1 / 24

Deciding Primality is in P

Deciding Primality is in P. M. Agrawal, N. Kayal, N. Saxena Presentation by Adi Akavia. Background. Sieve of Eratosthenes 240BC - (n) Fermat’s Little Theorem (17 th century): p is prime, a0 (mod p)  a p-1 1 (mod p) (The converse does not hold – Carmichael numbers)

devin-adkins
Download Presentation

Deciding Primality is in P

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Deciding Primality is in P M. Agrawal, N. Kayal, N. SaxenaPresentation by Adi Akavia

  2. Background • Sieve of Eratosthenes 240BC -(n) • Fermat’s Little Theorem (17th century): p is prime, a0 (mod p) ap-11 (mod p) (The converse does not hold – Carmichael numbers) • Polynomial-time algorithms: • [Miller 76] deterministic, assuming Extended Riemann Hypothesis. • [Solovay, Strassen 77; Rabin 80] unconditional, but randomized. • [Goldwasser, Kilian 86] randomized produces certificate for primality! (for almost all numbers) • [Atkin 86; Adelman Huang 92] primality certificate for all numbers. • [Adelman, Pomerance, Rumely 83] deterministic (log n)O(log log log n)-time.

  3. This Paper unconditional, deterministic, polynomial • Def (Sophie-Germain primes): primes (p-1)/2 s.t. p is also prime. • Def: r is “almost Sophie-Germain“ (ASG) if: • r is prime, • r-1 has a large prime factor q = (r2/3) • Tools: • simple algebra • High density conjecture for primes p s.t. (p-1)/2 is Sophie-Germain • High density Thm for primes p that are ‘almost Sophie-Germain’. [Fou85, BH96]

  4. Proof: Develop (x-a)n using Newton-binomial. • Assume n is prime, then • Assume n is composite, then let q|n, let qk||n, then and , hence xq has non zero coefficient (mod n). Basic Idea • Fact: For anya s.t (a,n)=1: • n is prime  (x-a)nxn-a (mod n) • n is composite  (x-a)nxn-a (mod n) • Naive algo: Pick an arbitrarya, check if (x-a)nxn-a (mod n) • Problem: time complexity - (n).

  5. Basic Idea • Idea: Pick an arbitrarya, and some polynomial xr-1, with r = poly log n, check if (x-a)nxn-a (mod xr-1, n) • time complexity – poly(r) • n is prime  (x-a)nxn-a (mod xr-1, n) • n is composite ???? (x-a)nxn-a (mod xr-1, n) Not true for some (few) values of a,r !

  6. Improved Idea • Improved Idea: Pick many(poly log n)a’s, check for all of them if: (x-a)nxn-a (mod xr-1, n)Accept if equality holds for all a’s

  7. Algebraic Background – Extension Field Def: Consider fields F, E. E is an extension of F, if F is a subfield of E. Def: Galois fieldGF(pk) (p prime)is the unique (up to isomorphism) finite field containing pk elements. (The cardinality of any finite fields is a prime-power.) Def: A polynomial f(x) is called irreducible in GF(p) if it does not factor over GF(p)

  8. Multiplicative Group Def: GF*(pk) is the multiplicative group of the Galois Field GF(pk), that is, GF*(pk) = GF(pk)\{0}. Thm: GF*(pk) is cyclic, thus it has a generator g:

  9. Constructing Galois Fields Def: Fp denotes a finite field of p elements (p is prime). Def: Let f(x) be a k-degree polynomial. Def: Let Fp[x]/f(x) be the set of k-1-degree polynomials over Fp, with addition and multiplication modulo f(x). Thm: If f(x) is irreducible over GF(p), then GF(pk)Fp[x]/f(x).

  10. Fp[x]/f(x) - Example Let the irreducible polynomial f(x) be: Represent polynomials as vectors (k-1 degree polynomial  vector of k coefficient): Addition:

  11. Fp[x]/f(x) - Example Multiplication: • First, multiply ‘modp’: • Next, apply ’modf(x)’:

  12. Def: r is specialif: • r is Almost Sophie-Germain, and • q|Or(n)(where q is the large prime factor of r-1). The Algorithm Input: integer n • Find r  O(log6n), s.t. r is special, • Let l = 2r1/2log n. • For t=2,…,l, if t|n output COMPOSITE • If n is (prime) power --n=pk, for k>1 output COMPOSITE . • For a =1,…,l, if (x-a)n  xn-a (mod xr-1, n), output COMPOSITE . • Otherwise: output PRIME.

