1 / 16

Primality Testing

Primality Testing. Is a given odd integer prime or composite ? No known algorithm can solve this problem with certainty in a reasonable time when the number has more than a few hundred decimal digits. 1640 Fermat’s Little theorem Let n be prime then a n-1 mod n = 1;. Is n prime?.

fraleyj
Télécharger la présentation

Primality Testing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Primality Testing Is a given odd integer prime or composite ? No known algorithm can solve this problem with certainty in a reasonable time when the number has more than a few hundred decimal digits. Prabhas Chongstitvatana

  2. 1640 Fermat’s Little theorem Let n be prime then a n-1 mod n = 1; Is n prime? Contrapositive : if n and a are integers if an-1 mod n != 1 then n is NOT prime. Fermat hypothesises that is prime for all n. F0=3, F1=5, F2=17, . . . F4=65537, F5=4,294,967,297 Prabhas Chongstitvatana

  3. About one century later Euler factored F5= 641 x 6,700,417 can be proof easily by By expo squaring 32 times F5-1 = 232 Prabhas Chongstitvatana

  4. Fermat(n) a = uniform(1..n-1) if expomod(a, n-1, n) = 1 then return true else return false If FALSE n is definitely composite but no clue to how to factor it. Factorization is much harder than primality testing. Prabhas Chongstitvatana

  5. P-correct The algorithm return a correct answer with probability at least p on every instance. Error probability when k successive calls each return the wrong answer is at most (1- p)k Prabhas Chongstitvatana

  6. What if Fermat() return TRUE ? Need the converse of Fermat theorem an-1 mod n != 1 when n is composite a: 1.. n-1 This is not the case 1n-1 mod n = 1 for all n >= 2 and (n-1)n-1 mod n = 1 for all odd n >= 3 Prabhas Chongstitvatana

  7. False witness 414 mod 15 = 1 ; 15 is composite This is called “false witness”. Fermat() a:2..n-2, fails on false witness False witness is few. Fermat test on odd composite number smaller than 1000 is less than 3.3% (even smaller for larger number) Prabhas Chongstitvatana

  8. BUT There are composite numbers that admit a significant proportion of false witness. 561 admits 318 false witness! For any del > 0 there are infinitely many composites for which Fermat test discovers with probability less than del. In other words, Fermat test is not p-correct for any p > 0. Cannot reduce error probability by repeating call to Fermat(). Prabhas Chongstitvatana

  9. Modified Fermat test n is odd integer > 4 s, t integer which n-1 = 2s t t is odd note : s > 0 since n-1 is even. Let B(n) a set of integers define by iff a: 2.. n-2 at mod n = 1 or i:0..s such that mod n = n-1 Prabhas Chongstitvatana

  10. Given n is odd a:2..n-2 call on Btest(a,n) return TRUE for a in B(n). Prabhas Chongstitvatana

  11. Btest(a,n) s = 0; t = n-1 repeat s = s+1; t = t div 2 until t mod 2 = 1 x = expomod(a, t, n) if x =1 or x = n-1 then return TRUE for i = 1 to s-1 do x = x2 mod n if x = n-1 then return TRUE return FALSE Prabhas Chongstitvatana

  12. Example 158 in B(289) set s = 5, t = 9, n-1 = 288 = 25 x 9 at mod n = 1589 mod 289 = 131 successive square x mod n up to s-1 times a2t mod n = 1312 mod 289 = 110 a4t mod n = 1102 mod 289 = 251 a8t mod n = 2512 mod 289 = 288 Prabhas Chongstitvatana

  13. Extension to Fermat test : a in B(n)a: 2.. n-2 when n is prime Strong false witness : n is a strong pseudo prime to the base a. a is strong false witness of primality test for n , n > 4, when n is odd composite and a in B(n) 158 is a strong false witness of 289. 289=172 Strong false witness is much rarer than false witness. Prabhas Chongstitvatana

  14. Every odd composite integer 5 .. 1013 fails to be a strong pseudo prime to at least on of the bases 2, 3, 5, 7, 61. Five calls on Btest() are sufficient to decide deterministically on the primality of any integer up to 1013 MillerRabin(n) // n > 4 is odd a = uniform(2.. n-2) return Btest(a,n) Prabhas Chongstitvatana

  15. Btest() always return true when n is prime, n > 4 , a: 2.. n-2, and return false with prob. > 3/4 when n is a composite odd. MillerRabin() is Monte Carlo algorithm 3/4-correct for primality testing. MillerRabin() has at most prob 1/4 of hitting a strong false witness. Call k times the prob of hitting strong false witness consecutively for k times is 4-k . k = 10, the error will be less than one in a million. Prabhas Chongstitvatana

  16. Analysis of running time of MillerRabin() 4-k < e 22k >= 1/e k = ceil(1/2 lg 1/e) Btest(a,n) s = 0; t = n-1 repeat s = s+1; t = t div 2 until t mod 2 = 1 x = expomod(a, t, n) if x =1 or x = n-1 then return TRUE for i = 1 to s-1 do x = x2 mod n if x = n-1 then return TRUE return FALSE O(log t) Squaring O(log n) times each takes O(log3 n ) Tn in O(log3 n lg 1/e) Prabhas Chongstitvatana

More Related