Agrawal-Kayal-Saxena Presented by: Xiaosi Zhou

Slides:

Advertisements

Similar presentations

Presented by Alex Atkins.  An integer p >= 2 is a prime if its only positive integer divisors are 1 and p.  Euclid proved that there are infinitely.

Advertisements

Shortest Vector In A Lattice is NP-Hard to approximate

Number Theory Algorithms and Cryptography Algorithms Prepared by John Reif, Ph.D. Analysis of Algorithms.

Cryptography and Network Security

WS Algorithmentheorie 03 – Randomized Algorithms (Primality Testing) Prof. Dr. Th. Ottmann.

Chapter 8 – Introduction to Number Theory. Prime Numbers prime numbers only have divisors of 1 and self –they cannot be written as a product of other.

1 Deciding Primality is in P M. Agrawal, N. Kayal, N. Saxena Presentation by Adi Akavia.

Computability and Complexity

Having Proofs for Incorrectness

MS 101: Algorithms Instructor Neelima Gupta

Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)

Lecture 8: Primality Testing and Factoring Piotr Faliszewski

Introduction to Modern Cryptography Lecture 6 1. Testing Primitive elements in Z p 2. Primality Testing. 3. Integer Multiplication & Factoring as a One.

COM 5336 Cryptography Lecture 7a Primality Testing

Notation Intro. Number Theory Online Cryptography Course Dan Boneh

Complexity 18-1 Complexity Andrei Bulatov Probabilistic Algorithms.

CNS2010handout 8 :: introduction to number theory1 computer and network security matt barrie.

1 Chapter 7– Introduction to Number Theory Instructor: 孫宏民 Room: EECS 6402, Tel: , Fax :

1 Fingerprint 2 Verifying set equality Verifying set equality v String Matching – Rabin-Karp Algorithm.

The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.

Elementary Number Theory and Methods of Proof. Basic Definitions An integer n is an even number if there exists an integer k such that n = 2k. An integer.

Deciding Primality is in P M. Agrawal, N. Kayal, N. Saxena Slides by Adi Akavia.

6/20/2015 5:05 AMNumerical Algorithms1 x x1x

Complexity1 Pratt’s Theorem Proved. Complexity2 Introduction So far, we’ve reduced proving PRIMES  NP to proving a number theory claim. This is our next.

Complexity 19-1 Complexity Andrei Bulatov More Probabilistic Algorithms.

K. -C. Yang and J. -L. Lin National Tsing Hua University

and Factoring Integers

Chapter 8 – Introduction to Number Theory Prime Numbers

Public key ciphers 1 Session 5.

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations Copyright © The McGraw-Hill Companies, Inc. Permission required.

Information Security and Management 4. Finite Fields 8

The Polynomial Time Algorithm for Testing Primality George T. Gilbert.

Mathematics Review Exponents Logarithms Series Modular arithmetic Proofs.

Methods of Proof. This Lecture Now we have learnt the basics in logic. We are going to apply the logical rules in proving mathematical theorems. Direct.

RSA Parameter Generation Bob needs to: - find 2 large primes p,q - find e s.t. gcd(e, Á (pq))=1 Good news: - primes are fairly common: there are about.

CPSC 490 Number Theory Primes, Factoring and Euler Phi-function Mar.31 st, 2006 Sam Chan.

The Complexity of Primality Testing. What is Primality Testing? Testing whether an integer is prime or not. – An integer p is prime if the only integers.

Cryptography Dec 29. This Lecture In this last lecture for number theory, we will see probably the most important application of number theory in computer.

Approximation Algorithms Pages ADVANCED TOPICS IN COMPLEXITY THEORY.

PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur.

Analyzing and Testing a justified Prime Number Jeong-kyu YANG Seok-kyu Kang ( Mid-term Presentation )

Introduction to Algorithms Second Edition by Cormen, Leiserson, Rivest & Stein Chapter 31.

Analyzing and Testing justified Prime Numbers

YSLInformation Security -- Public-Key Cryptography1 Prime and Relatively Prime Numbers Divisors: We say that b  0 divides a if a = mb for some m, where.

9/22/15UB Fall 2015 CSE565: S. Upadhyaya Lec 7.1 CSE565: Computer Security Lecture 7 Number Theory Concepts Shambhu Upadhyaya Computer Science & Eng. University.

Primes in P Manindra Agrawal Neeraj Kayal Nitin Saxena CS300: Technical Paper review by Arpan Agrawal.

Tuesday’s lecture: Today’s lecture: One-way permutations (OWPs)

Application: Algorithms Lecture 20 Section 3.8 Wed, Feb 21, 2007.

Fundamentals of Informatics Lecture 13 Reduction Bas Luttik.

Week 4 - Wednesday.  What did we talk about last time?  Finished DES  AES.

Primality Testing. Introduction The primality test provides the probability of whether or not a large number is prime. Several theorems including Fermat’s.

9.1 Primes and Related Congruence Equations 23 Sep 2013.

MA/CSSE 473 Day 10 Primality Testing. MA/CSSE 473 Day 10 In-class exam: Friday, Sept 28 –You may bring a two-sided 8.5x11 inch piece of paper containing.

MA/CSSE 473 Day 09 Modular Division Revisited Fermat's Little Theorem Primality Testing.

Fuw-Yi Yang1 Textbook: Introduction to Cryptography 2nd ed. By J.A. Buchmann Chap 1 Integers Department of Computer Science and Information Engineering,

PROBABILITY AND COMPUTING RANDOMIZED ALGORITHMS AND PROBABILISTIC ANALYSIS CHAPTER 1 IWAMA and ITO Lab. M1 Sakaidani Hikaru 1.

