore, the polynomials test must return ‘composite’.

21. Back to Special Numbers
Recall: r is special with respect to n if:
r is prime,
r-1 has a large prime factor q = (r2/3) , and
q|Or(n).
We next show that Special r  O(log6n) exists.

22. Finding Special r while r < c log6n Elaborating on step (1):
Find r  O(log6n), s.t. r is special,
Let l = 2r1/2log n.
If exists a small ( < l+1) divisor, output COMPOSITE
If n is a power, output COMPOSITE .
For a = 1,…,l, if (x-a)n  xn-a (mod xr-1, n), output COMPOSITE .
Otherwise output PRIME.
Finding Special r
Elaborating on step (1):
while r < c log6n
if r is prime
let q be the largest prime factor of r-1
if (q4r1/2log n) and (n(r-1)/q  1 (mod r)) break;
rr+1
Complexity: O(log6n) iterations, each taking: O(r1/2 poly log r), hence total poly log n.
when ‘break’ is reached: r is prime, q is large, and q|Or(n)

23. Special r  O(log6n) exists
Recall: r is special with respect to n if:
r is prime,
q = (r2/3) prime factor of r-1,
q|Or(n).
Special r  O(log6n) exists
Consider interval [..], ,=O(log6n).
Numbers with properties (1) and (2) are dense in [..]
immediate from density bounds for numbers with these properties and for primes.
For many primes r[..], property (3) holds.
For many r’s Or(n) > 1/3: Or(n) < 1/3  r | =(n-1)(n2-1)...(n^1/3-1). However,  has no more than 2/3log n prime divisors.
Moreover, Or(n) > 1/3  q | Or(n): if q doesn’t divide Or(n), then n(r-1)/q  1, therefore Or(n)  (r-1)/q. However (r-1)/q < 1/3 -- a contradiction. (here we utilize again the fact that q is large).
Hence, by counting argument, exists a special r[..].

24. The End

25. Proof - G is large, Cont. Hence, Prop: d  2l
This is the reason for seeking a large q s.t. q|Or(n)
Hence,
Prop: d  2l
Proof: Recall d=Or(p) and q|Or(p), hence d  q  2l (recall q4r1/2log n, l=2r1/2log n)
Hence

26. Algebraic Background – Extension Field
Def: Consider fields F, E. E is an extension of F, if F is a subfield of E.
Def: Galois field GF(pk) (p prime) is the unique (up to isomorphism) finite field containing pk elements. (The cardinality of any finite fields is a prime-power.)
Def: A polynomial f(x) is called irreducible in GF(p) if it does not factor over GF(p)

27. Multiplicative Group
Def: GF*(pk) is the multiplicative group of the Galois Field GF(pk), that is, GF*(pk) = GF(pk)\{0}.
Thm: GF*(pk) is cyclic, thus it has a generator g:

28. Fp[x]/f(x) - Example Let the irreducible polynomial f(x) be:
Represent polynomials as vectors (k-1 degree polynomial  vector of k coefficient):
Addition:

29. Fp[x]/f(x) - Example Multiplication: First, multiply ‘mod p’:
Next, apply ’mod f(x)’: