Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Prime Example CS Lecture 20 A positive integer p  2 is prime if the only positive integers that divide p are 1 and p itself. Positive integers.

Published byLynette West Modified over 8 years ago

Similar presentations

Presentation on theme: "A Prime Example CS Lecture 20 A positive integer p  2 is prime if the only positive integers that divide p are 1 and p itself. Positive integers."— Presentation transcript:

1

2 A Prime Example CS 15-251 Lecture 20

3 A positive integer p  2 is prime if the only positive integers that divide p are 1 and p itself. Positive integers n  2 which are not prime are called composite.

4 The prime factorization of a positive integer n is an expression of n as a product of primes n = p 1 p 2 p 3 …p k Theorem: (Fundamental Theorem of Arithmetic) Every positive integer n  2 has a unique prime factorization (up to order of the prime factors). Proof. Existence: Suppose m is the smallest positive integer  2 with no prime factorization. m is prime  m itself is a prime factorization m is composite  m = m 1 m 2 for 1  m 1  m and 1  m 2  m m 1 and m 2 have prime factorizations so m 1 m 2 yields a prime factorization for m 

5 Uniqueness: Suppose m is the smallest positive integer  2 with two different prime factorizations. m = p 1 p 2 …p i m = p 1 ’p 2 ’…p k ’ p 1 | p 1 ’p 2 ’…p k ’ p 1 | p j ’ for some 1  j  k p 1 = p j ’ (since both are prime) Remove p 1 from p 1 p 2 …p i and p j ’ from p 1 ’p 2 ’…p k ’ to get m’ with two different prime factorizations: m’ = p 2 …p i = p 1 ’p 2 ’…p j-1 ’p j+1 ’…p k ’ But m’  m, so m’ must have a unique prime factorization. 

6 Three Classic Problems 1. Density How many primes are in {1…n}? 3. Testing Given a positive integer n, is n prime? 2. Generation List all the primes in {1…n}. These problems go back to the ancient Greeks!

7 4. Random choice Pick a random prime number in {1...n}. …And a Modern Problem This problem arises in cryptographic algorithms (such as RSA) that need large prime numbers to make cryptographic keys. We’ll learn more about these algorithms in a future lecture.

8 Let  (n)  the number of primes in {1…n}  (10) = 4(2,3,5,7)  (20) = 8(2,3,5,7,11,13,17,19) 1. Density of Primes

9 Theorem (Euclid): The set of prime numbers is infinite. Proof: Suppose the primes are the finite set {p 1, p 2, …, p k } Let m = p 1 p 2 … p k + 1 m is not divisible by any prime p i, so m must be a multiple of a prime that is not in the “set of all primes”.  Thanks to Euclid, we know  (n)  as n . But how thickly distributed are the primes? That is, if we pick a random number in {1…n}, what’s the probability of getting a prime? We’ll see a better characterization of  (n) shortly.

10 2. Generating Primes Give an algorithm that lists all the primes in {1...n}. For each prime p, the Sieve eliminates all multiples of p. No prime will ever be eliminated, and every composite (which must have a prime factor smaller than itself) is guaranteed to be eliminated before the outer loop reaches it. Running time: O(  (n)n (logn) 2 + n) if multiplication is O((logn) 2 ) set prime [2..n] = 1 for p = 2 to n do if prime [p] = 1 then print “p is prime” for m = 2 to n/p do prime [mp] = 0 Sieve of Eratosthenes

11 3. Testing Primality Give an algorithm for deciding whether a number n is prime. A) Trial division for k = 2 to n do if k | n then return “n is not prime” otherwise return “n is prime” O(n (logn) 2 ) time if division is O((logn) 2 ) B) Sieve method Run the Sieve of Eratosthenes on {1...n} O(  (n)n (logn) 2 + n) time

12 C) Trial division up to  n for k = 2 to  n do if k |n then return “n is not prime” otherwise return “n is prime” O(  n (logn) 2 ) time if division is O((logn) 2 ) Claim: if n is composite, then n has a prime factor p   n. Proof: By contradiction. Suppose some composite n has a prime factorization n = p 1 p 2 … p k where all p i   n. But then n = p 1 p 2 … p k  (  n ) k which is a contradiction unless k  2, that is, unless n is prime. 

