1 / 29

Deciding Primality is in P

Deciding Primality is in P. M. Agrawal, N. Kayal, N. Saxena Speaker: Adi Akavia. Background. Sieve of Eratosthenes 240BC - (n) Fermat’s Little Theorem (17 th century): p is prime, a0 (mod p)  a p-1 1 (mod p) (The converse does not hold – Carmichael numbers)

philip-kidd
Télécharger la présentation

Deciding Primality is in P

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Deciding Primality is in P M. Agrawal, N. Kayal, N. SaxenaSpeaker: Adi Akavia

  2. Background • Sieve of Eratosthenes 240BC -(n) • Fermat’s Little Theorem (17th century): p is prime, a0 (mod p) ap-11 (mod p) (The converse does not hold – Carmichael numbers) • Polynomial-time algorithms: • [Miller 76] deterministic, assuming Extended Riemann Hypothesis. • [Solovay, Strassen 77; Rabin 80] unconditional, but randomized. • [Goldwasser, Kilian 86] randomized produces certificate for primality! (for almost all numbers) • [Adelman Huang 92] primality certificate for all numbers. • [Adelman, Pomerance, Rumely 83] deterministic (log n)O(log log log n)-time.

  3. This Paper unconditional, deterministic, polynomial • Def: r is specialwith respect to n if: • r is prime, • r-1 has a large prime factor q = (r2/3) , and • q|Or(n). • Tools: • simple algebra • High density Thm for numbers with properties (1) and (2). [Fou85, BH96] Def: ordern mod r, denoted Or(n), is the smallest power t s.t. nt 1 (mod r).h

  4. Proof: Develop (x-a)n using Newton-binomial. • Assume n is prime, then • Assume n is composite, then let q|n, let qk||n, then and , hence xq has non zero coefficient (mod n). Basic Idea • Fact: For anya s.t (a,n)=1: • n is prime  (x-a)nxn-a (mod n) • n is composite  (x-a)nxn-a (mod n) • Naive algo: Pick an arbitrarya, check if (x-a)nxn-a (mod n) • Problem: time complexity - (n).

  5. Basic Idea • Idea: Pick an arbitrarya, and some polynomial xr-1, with r = poly log n, check if (x-a)nxn-a (mod xr-1, n) • time complexity – poly(r) • n is prime  (x-a)nxn-a (mod xr-1, n) • n is composite ???? (x-a)nxn-a (mod xr-1, n) Not true for some (few) values of a,r !

  6. Improved Idea • Improved Idea: Pick many(poly log n)a’s, check for all of them if: (x-a)nxn-a (mod xr-1, n)Accept if equality holds for all a’s

  7. Some Algebra Reminders Def: Fp (p is prime) denotes the finite field of p elements {0,1,…,p-1}. Def: Fp[x] denotes the ring of polynomials over Fp. Def: Let f(x) be a k-degree polynomial. Def: Fp[x]/f(x) denotes the set of k-1-degree polynomials over Fp, with addition and multiplication modulo f(x). Thm: If f(x) is irreducible over Fp, then Fp[x]/f(x)  the unique field with pk elements.

  8. Fp[x]/f(x) - Addition • Let the polynomial f(x) over F2 be: • Represent polynomials as vectors (k-1 degree polynomial  vector of k coefficient): • Addition:

  9. Fp[x]/f(x) - Multiplication Multiplication: • First, multiply ‘modp’: • Next, apply ’modf(x)’:

  10. Fp[x]/f(x) - mod f(x) • Example: • In general for f(x) = xr-1:

  11. Irreducible Factors of (xr-1)/(x-1) • Fact: Consider the polynomial (xr-1)/(x-1) over Fp. All its irreducible factors are of degree d = deg(h(x))

  12. The Algorithm Input: integer n • Find r  O(log6n), s.t. r is special, • Let l = 2r1/2log n. • Small divisors test:For t=2,…,l, if t|n output COMPOSITE • Power test: If n is a power --n=pk, for k>1 output COMPOSITE . • Polynomials test:For a =1,…,l, if (x-a)n  xn-a (mod xr-1, n), output COMPOSITE . • Otherwise: output PRIME.

  13. Find r  O(log6n), s.t. r is special, • Let l = 2r1/2log n. • If exists a small ( < l+1) divisor, output COMPOSITE • If n is a power, output COMPOSITE . • For a = 1,…,l, if (x-a)n  xn-a (mod xr-1, n), output COMPOSITE . • Otherwise output PRIME. Saw: algorithm Yet to be seen: • Special r  O(log6n) exists (later) • If n is composite then one of the tests returns COMPOSITE.

  14. Find r  O(log6n), s.t. r is special, • Let l = 2r1/2log n. • If exists a small ( < l+1) divisor, output COMPOSITE • If n is a power, output COMPOSITE . • For a = 1,…,l, if (x-a)n  xn-a (mod xr-1, n), output COMPOSITE . • Otherwise output PRIME. Correctness Proof Lemma: n is composite algo returns ‘composite’. That is, • If n is composite, and • n has no divisor t  l, and • n is not a (prime) power • then a[1..l] s.t. (x-a)n  xn-a (mod xr-1, n)

  15. In the Proof - Using p and h(x) • Let p be a prime factor of n, and let h(x) be an irreducible factor of xr-1, • Suffices to show inequality (mod h(x), p) instead of: (mod xr-1, n), i.e. a[1..l] s.t. (x-a)n  xn-a (mod h(x), p) • Choose p and h(x) s.t. • q|Or(p), and • deg(h(x)) = Or(p) Such p exists: q|Or(n)and Or(n) = lcm{Or(pi)}, where n=p1p2…pk. Such h(x) exists: by previous fact.

  16. Proof • Assume by contradiction that n is composite, and passes all the tests, i.e. • n has no small factor, and • n is not a prime-power, and •  a[1..l](x-a)n  xn-a (mod h(x), p), • For any f(x), which is a multiple of polynomials (x-a) (where a[1..l]),f(x)n=f(xn). • Example: [(x-a1)(x-a2)]n = (xn-a1)(xn-a2)

  17. Proof • Therefore, consider the group generated by {(x-a)}a[1..l]: • Are there other integers m s.t. f(x)G, f(x)m  f(xm) ? • Yes! For example: p. • Any others? • Let I = { m | fG, f(x)m  f(xm) }. • Lemma: Iis multiplicative, i.e. u,vI uvI. • Hence, in particular {nipj : 0 ≤ i,j ≤ r1/2}  I. • Therefore,

  18. Proof – I[|G|] is large • Lemma: • Proof: Consider all polynomials of degree < d.They are all distinct in Fp[x]/h(x). Therefore • Hence, • However, we next show that dis big: q|Or(p)=d.

  19. Proof – I[|G|] is small • Lemma: Letm1, m2 I, thenm1  m2 (mod |G|)  m1  m2 (mod r) • Proof: Let g(x) be a generator of G. Let m2=m1+kr. • (*) m1m2 (mod r), then xm1xm2 (mod h(x)) (as xr  1 (mod h(x))) • Contradiction!

  20. Proof Summary • We saw that I[|G|] is small (unconditionally, using properties of xr-1), • However, if n is composite and not a prime power, then passing the polynomials test (i.e.nI) implies that I[|G|] is large.(using properties of the special r and of xr-1) • Therefore, the polynomials test must return ‘composite’.

  21. Back to Special Numbers • Recall: r is specialwith respect to n if: • r is prime, • r-1 has a large prime factor q = (r2/3) , and • q|Or(n). • We next show that Special r  O(log6n) exists.

  22. Find r  O(log6n), s.t. r is special, • Let l = 2r1/2log n. • If exists a small ( < l+1) divisor, output COMPOSITE • If n is a power, output COMPOSITE . • For a = 1,…,l, if (x-a)n  xn-a (mod xr-1, n), output COMPOSITE . • Otherwise output PRIME. Finding Special r Elaborating on step (1): • while r < c log6n • if r is prime • let q be the largest prime factor of r-1 • if (q4r1/2log n) and (n(r-1)/q  1 (mod r)) break; • rr+1 Complexity: O(log6n) iterations, each taking: O(r1/2 poly log r), hence total poly log n. • when ‘break’ is reached: r is prime, q is large, and q|Or(n)

  23. Recall: r is specialwith respect to n if: • r is prime, • q = (r2/3) prime factor of r-1, • q|Or(n). Special r  O(log6n) exists • Consider interval [..], ,=O(log6n). • Numbers with properties (1) and (2) are dense in [..] • immediate from density bounds for numbers with these properties and for primes. • For many primes r[..], property (3) holds. • For many r’s Or(n) > 1/3: Or(n) < 1/3 r | =(n-1)(n2-1)...(n^1/3-1). However, has no more than 2/3log n prime divisors. • Moreover, Or(n) > 1/3  q | Or(n): ifq doesn’t divide Or(n), then n(r-1)/q  1, therefore Or(n)  (r-1)/q. However(r-1)/q<1/3-- a contradiction. (here we utilize again the fact that q is large). • Hence, by counting argument, exists a special r[..].

  24. The End

  25. Proof - G is large, Cont. This is the reason for seeking a large q s.t. q|Or(n) Hence, Prop: d  2l Proof: Recall d=Or(p) and q|Or(p), hence d  q  2l(recall q4r1/2log n, l=2r1/2log n) Hence

  26. Algebraic Background – Extension Field Def: Consider fields F, E. E is an extension of F, if F is a subfield of E. Def: Galois fieldGF(pk) (p prime)is the unique (up to isomorphism) finite field containing pk elements. (The cardinality of any finite fields is a prime-power.) Def: A polynomial f(x) is called irreducible in GF(p) if it does not factor over GF(p)

  27. Multiplicative Group Def: GF*(pk) is the multiplicative group of the Galois Field GF(pk), that is, GF*(pk) = GF(pk)\{0}. Thm: GF*(pk) is cyclic, thus it has a generator g:

  28. Fp[x]/f(x) - Example Let the irreducible polynomial f(x) be: Represent polynomials as vectors (k-1 degree polynomial  vector of k coefficient): Addition:

  29. Fp[x]/f(x) - Example Multiplication: • First, multiply ‘modp’: • Next, apply ’modf(x)’:

More Related