Primes in P Deterministic polynomial-time algorithm of Agrawal, Kayal and Saxena Presented by Vladimir Braverman

History Sieve of Eratosthenes 240BC Randomized, polynomial-time algorithm of Miller-Rabin, 1980 (practically used) Adleman, Pomerance and Rumeley (APR) a deterministic algorithm, an almost polynomial time N loglogN, 1983 Agrawal, Kayal and Saxena, deterministic, polinomial-time algorithm 2002

Impact Data security Number Theory Theory of algorithms Doesn’t have a practical value yet

The Heroes Neeraj Kayal and Nitin Saxena are PhD students (22 years old). Indian Institute of Technology, Kanpur Agrawal was recently awarded the Clay Research Award, one of the coveted honors in mathematical research.

Polynomial identity idea Algorithms in Number Theory Number Theory Group Theory Finite Fields Primes in P

Content Background – Algorithms in number theory – Rings – Number Theory Basic idea: Polynomial identity Algorithm – Pseudo code – Correctness – Running time

Algorithms in number theory Lemma 1 – 0 < a,b < n – ab can be calculated in O( log 3 (n)) – Maximal integer less than b/a can be calculated in O(log 2 (n)) – a mod b can be calculated in O(log 2 (n)) – Gcd(a,b) can be calculated in O(log 3 (n))

Algebra A ring is a set together with addition and multiplication 1. Additive associativity: 2. Additive commutativity: 3. Additive identity. 4. Additive inverse 5. Multiplicative associativity: 6. Left and right distributivity: A ring is therefore an Abelian group under addition and a semigroup under multiplication.

Algebra (cont) A polynomial f is defined to be a formal expression of the form where the coefficients a 0,..., a n are elements of some ring R and X is considered to be a formal symbol.ring Two polynomials are considered to be equal if and only if the sequences of their coefficients are equal.

Algebra (end) Polynomials with coefficients in R can be added by simply adding corresponding coefficients and multiplied using the distributive low and the rules X a = a X for all elements a of the ring R X k X l = X k+l for all natural numbers k and l. The set of all polynomials with coefficients in the ring R forms itself a ring, the ring of polynomials over R, which is denoted by R[X].

Algorithms in number theory (cont) Lemma 2 Let 1 < a,b, r and n = max(a,r). Than a b mod r can be calculated in O( log 2 (n) + log(b) log 2 (r)) Lemma 3 Let 1< a,r < n. The r coefficients of (x-a) n mod (x r -1) in Z n [x] can be computed in O(r 2 log 3 (n)) time.

Algorithms in number theory (cont) Lemma 4 Let n > 2 be an integer. There is an algorithm that decides in O(√n log 2 (n)) whether n is prime. Algorithm: – r:=2; s:=4 (s = r 2 ) – While s <= n – Do If n mod r = 0 return NO Else r:=r+1; s:=2r-1 Endif – EndWhile – Return Yes

Algorithms in number theory (cont) Lemma 4 (cont) – The correctness follows from the fact that n is not prime iff there is an integer r <= √n that divides n. – The while-loop makes at most √n iterations each one taking (log 2 n) time.

Algorithms in number theory (end) Lemma 5 Let n > 2 be an integer. There is an algorithm that computes the largest prime factor of n in O(√n log 2 (n)). Lemma 6 Let n > 2 be an integer. There is an algorithm that decides in O(log 4 (n) log (log (n)) ) whether there exist integers a,b such that n = a b.

Number theory Lemma 7 If p is prime number than for any i < p ( p i ) = 0 mod p Proof ( p i ) = p(p-1)…(p-i+1) / i! Since gcd(p, i!) = 1 the lemma is proved

Number theory(cont) Lemma 8 If p is prime number than for any a, a p = a mod p Proof (induction) a = 1 a -> a+1 (a+1) p =  ( p i ) a i (a+1) p = a p +1 = a+1 mod p

Polynomial identity Theorem 1 Let a, n be integers – If n is a prime number, then (x-a) n = x n -a in the ring Z n [x] – If gcd(a, n) =1 and n is not a prime number, then (x-a) n <> x n -a in the ring Z n [x]

