K. -C. Yang and J. -L. Lin National Tsing Hua University PRIMES K. -C. Yang and J. -L. Lin National Tsing Hua University

OUTLINE Definition And History of Prime PRIMES is in P Previous Researches Basic Idea and Approach Preliminary Notation The Algorithm And Verification Time Complexity Analysis Future Works

History History Definition Let p N and p > 1, p is prime if it has no positive divisor other than 1 and p. History Pythagoras (580 BC ~ 300 BC) Integer (odd, even, prime, …), Rational and Irrational number, Pythagorean Theorem… Euclid (300 BC) There are an infinite number of primes.

History (2) pf. Assume there are finite number of primes. Let p1, …, pn be all primes, and let N = p1p2…pn + 1  N is a composite number and  N has a prime factor p  p1, …, pn  Contradiction

History (3) PRIMES is in P - O(logk n) for k≧1. How to determine if a number is prime? Sieve of Eratosthenes (240 BC) If n is composite, then n has a positive divisor less than or equal to n1/2. So to determinate whether n is prime, you can try dividing n to every m < n1/2. This is an exponential-time algorithm O(n1/2 log n). PRIMES is in P - O(logk n) for k≧1.

Fermat (1) Fermat’s Last Theorem (AD 1637) xn + yn = zn has no integer solution for n > 2 Proven by Wiles (AD 1995) Fermat’s Little Theorem (AD 1640) a  N and p is prime, then ap-1 ≡1 (mod p) e.g. p = 2, a = 3, then 32 ≡ 1 (mod 2) p = 3, a = 4, then 43 ≡ 1 (mod 3) p | ap-1 - 1

Fermat (2) pf. of Fermat’s little theorem (by induction) ap-1 ≡1 (mod p)  ap - a ≡ 0 (mod p)  p | ap - a Assume p | ap - a, then examine (a + 1)p - (a + 1) (binomial theorem)   p divides the right side, so it also divides the left side.  p | (a + 1)p - (ap + 1) + (ap - a) = (a + 1)p - (a + 1)  The hypothesis is true for any a.

Fermat (3) Time complexity – O(lg n) If ap-1 ≡1 (mod p) for a  N , p is prime? It fails! 341 341 = 11 × 31 2340 ≡1 (mod 341) Pseudo primes: 341, 561 , 645, 1105…

Previous Researches 1975, Miller designed a test based on Fermat Little Theorem deterministic polynomial-time algorithm – O(log4 n) Assuming Extended Riemann Hypothesis 1980, Miller’s algorithm was modified by Rabin Unconditional but randomized polynomial-time 1983, Adleman, Pomerance and Rumely deterministic in (log n)O(logloglog n) 1986, Goldwasser and Kilian randomized polynomial-time algorithm (on almost all input) 1992, G-K algorithm was modified by Adleman and Huang randomized polynomial-time algorithm on all inputs 2002, Manindra Agrawal, Neeraj Kayal, and Nitin Saxena deterministic polynomial-time O(log7.5+εn) by using algebra

Riemann Hypothesis (1) In 1859, proposed by Riemann Hilbert’s problems 23 problems. The Second International Congress of Mathematicians, 1900. Three of Hilbert’s problems remain unconquered. 6. Can physics be axiomized? 8. Riemann hypothesis. 16. Develop a topology of real algebraic curves and surfaces. Partial answer by Oxenhielm, Stockholm University, 2003

Riemann Hypothesis (2) Riemann zeta function Trivial zero point -2, -4, -6, -8, … Riemann Hypothesis  non trivial zero point in Reimann zeta function, σ= ½. Clay Mathematics Institute $1000000 for the solution to this problem. (2000. 5)

Manindra Agrawal, Neeraj Kayal, and Nitin Saxena August 6, 2002 PRIMES is in P Manindra Agrawal, Neeraj Kayal, and Nitin Saxena August 6, 2002

Basic Idea and Approach (1) Let aZ, nN, and (a, n) = 1. Then n is prime iff (X + a)n≡(Xn + a) (mod n) pf. If n is prime  n | (X + a)n – (Xn + a)  (X - a)n≡(Xn - a) (mod n) If n is composite, let q be prime, qk | n, but qk+1 | n   n | (X + a)n – (Xn + a) an – a = a(an-1 – 1) ∵n | an-1 -1 (Fermat’s little thm)  n | an - a (n, a) = 1  (qk, an-q) = 1

