Download presentation
Presentation is loading. Please wait.
1
Deciding Primality is in P M. Agrawal, N. Kayal, N. Saxena Slides by Adi Akavia
2
Background Sieve of Eratosthenes 240BC - (n) Fermat’s Little Theorem (17 th century): p is prime, a 0 (mod p) a p-1 1 (mod p) (The converse does not hold – Carmichael numbers) Polynomial-time algorithms: –[Miller 76] deterministic, assuming Extended Riemann Hypothesis. –[Solovay, Strassen 77; Rabin 80] unconditional, but randomized. –[Goldwasser, Kilian 86] randomized produces certificate for primality! (expected poly time for almost all inputs) –[Adelman Huang 92] primality certificate for all numbers. [Adelman, Pomerance, Rumely 83] deterministic (log n) O(log log log n) -time. Sieve of Eratosthenes 240BC - (n) Fermat’s Little Theorem (17 th century): p is prime, a 0 (mod p) a p-1 1 (mod p) (The converse does not hold – Carmichael numbers) Polynomial-time algorithms: –[Miller 76] deterministic, assuming Extended Riemann Hypothesis. –[Solovay, Strassen 77; Rabin 80] unconditional, but randomized. –[Goldwasser, Kilian 86] randomized produces certificate for primality! (expected poly time for almost all inputs) –[Adelman Huang 92] primality certificate for all numbers. [Adelman, Pomerance, Rumely 83] deterministic (log n) O(log log log n) -time.
3
This Paper Algo for deciding primality which is: unconditional, deterministic, polynomial-time Algo for deciding primality which is: unconditional, deterministic, polynomial-time
4
Special Numbers Def: r is special with respect to n if: 1.r is prime, 2.r-1 has a large prime factor q = (r 2/3 ), and 3.q|O r (n). Tools: –simple algebra –High density Thm for numbers with properties (1) and (2). [Fou85, BH96] Def: r is special with respect to n if: 1.r is prime, 2.r-1 has a large prime factor q = (r 2/3 ), and 3.q|O r (n). Tools: –simple algebra –High density Thm for numbers with properties (1) and (2). [Fou85, BH96] Def: order n mod r, denoted O r (n), is the smallest power t s.t. n t 1 (mod r).
5
Basic Idea Fact: For any a s.t (a,n) =1: –n is prime (x-a) n x n -a (mod n) –n is composite (x-a) n x n -a (mod n) Naive algo: Pick an arbitrary a, check if (x-a) n x n -a (mod n) Problem: time complexity - (n). Fact: For any a s.t (a,n) =1: –n is prime (x-a) n x n -a (mod n) –n is composite (x-a) n x n -a (mod n) Naive algo: Pick an arbitrary a, check if (x-a) n x n -a (mod n) Problem: time complexity - (n). Proof: Develop (x-a) n according to Newton-binomial. Assume n is prime, then Assume n is prime, then Assume n is composite, then let q|n, let q k ||n, then and, hence x q has non zero coefficient (mod n). Assume n is composite, then let q|n, let q k ||n, then and, hence x q has non zero coefficient (mod n).
6
Basic Idea Idea: Pick an arbitrary a, and some polynomial x r -1, with r = poly (log n), check if (x-a) n x n -a (mod x r -1, n) –time complexity – poly(r) –n is prime (x-a) n x n -a (mod x r -1, n) –n is composite ?? ?? (x-a) n x n -a (mod x r -1, n) Idea: Pick an arbitrary a, and some polynomial x r -1, with r = poly (log n), check if (x-a) n x n -a (mod x r -1, n) –time complexity – poly(r) –n is prime (x-a) n x n -a (mod x r -1, n) –n is composite ?? ?? (x-a) n x n -a (mod x r -1, n) Not true for some (few) values of a,r !
7
Improved Idea Improved Idea: Pick many (poly log n) a’s, check for all of them if: (x-a) n x n -a (mod x r -1, n) Accept if equality holds for all a’s
8
Some Algebra Reminders Def: F p (p is prime) denotes the finite field of p elements {0,1,…,p-1}. Def: F p [x] denotes the ring of polynomials over F p. Let f(x) be a k-degree polynomial. Def: F p [x]/f(x) denotes the set of k-1-degree polynomials over F p, with addition and multiplication modulo f(x). Thm: If f(x) is irreducible over F p, then F p [x]/f(x) GF(p k ) (the unique field with p k elements.) Def: F p (p is prime) denotes the finite field of p elements {0,1,…,p-1}. Def: F p [x] denotes the ring of polynomials over F p. Let f(x) be a k-degree polynomial. Def: F p [x]/f(x) denotes the set of k-1-degree polynomials over F p, with addition and multiplication modulo f(x). Thm: If f(x) is irreducible over F p, then F p [x]/f(x) GF(p k ) (the unique field with p k elements.)