13 The trial division algorithm can be easily adapted to find at least one factor of n: for k = 2 to  n do if k |n then return “k is a factor of n” otherwise return “n is prime” This algorithm runs in O(  n (logn) 2 ) time, which is O(n) (in fact, sublinear). So why do we think factoring is so hard? Why are banks and governments willing to trust their secrets to a number that can be factored in O(n) time?

14 Trial division is exponential as a function of the length of its input! The input number n can be represented by k=O(logn) bits. As a function of k, the trial division algorithm runs in O(n) = 2 O(k) time

15 4. Random Primes Give an algorithm to pick a random prime number in {1..n}. Brute force algorithm Generate all the primes in {1…n} Pick one at random

16 Randomized algorithm Pick a random number m  {1…n} Test if m is prime If m is prime, return it Otherwise try again What is the expected number of tries before finding a prime? Let p = probability of picking a prime on one try p =  (n)/n Expected number of tries to get a prime is 1/p = n/  (n)

17 The randomized algorithm motivates us to look for better solutions to the classic problems in prime numbers. Density of primes We need some assurance that primes are numerous enough that the expected number of tries n/  (n) is about O(logn). Testing primality The O(n) trial division algorithm is intractably slow. We need something more like O(logn). Solving these two problems will consume the rest of the lecture.

18 Prime Density Theorem In other words, as n ,  (n)  n / lnn. This deep and famous result was conjectured by Euler around 1750, but not proved until 150 years later, by Hadamard. The proof is hard. Density of Primes (revisited)

19 Corollary: The density of primes  (n)/n  1/lnn as n . Example: How many primes are in {1 … 10 10 }?  (10 10 )  10 10 / ln 10 10  434,000,000 Example: What is the probability that a random 100-digit number is prime?  (10 100 )/ 10 100  1 / ln 10 100  1 in 230

20 If this statement is true, we can put a lower bound on the probability that a randomly chosen number in {1..n} is prime:  (n)/n =  (1/logn) So picking randomly from {1…n}, we need only expected O(logn) tries to find a prime number. For our purposes, we don’t need to prove the Prime Density Theorem. All we need is the weaker statement:  (n) =  (n /logn)

21 Theorem:  (n) =  (n /logn) Proof: For a prime p and a positive integer n, define the multiplicity of p in n as the number of times p occurs in the prime factorization of n. 500 = 5  5  5  2  2 multiplicity of 5 in 500 = 3 multiplicity of 2 in 500 = 2 multiplicity of 11 in 500 = 0

22 Claim: for any prime p and positive integer n, the multiplicity of p in n ! is Look at n ! = 1  2  3  n This product contains  n/p  multiples of p  n/p 2  multiples of p 2  n/p i  multiples of p i So the formula above counts the multiples of p, p 2,… such that a multiple of p i (but not p i+1 ) is counted exactly i times. Since only multiples of p can contribute p factors, the formula counts the number of times p appears in the prime factorization of n !

23 Let r (p) be the natural number such that p r (p)  2n  p r (p)+1 Claim: for any prime p and positive integer n, the multiplicity of p in is at most r (p). since p r (p)+1  2n Lemma: a -  a   1 2a - 2  a   2  2a  - 2  a   2  2a  - 2  a   1 by lemma at left Each factor p in the denominator cancels out a factor p in the numerator. So the multiplicity of p in is

24 The prime factorization of is the product of its prime factors raised to the power of their multiplicities. Since the multiplicity of any prime factor p in is at most r (p), we get: since p r (p)  2n by definition since the prime factors of are at most 2n

25 Taking logs of both sides and rearranging terms gives Since, So we have the desired result:

26 The prime density theorem states that n/lnn is a good estimate for  (n). But how large is the error? The Riemann Hypothesis Riemann proposed this conjecture in 1859. It is one of the most famous open problems in mathematics. A quick detour...