Basic Idea and Approach (2) To evaluate n coefficients, it costs time Ω(n). To shorten the number of coefficients, we use (x + a)n ≡ (xn + a) (mod xr – 1, n) If p is prime, the above congruence holds. However, some composite numbers still satisfy this congruence. For appropriate r, n must be a prime power. e.g. 33, 75, 2×3×5

Basic Algorithm Input n > 1 1. If ( n = ab for some a  N and b > 1), output COMPOSITE. 2. Find the smallest r such that or(n) > 4log2n. 3. If (gcd(n, a) > 1 for some a ≦ r) , output COMPOSITE. 4. If (n ≦ r), output PRIME. 5. For a = 1 to do if , output COMPOSITE. 6. Output PRIME. Notation: or(n) = d denotes the smallest positive integer d s.t. nd ≡ 1 (mod r) Notation2: ψ(r) = |k|, where k < r and (k, r) = 1

Preliminary Notation (1) Fn denotes the finite field, where n is a prime. Let n and r be prime numbers, n ≠ r. 1. The multiplicative group of any field Fn, denoted by Fn* is cyclic. 2. Let f(x) be a polynomial with integral coefficients. Then f(x)n≡ f(xn) (mod n) 3. Let h(x) be any factor of xr - 1. Let m≡mr (mod r). Then xm ≡ xmr (mod h(x)) 4. In Fn, factorizes into irreducible polynomial each of degree or(n).

Preliminary Notation (2) Let f(x) be a polynomial with integral coefficients. Then f(x)n≡ f(xn) (mod n) pf. Let f(x) = a0 + … + adxd. The coefficient ci of xi in f(x)n is n | ci unless some ij is n. In this exception case, im = 0 for all m ≠ j. i = j × ij = nj. And cnj = ajn (mod n). Therefore, cnj ≡ aj (mod n) (Fermat’s Little Theorem) f(x)n ≡ c0 + cnxn + c2nx2n + … + cndxnd (mod n) ≡ a0 + a1xn + a2x2n + … + adxnd (mod n) ≡ f(xn) (mod n) xi1 × x2i2 × … × xdid = xi1+2i2…+did cnj = ajn + n ×Δ

Preliminary Notation (3) Let h(x) be any factor of xr – 1. Let m≡mr (mod r). Then xm ≡ xmr (mod h(x)) pf. Let m = kr + mr. Now xr ≡ 1 (mod xr - 1)  xkr ≡ 1 (mod xr - 1)  xkr+mr ≡ xmr (mod xr - 1)  xm ≡ xmr (mod xr - 1)  xm ≡ xmr (mod h(x)) xr-1 | xm-xmr  h(x) ×Δ | xm-xmr  h(x) | xm-xmr

Preliminary Notation (4) In Fn, factorizes into irreducible polynomial each of degree or(n). Let d = or(n) and h(x) be a irreducible factor of with degree k. Fn[x]/h(x) forms a field of size nk and the multiplicative subgroup of Fn[x]/h(x) is cyclic with a generator g(x) (by fact 1). We have g(x)n ≡ g(xn) (fact 2)  g(x)nd ≡ g(xnd)  g(x)nd ≡ g(x)  g(x)nd-1 ≡ 1 ∵ Order of g(x) = (nk - 1), ∴(nk - 1)|(nd - 1)  k | d. ∵ h(x) | (xr – 1), we also have xr ≡ 1 in Fn[x]/h(x)  order of x in this field must be r (∵ r is prime). Therefore, r | (nk - 1), i.e. nk ≡ 1 (mod r) Hence, d | k. Therefore, k = d. g(xn) ≡ g(xn) g(xn)n ≡ g(xn2) g(xn2)n ≡ g(xn3) … g(x)nd ≡ g(xnd) pn ≡ 1 (mod r) xnd ≡ x1 (mod h(x)) (by fact 3) g(xnd) ≡ g(x)

Algorithm Input n > 1 1. If (  a  N and b > 1 s.t. n = ab ), output COMPOSITE. 2. Find the smallest r such that or(n) > 4log2n. 3. If (  a ≦ r s.t. 1 < gcd(n, a) < n ) , output COMPOSITE. 4. If (n ≦ r), output PRIME. 5. For a = 1 to do if , output COMPOSITE. 6. Output PRIME. Notation: (n, r) = 1, or(n) = d denotes the smallest positive integer d s.t. nd ≡ 1 (mod r) Notation2: ψ(r) = |k|, where k < r and (k, r) = 1

Correctness (1) Lemma. If n is prime, the algorithm returns PRIME. pf. 1. Step 1 and Step 3 can never return COMPOSITE. n≠ab (a, n) = 1 or n  a ≦ r 2. Step 5 also can not return COMPOSITE. If p is prime, (x + a)n ≡ (xn + a) (mod xr – 1, n) holds  It returns PRIME either in Step 4 or Step 6.