Proof of Theorem 1 (x-a) n =  ( n i ) x i (-a) n-I. 1. Prime case – If n is prime, ( n i ) = 0 mod n, according to Lemma 7 – Therefore(x-a) n = x n – a n = x n – a mod n, according to Lemma 8 2. n is not a prime and gcd(n,a) = 1 q – prime factor of n, q k | n, k – maximal gcd (a,q) = 1 and gcd (a n-q, q k ) = 1

Proof of Theorem 1(Cont) Lemma: q k doesn’t divide ( n q ) Proof: (by contradiction) Suppose, ( n q ) = b q k. Than, n(n-1)…(n-q+1)/q! = b q k. n = (q-1)! b q k+1 /(n-1)…(n-q+1). For each 0 < j < q, q doesn’t divide (n-j). Indeed, since q | n and (n-j) = 0 mod q we have j = 0 mod q. Therefore, (q-1)! b /(n-1)…(n-q+1) is an integer and q k+1 | n that contradicts with maximal property of k

Proof of Theorem 1(Cont) (x-a) p The coefficient of x p is ( n q )(-1) n-q a n-q If it is divisible by n, than ( n q )a n-q = bn Hence, ( n q )a n-q /q k = bn / q k Right-hand side is integer and gcd(a n-q,q k ) = 1 Therefore q k | ( n q ) that contradicts Lemma We proved that (x-a) n <> x n -a in the ring Z n [x]

Improved polynomial identity Theorem 2 Let n be an integer and let q, r be prime numbers and 1. gcd (m,n) = 1 for all m < r 2. q divides r-1 3. q ≥ 2√r log(n) n (r-1)/q ≠ 1 mod r 5. (x-a) a = (x n -a) mod (x r -1) in Z n [x] for a < 2√r log(n) + 1 Then n is a power of prime number.

Lemma 9 There exist constants 0 < c 1 < c 2 such that for any large n, there exists a prime number r 1. c 1 log 6 (n) < r < c 2 log 6 (n) 2. r-1 has a prime factor q, q ≥ 2√r log(n) n (r-1)/q ≠ 1 mod r

Algorithm Prime(n) r := 2; found := false; While r < n and found = false Do if gcd(r,n) ≠ 1 then return NO – If r is a prime and r > 2 – Then q := largest prime factor of r-1 If q ≥ 2√r log(n) + 2 and n (r-1)/q ≠ 1 mod r Then found = true Endif – Endif – If found = false then r++ endif Endwhile

Algorithm Prime(n) (Cont) For a:= 1 to 2√r log(n) + 1 Do if (x-a) a ≠ (x n -a) mod (x r -1) in Z n [x] – Then return NO – Endif Endfor If n = a b for some integers a,b ≥ 2 Then return NO Else return YES Endif

Correctness of the algorithm (Sketch of the proof ) If n is prime, Algorithm doesn’t return NO during While loop, since gcd(n,r) = 1 By Theorem 1, (x-a) a ≠ (x n -a) mod (x r -1) in Z n [x] Thus, the algorithm doesn’t return NO during For loop N is not in the form a b, therefore YES is returned If n is not a prime, then, according to Theorem 2, the algorithm returns NO

Running time (Sketch of the proof ) While loop ActionTimeReason gcdO(log 3 (n))Lemma 1 r is primeO(√r log 2 (r))Lemma 4 largest prime factor of r-1O(√r log 2 (r))Lemma 5 n (r-1)/q mod rO(log 2 (n) + log 3 (r))Lemma 2 One while-loop iterationO(log 2 (n) + (√r log 2 (r)) Number of while iterationsO(log 6 (n))Lemma 9 While-loopO( log 9 (n) log 2 (log(n)) )r=O(log 6 (n))

Running time(Cont) For loop Testing if n is perfect power – O(log 4 (n) log(log(n))), by Lemma 6 ActionTimeReason Coefficient of (x-a) n mod (x r -1) in Z n [x] Note that the same time for (x n -a) O(r 2 log 3 (n))Lemma 3 For-loopO(log 19 (n))r=O(log 6 (n)), Lemma 9

References Agrawal, Kayal and Saxena. Primes in P M. Smid. Primality testing in polynomial time F. Bornemann. PRIMES Is in P: A breakthrough for “Everyman”

END