27 For all primes p and integers a such that 1  a  p -1, a p -1 = 1 (mod p) Fermat’s Little Theorem For example: a = 5, p = 7 5 6 = 15,625 = 2,232  7 + 1 = 1 (mod 7) What is 2 38 (mod 7)? 2 38 = (2 6 ) 6  2 2 = 1 6  2 2 = 4 (mod 7)

28 A group (G,  ) is a set G and a binary operation  that has closure, associativity, inverses, and identity. The set Z n * = { x | 1  x  n and gcd(x,n) = 1} is a group with respect to multiplication mod n. In particular, for prime p, Z p * = {1,…, p -1} is a group with multiplication mod p. Lagrange: If G is a finite group and S is a subgroup of G, then the size of S divides the size of G. Recall From Group Theory

29 Theorem. (Fermat) For all primes p and integers a such that 1  a  p -1, a p -1 = 1 (mod p) Proof: Given a  Z p * Let aZ p * = { ax | x  Z p *} So aZ p * = { a, 2a, 3a, …, (p-1)a } aZ p * = Z p * because ax  aZ p *  ax  Z p * and x  Z p *  x = a (a -1 x)  aZ p * Multiply all the elements in each set (mod p): a  2a  3a    (p -1)a = 1  2  3    (p -1) (mod p) a p -1 (1  2  3    (p -1)) = 1  2  3    (p -1) (mod p) a p -1 = 1 (mod p)

30 Testing Primality (revisited) A simple randomized primality test is based on Fermat’s Little Theorem. To test if n is prime: pick a  {1…n -1} at random if a n -1  1 (mod n), return “n is not prime” else return “n may be prime” Hmm... O(log n) multiplies by using repeated squaring

31 What if n = 341, a = 2? 2 340 = (2 10 ) 34 = 1024 34 = (3  341 + 1) 34 = 1 (mod 341) But 341 is not prime. 341 = 11  31 Fermat’s Little Theorem doesn’t work in both directions. Just because some numbers n and a satisfy the Fermat property, that doesn’t necessarily mean that n is prime!

32 The situation is even worse than that. Some composite numbers (called Carmichael numbers) actually satisfy Fermat’s Little Theorem for all 1  a  n-1. Our simple primality test cannot tell Carmichael numbers from prime numbers. Fortunately Carmichael numbers are extremely rare -- only 255 of them occur in the first 100,000,000 integers. We will ignore them for now. 56111051729 First three Carmichael numbers:

33 If n is not a Carmichael number, we can bound the probability that the primality test goes wrong. Define K n * = { a  Z n * | a n-1 = 1 (mod n)} So K p * = Z p * for primes p (by Fermat’s Theorem) K 341 * contains 2 K k * = Z k * for Carmichael numbers k (by definition) If our choice of a for the test happens to fall in K n *, then the test would give the wrong answer. We want K n * to be small relative to {1…n-1}, so that a random a  {1…n-1} has a good chance of missing K n *.

34 Theorem. If n is composite but not a Carmichael number, then Pr (a  K n *)  1/2. Proof: Recall K n * = { a  Z n * | a n-1 = 1 (mod n)} Claim: K n * is a subgroup of Z n * Closure: a n-1 = 1 (mod n), b n-1 = 1 (mod n)  (ab) n-1 = 1 (mod n) Identity: 1 n-1 = 1 (mod n) Associativity: multiplication is associative Inverses: a n-1 = 1  (a n-1 ) -1 = 1  (a -1 ) n-1 = 1 (mod n) Since n is neither prime nor Carmichael, K n *  Z n * |K n *|  |Z n *| But |K n *| divides |Z n *| (Lagrange’s Theorem) So |K n *|  1/2 |Z n *|  1/2 (n-1).

35 We can boost the probability of the randomized primality test as high as we like by repeating it. Randomized primality test: repeat k times pick a  {1…n -1} at random if a n -1  1 (mod n) then return “n is not prime” return “n is probably prime or Carmichael” (Chance of mistake < 1/2 k as we vary over the possible coin tosses of the algorithm) A slightly more complicated version of this algorithm (the “Miller-Rabin” algorithm) detects and eliminates Carmichael numbers with probability  1 - 1/2 k.