Correctness (1) Lemma. If the algorithm returns PRIME, n is prime. If it returns PRIME in Step 4 then n must be prime. ∵n ≦ r , and (n, a) = 1 or n  a ≦ r The remaining case: It returns PRIME in Step 6. (n, 1) = 1 (n, 2) = 1 … (n, n -1) = 1 (n, n) = n

Correctness (2) Find an appropriate r in Step 2. rt Find an appropriate r in Step 2. Lemma. There exist an r ≦ 16lg5n s.t. or(n) > 4lg2n pf. Let r1, r2, …, rt be all numbers s.t. ori(n) ≦ 4lg2n, note that t ≦ 16lg5n 1 2 3 16lg5n  ∵n ≦ 2lgn Let ori(n) = k  nk≡1 (mod ri)  ri | nk - 1 < n1n2…n4lg2n = n8lg4n+2lg2n < n16lg4n

Correctness (3)  lcm (r1, …, rt) |Π (ni - 1) < 216lg5n However, lcm (1, …, 16lg5n) > 216lg5n Therefore, t < 216lg5n  r {ri | 0 ≦ i ≦ t}, but r < 16lg5n, and or(n) > 4lg2n Lemma. lcm (1, 2, …, m) ≧ 2m for m>6

Correctness (4) Assume n is composite. Let p be prime and p | n We fix p and r in the remainder sections. Set l = (X + a)n ≡ Xn + a (mod Xr - 1, n) for 1≦ a ≦ l (X + a)n ≡ Xn + a (mod Xr - 1, p) for 1≦ a ≦ l (X + a)p ≡ Xp + a (mod Xr - 1, p) for 1≦ a ≦ l ∵p is prime and (a, p) = 1

Correctness (5) Definition. For polynomial f(X) and number m N, we say that m is introspective for f(X) if [f(X)]m ≡ f(Xm) (mod Xr – 1, p) n, p are introspective for f(X) = X + a Lemma. If m and m’ are introspective numbers for f(X) then so is m × m’ pf. [f(X)]mm’ ≡ [f(Xm)]m’ (mod Xr - 1, p) Let Y = Xm, [f(Y)]m’, [f(Y)]m’ ≡ f(Ym’) (mod Yr - 1, p)  [f(Xm)]m’ ≡ f(Xmm’) (mod Xr - 1, p)  [f(X)]mm’ ≡ f(Xmm’) (mod Xr - 1, p) Yr - 1 = Xmr - 1 Xr - 1 | Xmr – 1

Correctness (6) Lemma. If m is introspective for f(X) and g(X) then so is f(X)g(X) pf. claim: [f(X)g(X)]m ≡ f(Xm)g(Xm) (mod Xr – 1, p) [f(X)]m ≡ f(Xm) (mod Xr – 1, p) [g(X)]m ≡ g(Xm) (mod Xr – 1, p)  [f(X)]m[g(X)]m ≡ f(Xm)g(Xm) (mod Xr – 1, p)

Lemma 4.5. If m and m are introspective numbers for f(x) then so is m m. Lemma 4.6. If m is introspective for f(x) and g(x) then it is also introspective for f(x)  g(x).

Set Lemma 4.5 and 4.6 implies that every number in the set I is instropective for every polynomials in the set P. i,e,

Define G be the set of all residues of numbers in I modulo r , then G is a subgroup of Let |G| = t , and since or(n) > 4log2n, t > 4log2n.

Lemma 4.7.

Lemma 4.8. If n is not a power of p, then

Lemma 4.9. If the algorithm returns PRIME then n is prime.

O(log3n) O(log7n) (log5n r’s) O(rlogn)= O(log6n) Each equation : O(rlog2n) Total : O(log10.5n)