PRIMES is in P Manindra Agrawal Neeraj Kayal Nitin Saxena Dept of CSE, IIT Kanpur.

A Prime Example CS Lecture 20 A positive integer p  2 is prime if the only positive integers that divide p are 1 and p itself. Positive integers.

Probabilistic Algorithms

Handbook of Applied Cryptography - CH4, from 4.1~4.3

Numerical Algorithms x x-1 Numerical Algorithms

ALGORITHM NUMBER THEORY

Randomness and Computation: Some Prime Examples

Textbook: Introduction to Cryptography 2nd ed. By J.A. Buchmann

Prime and Relatively Prime Numbers

Introduction to Cryptography

Deciding Primality is in P

Patrick Lee 12 July 2003 (updated on 13 July 2003)

From the last time: gcd(a, b) can be characterized in two different ways: It is the least positive value of ax + by where x and y range over integers.

Presentation transcript:

Agrawal-Kayal-Saxena Presented by: Xiaosi Zhou PRIMES is in P Agrawal-Kayal-Saxena Presented by: Xiaosi Zhou

Outline Introduction 1. What is PRIMES AKS algorithm 1. Basic idea 2. Algorithms for PRIMES before AKS AKS algorithm 1. Basic idea 2. Notation and Preliminaries 3. The algorithm and its correctness 4. Time complexity analysis 5. Conclusions

Introduction What is PRIMES: The decision problem of efficiently determining whether or not a given integer n is prime. Efficiently means in polynomial time, i.e, O(logn) - the size of the input. Referred to as primality testing problem.

Algorithms before AKS (1) The ancient method Try dividing n by every number If any m divides n then n is composite otherwise prime Inefficient--

Algorithms before AKS (2) Fermat Little Theorem — incorrect testing For any prime number n, and any number a which has no common divisors with n, Efficient — O(logn) Counterexample: , but 4 is composite However, it became the basis of many efficient primality tests.

Algorithms before AKS (3) In 1975, Pratt showed that PRIMES is in NP. In 1976, Miller obtained a deterministic polynomial-time algorithm based on Fermat’s Little Theorem assuming Extended Riemann Hypothesis (ERH). In 1977, Solovay and Strassen came up with a randomized algorithm which has a probability of error that can be made arbitrarily small for all inputs. Rabin modified Miller’s algorithm to yield an unconditional but randomized polynomial-time algorithm. In 1986, Goldwasser and Killian proposed a randomized algorithm based on elliptic curves, running in expected polynomial-time on almost all inputs. In 1992, Adleman and Huang modified the Goldwasser-Killian algorithm to obtain a randomized polynomial time algorithm that always produced a certificate of primality.

AKS algorithm There does exist a polynomial-time algorithm for proving primality before AKS algorithm. But what is surprising is that AKS algorithm is a relatively simple deterministic algorithm which relies on no unproved assumptions.

AKS algorithm – the idea This test is based on the generalization of Fermat’s Little Theorem. Theorem: Suppose that a and p are relatively prime integers with p > 1. p is prime if and only if The theorem suggests a simple test: given input p, choose an a and test whether the above congruence is satisfied. Too many coefficients to check, O(n)

The idea (Cont’d) A simpler condition to reduce the coefficients, test if the following equation is satisfied This must hold if p is prime The problem now is that some composites n may satisfy the equation for a few values of a and r. n must be a prime power if the equation holds for several a’s and an appropriately chosen r.

Notation and Preliminaries denotes the order of a modulo r, which is the smallest number k such that is Euler’s totient function giving the number of numbers less than r that are relatively prime to r.

AKS algorithm Input: integer n > 1. If , output COMPOSITE; Find the smallest r such that If 1 < (a, n) < n for some , output COMPOSITE; If , output PRIME; For a=1 to do if ( ), output COMPOSITE; Output PRIME;

Correctness (1) Theorem. The algorithm returns PRIME if and only if n is prime. Proof. [if] If n is prime, steps 1 and 3 can never return COMPOSITE. By the modified Fermat Little Theorem, the for loop also cannot return COMPOSITE. Therefore the algorithm will identify n as PRIME either in step 4 or in step 6.

Correctness (2) Proof. [only if] If the algorithm returns PRIME in step 4 then n must be prime since otherwise step 3 would have found a non-trivial factor of n. How about the algorithm returns PRIME in step 6 ? We need more lemmas.

Correctness (3) Let p be a prime divisor of n. Also, let Two sets: and

Correctness (4) Define two groups based on the two sets. 1. The first group G is the set of all residues of numbers in I modulo r. We have |G| = t > 2. The second group U is the set of all non-zero residues of polynomials in P modulo h(X) and p, where h(X) is one irreducible factor of degree of

Correctness (5) Lemma. Lemma. If n is not a power of p then Lemma. If the algorithm returns PRIME then n is prime. Proof. We have t=|G| and Therefore, for some k>0. If k>1 then the algorithm will return COMPOSITE in step 1. Thus, n=p. QED

Time complexity We use the symbol for Ex. Theorem. The asymptotic time complexity of the algorithm is

Time complexity (Cont’d) Input: integer n > 1. If , output COMPOSITE; Find the smallest r such that If 1 < (a, n) < n for some , output COMPOSITE; If , output PRIME; For a=1 to do if ( ), output COMPOSITE; Output PRIME; 1 2 3 4 5

Conclusions AKS algorithm is an unconditional deterministic polynomial-time algorithm for primality testing. The complexity of the original algorithm of AKS is , and can be improved to by improving the estimate for r. This algorithm can be further reduced to if one additional number theoretical conjecture can be proved.

Thank you very much!