Download ppt "A Prime Example CS Lecture 20 A positive integer p  2 is prime if the only positive integers that divide p are 1 and p itself. Positive integers."

Similar presentations

Presented by Alex Atkins.  An integer p >= 2 is a prime if its only positive integer divisors are 1 and p.  Euclid proved that there are infinitely.

Presented by Alex Atkins.  An integer p >= 2 is a prime if its only positive integer divisors are 1 and p.  Euclid proved that there are infinitely.
Randomness and Computation: Some Prime Examples Great Theoretical Ideas In Computer Science (Steven Rudich) John LaffertyCS 15-251 Fall 2005 Lecture 22Nov.

Randomness and Computation: Some Prime Examples Great Theoretical Ideas In Computer Science (Steven Rudich) John LaffertyCS Fall 2005 Lecture 22Nov.
Cryptography and Network Security

Cryptography and Network Security
Chapter 8 – Introduction to Number Theory. Prime Numbers prime numbers only have divisors of 1 and self –they cannot be written as a product of other.

Chapter 8 – Introduction to Number Theory. Prime Numbers prime numbers only have divisors of 1 and self –they cannot be written as a product of other.
Having Proofs for Incorrectness

Having Proofs for Incorrectness
Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)

Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)
Introduction to Modern Cryptography Lecture 6 1. Testing Primitive elements in Z p 2. Primality Testing. 3. Integer Multiplication & Factoring as a One.

Introduction to Modern Cryptography Lecture 6 1. Testing Primitive elements in Z p 2. Primality Testing. 3. Integer Multiplication & Factoring as a One.
COM 5336 Cryptography Lecture 7a Primality Testing

COM 5336 Cryptography Lecture 7a Primality Testing
22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.

22C:19 Discrete Math Integers and Modular Arithmetic Fall 2010 Sukumar Ghosh.
Number Theory and Cryptography

Number Theory and Cryptography
Basic properties of the integers

Basic properties of the integers
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
Foundations of Network and Computer Security J J ohn Black Lecture #10 Sep 18 th 2009 CSCI 6268/TLEN 5550, Fall 2009.

Foundations of Network and Computer Security J J ohn Black Lecture #10 Sep 18 th 2009 CSCI 6268/TLEN 5550, Fall 2009.
1 Chapter 7– Introduction to Number Theory Instructor: 孫宏民 Room: EECS 6402, Tel:03- 5742968, Fax : 886-3-572-3694.

1 Chapter 7– Introduction to Number Theory Instructor: 孫宏民 Room: EECS 6402, Tel: , Fax :
Elementary Number Theory and Methods of Proof. Basic Definitions An integer n is an even number if there exists an integer k such that n = 2k. An integer.

Elementary Number Theory and Methods of Proof. Basic Definitions An integer n is an even number if there exists an integer k such that n = 2k. An integer.
Deciding Primality is in P M. Agrawal, N. Kayal, N. Saxena Slides by Adi Akavia.

Deciding Primality is in P M. Agrawal, N. Kayal, N. Saxena Slides by Adi Akavia.
Chapter 8 – Introduction to Number Theory Prime Numbers  prime numbers only have divisors of 1 and self they cannot be written as a product of other numbers.

Chapter 8 – Introduction to Number Theory Prime Numbers  prime numbers only have divisors of 1 and self they cannot be written as a product of other numbers.
CSE 321 Discrete Structures Winter 2008 Lecture 8 Number Theory: Modular Arithmetic.

CSE 321 Discrete Structures Winter 2008 Lecture 8 Number Theory: Modular Arithmetic.
Chapter 8 – Introduction to Number Theory Prime Numbers

Chapter 8 – Introduction to Number Theory Prime Numbers
Chapter 8 – Introduction to Number Theory Prime Numbers  prime numbers only have divisors of 1 and self they cannot be written as a product of other numbers.

Chapter 8 – Introduction to Number Theory Prime Numbers  prime numbers only have divisors of 1 and self they cannot be written as a product of other numbers.

Similar presentations

Ads by Google