  13. Find r  O(log6n), s.t. r is special, • Let l = 2r1/2log n. • For t=2,…,l, if t|n output COMPOSITE • If n is a prime power, i.e. n=pk, for some prime p, output COMPOSITE . • For a =1,…,l, if (x-a)n  xn-a (mod xr-1, n), output COMPOSITE . • Otherwise output PRIME. Proof’s Structure Saw: primality test. We next show: • Special r  O(log6n) exists. • For such r: if n is composite s.t. n passes steps (3) and (4), then a[1..l] s.t. (x-a)n  xn-a (mod xr-1, n)(hence, returns COMPOSITE at step (5))

  14. Find r  O(log6n), s.t. r is special, • Let l = 2r1/2log n. • For t=2,…,l, if t|n output COMPOSITE • If n is a prime power, i.e. n=pk, for some prime p, output COMPOSITE . • For a =1,…,l, if (x-a)n  xn-a (mod xr-1, n), output COMPOSITE . • Otherwise output PRIME. Finding Suitable r Elaborating on step (1): • while r < c log6n • if r is prime • let q be the largest prime factor of r-1 • if (q4r1/2log n) and (n(r-1)/q  1 (mod r)) break; • rr+1 Complexity: O(log6n) iterations, each taking: O(r1/2 poly log r), hence total poly log n. • when ‘break’ is reached: r is prime, q is large, and q|Or(n)

  15. Lemma: Special r  O(log6n) exists. Proof: • let ,=O(log6n), consider the interval [..]. • ASG numbers are dense in [..] • there are only few primes r[..] s.t Or(n) < 1/3. • Hence, by counting argument, exists a ASG r[..] s.t. Or(n) > 1/3. • Moreover, Or(n) > 1/3  q | Or(n). • Therefore, exists a special r[..]. #ASG[..] #ASG[1..] - #primes[1..] = (log6n / loglog n) (using density of ASG numbers, and upper bound on density of primes) Or(n) < 1/3 r | =(n-1)(n2-1)...(n^1/3-1).However, has no more than 2/3log n prime divisors assumeq doesn’t divide Or(n), then n(r-1)/q  1, therefore Or(n)(r-1)/q. However(r-1)/q<1/3-- a contradiction.

  16. Find r  O(log6n), s.t. r is special, • Let l = 2r1/2log n. • For t=2,…,l, if t|n output COMPOSITE • If n is a prime power, i.e. n=pk, for some prime p, output COMPOSITE . • For a =1,…,l, if (x-a)n  xn-a (mod xr-1, n), output COMPOSITE . • Otherwise output PRIME. Correctness Proof Lemma: n is composite step (5) returns ‘composite’. That is, • If n is composite, and • n has no factor t  l, and • n is not a prime-power • then a[1..l] s.t. (x-a)n  xn-a (mod xr-1, n)

  17. Proof • Let p be a prime factor of n, and let h(x) be an irreducible factor of xr-1, • It suffices to show inequality (mod h(x),p) instead of (mod xr-1,n), i.e.a[1..l] s.t. (x-a)n  xn-a (mod h(x), p) • Choose p and h(x) s.t. • q|Or(p), and • deg(h(x)) = Or(p) Such p exists: Let n=p1p2…pk, thenOr(n) = lcm{Or(pi)}.Therefore: q|Or(n)i q|Or(pi) (as q is prime) Such h exists: by previous claim.

  18. Proof • Assume by contradiction that n is composite, and passes all the tests, i.e. • n has no small factor, and • n is not a prime-power, and •  a[1..l](x-a)n  xn-a (mod h(x), p),

  19. Proof • Consider the group generated by {(x-a)}a[1..l](mod h(x), p), i.e. • Note: f(x)G, f(x)n  f(xn) • Let I = { m | fG, f(x)m  f(xm) }. • Lemma: Iis multiplicative, i.e. u,vI uvI. • Proof: xr-1|xvr-1, therefore hence

  20. Consider all polynomials of degree bound <d. There are all distinct in Fp[x]/h(x). Therefore Proof - nI  I is large • Prop: (i,j)(i’,j’) nipj  ni’pj (since n  pk) • Lemma: , if u,vI s.t. (i,j)(i’,j’) uivjui’vj’, then |I| [uv] > 2. • Corollary: , nI  |I| [uv] > 2. Proof: pI. • However, Lemma: • Corollary: nI  |I| [|G|] > r. (+1)2different pairs (i,j), each give a distinct value

  21. Irreducible Factors of (xr-1)/(x-1) • Def: Let h(x) denote any irreducible factor of (xr-1)/(x-1), and d = deg(h(x)) • Claim: h(x), d=Or(p) • Proof: Denote k=Or(p). Note Fp[x]/h(x) is of size pd, therefore Fp[x]/h(x)* is cyclic of order pd-1. • k|d: xr1 (mod h(x)), hence Oh(x)(x) is r, therefore r|pd-1, i.e., pd1 (mod r), and hence k|d (recall d=Or(p)). • d|k: let g be a generator, then hencepd-1 |pk-1. and therefore d|k. Recall, if r is specialwith respect to n, then r-1 has a large prime factor q, s.t. q|Or(n). Choose p s.t. q|Or(p) (exists). Then d is large.

  22. Proof: Let g(x) be a generator of G. Let m2=m1+kr. (*) m1m2 (mod r), then xm1xm2 (mod h(x)) (as xr  1 (mod h(x))) Proof – I is small • Lemma: Letm1, m2 I, thenm1  m2 (mod |G|)  m1  m2 (mod r) • Lemma(I is small): |I|  [|G|]  r • Proof: • Each two elements in |I|  [|G|] are different mod |G|. • Therefore they are different mod r. • Hence |I|  [|G|]  r. • Contradiction!

  23. The End

  24. Proof - G is large, Cont. This is the reason for seeking a large q s.t. q|Or(n) Hence, Prop: d  2l Proof: Recall d=Or(p) and q|Or(p), hence d  q  2l(recall q4r1/2log n, l=2r1/2log n) Hence

More Related