1 / 15

6.3 Primality Testing

6.3 Primality Testing. (1) Prime numbers 1. How to generate large prime numbers? (1) Generate as candidate a random odd number n of appropriate size. (2) Test n for primality. (3) If n is composite, return to the first step.

kamana
Télécharger la présentation

6.3 Primality Testing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 6.3 Primality Testing

  2. (1) Prime numbers • 1. How to generate large prime numbers? (1) Generate as candidate a random odd number n of appropriate size. (2) Test n for primality. (3) If n is composite, return to the first step.

  3. 2. Distribution of prime numbers (1) prime number theorem Let Π(x) denote the number of prime numbers ≦x. Π(x) ~ x/ln(x) when n∞. (2)Dirichlet theorem If gcd(a, n)=1, then there are infinitely many primes congruent to a mod n.

  4. (3) Let Π(x, n, a) denote the number of primes in the interval [2, x] which are congruent to a modulo n, where gcd(a, n)=1 . Then Π(x, n, a) ~ The prime numbers are roughly uniformly distributed among the φ(n) congruence classes in Zn* (4) Approximation for the nth prime number pn

  5. (2) Solovay-Strassen primality test • 1. Trial method for testing n is prime or composite • 2. Definition :Euler witness Let n be an odd composite integer and . (1) If then a is an Euler witness (to compositeness) for n.

  6. (2) Otherwise, if then n is said to be an Euler pseudoprime to the base a. The integer a is called an Euler liar (to primality) for n.

  7. 3. Example (Euler pseudoprime) • Consider n = 91 (= 7x13) Since 945 =1 mod 91, and so 91 is an Euler pseudoprime to the base 9. • 4. Fact At most Φ(n)/2 of all the numbers a, are Euler liars for n.

  8. 5. Algorithm :Solovay-Strassen(n, t) • INPUT: n is odd, n ≧3, t ≧1 • OUTPUT: “prime” or “composite” • 1. for i = 1 to t do :1.1 choose a random integer a, 2 ≦ a≦n-2 if gcd(a,n) ≠1 then return ( “composite” ) 1.2 compute r=a(n-1)/2 mod n (use square-and-multiply) if r ≠ 1 and r ≠ n-1 then return ( “composite” ) 1.3 compute Jacobi symbol s= if r ≠ s then return ( “composite” ) • 2. return ( “prime” )

  9. 6.Solovay-Strassen error-probability bound • For any odd composite integer n, the probability that Solovay-Strassen (n, t) declares n to be “prime” is less than (1/2)t

  10. (3) Miller-Rabin primality test • 1. Fact • p : odd primep-1 = 2sr, where r is odd • For a in Zp* then ar = 1 (mod p)or a2jr = -1 (mod p) for some j, 0≦ j≦s-1 • Why ?(1)Fermat’s little theorem, ap-1 = 1 mod p(2) 1, -1 are the only two square roots of 1 in Zp*

  11. 2. Definition • n : odd composite integern-1 = 2sr, where r is odd 1≦a ≦n-1 • a is a strong witness to compositeness for nif ar ≠ 1 (mod n), and a2jr ≠ -1 (mod n) for all j, 0≦ j≦s-1 • n is a strong pseudoprime to the base aif ar = 1 (mod n)or a2jr = -1 (mod n) for some j, 0≦ j≦s-1(a is called astrong liar to primality for n)

  12. 3. Algorithm: Miller-Rabin (n, t) • INPUT: n is odd, n ≧3, t ≧1 • OUTPUT: “prime” or “composite” • 1. write n-1 = 2sr such that r is odd. • 2. for i = 1 to t do :2.1 choose a random integer a, 2 ≦ a≦n-22.2 compute y=ar mod n (use square-and-multiply)2.3 if y ≠ 1 and y ≠ n-1 do : j  1 while j ≦ s-1 and y ≠n-1 do : y  y2 mod n if y = 1 then return ( “composite” ) j  j+1 if y ≠ n-1 then return ( “composite” ) • 3. return ( “prime” )

  13. 4. Example (strong pseudoprime) • Consider n = 91 (= 7x13) • 91-1 = 2*45, s=1, r=45 • Since 9r = 945 =1 mod 91, 91 is a strong pseudoprime to the base 9. • The set of all strong liars for 91 is {1, 9, 10, 12, 16, 17, 22, 29, 38, 53, 62, 69, 74, 75, 79, 81, 82, 90} • The number of strong liars of for 91 is 18 = Φ(91)/4

  14. 5. Fact • If n is an odd composite integer, then at most ¼ of all the numbers a, 1 ≦a ≦n-1 are strong liars for n. In fact if n=!9, then number of strong liars for n is at most Φ(n)/4.

  15. 6.Miller-Rabin error-probability bound • For any odd composite integer n, the probability that Miller-Rabin (n, t) declares n to be “prime” is less than (1/4)t • 7. Remark • For most composite integers n, the number of strong liars for n is actually much smaller than the upper bound of Φ(n)/4. • Miller-Rabin error-probability bound is much smaller than (1/4)t.

More Related