9
F p [x]/f(x) - Addition Let the polynomial f(x) over F 2 be: Represent polynomials as vectors (k-1 degree polynomial vector of k coefficient) : Addition: Let the polynomial f(x) over F 2 be: Represent polynomials as vectors (k-1 degree polynomial vector of k coefficient) : Addition:
10
F p [x]/f(x) - Multiplication Multiplication: First, multiply ‘mod p’: Next, apply ’mod f(x)’: Multiplication: First, multiply ‘mod p’: Next, apply ’mod f(x)’:
11
F p [x]/f(x) - mod f(x) Example: In general for f(x) = x r -1: Example: In general for f(x) = x r -1:
12
F p [x]/f(x) - mod f(x) Example: In general for f(x) = x r -1: Example: In general for f(x) = x r -1:
13
Irreducible Factors of (x r -1)/(x-1) Fact: Consider the polynomial (x r -1)/(x- 1) over F p. All its irreducible factors are of degree O r (p)
14
Irreducible Factors of (x r -1)/(x-1) Def: Let h(x) denote any irreducible factor of (x r -1)/(x-1), and d = deg(h(x)) Claim: h(x), d=O r (p) Proof: Denote k=O r (p). Note F p [x]/h(x) is of size p d, therefore F p [x]/h(x)* is cyclic of order p d -1. –k|d: x r 1 (mod h(x)), hence O h(x) (x) is r, therefore r|p d -1, i.e., p d 1 (mod r), and hence k|d (recall d=O r (p)). –d|k: let g be a generator, then hence p d -1 | p k -1. and therefore d|k. Def: Let h(x) denote any irreducible factor of (x r -1)/(x-1), and d = deg(h(x)) Claim: h(x), d=O r (p) Proof: Denote k=O r (p). Note F p [x]/h(x) is of size p d, therefore F p [x]/h(x)* is cyclic of order p d -1. –k|d: x r 1 (mod h(x)), hence O h(x) (x) is r, therefore r|p d -1, i.e., p d 1 (mod r), and hence k|d (recall d=O r (p)). –d|k: let g be a generator, then hence p d -1 | p k -1. and therefore d|k. Recall, if r is special with respect to n, then r-1 has a large prime factor q, s.t. q|O r (n). Choose p s.t. q|O r (p) (exists). Then d is large. exists
15
The Algorithm Input: integer n 1.Find r O(log 6 n), s.t. r is special w.r. to n, 2.Let l = 2r 1/2 log n. 3.Small divisors test: For t=2,…,l, if t|n output COMPOSITE 4.Power test: If n is a power -- n=p k, for k>1 output COMPOSITE. 5.Polynomials test: For a =1,…,l, if (x-a) n x n -a (mod x r -1, n), output COMPOSITE. 6.Otherwise: output PRIME. Input: integer n 1.Find r O(log 6 n), s.t. r is special w.r. to n, 2.Let l = 2r 1/2 log n. 3.Small divisors test: For t=2,…,l, if t|n output COMPOSITE 4.Power test: If n is a power -- n=p k, for k>1 output COMPOSITE. 5.Polynomials test: For a =1,…,l, if (x-a) n x n -a (mod x r -1, n), output COMPOSITE. 6.Otherwise: output PRIME.
16
Saw: algorithm Yet to be seen: Special r O(log 6 n) exists (later) If n is composite then one of the tests returns COMPOSITE. Saw: algorithm Yet to be seen: Special r O(log 6 n) exists (later) If n is composite then one of the tests returns COMPOSITE. 1.Find r O(log 6 n), s.t. r is special, 2.Let l = 2r 1/2 log n. 3.If exists a small ( < l+1) divisor, output COMPOSITE 4.If n is a power, output COMPOSITE. 5.For a = 1,…,l, if (x-a) n x n -a (mod x r -1, n), output COMPOSITE. 6.Otherwise output PRIME.
17
Algo’s Correctness Thm: n is composite algo returns ‘composite’. That is, If n is composite, and –n has no divisor t l, and –n is not a (prime) power then a [1..l] s.t. (x-a) n x n -a (mod x r -1, n) Thm: n is composite algo returns ‘composite’. That is, If n is composite, and –n has no divisor t l, and –n is not a (prime) power then a [1..l] s.t. (x-a) n x n -a (mod x r -1, n) 1.Find r O(log 6 n), s.t. r is special, 2.Let l = 2r 1/2 log n. 3.If exists a small ( < l+1) divisor, output COMPOSITE 4.If n is a power, output COMPOSITE. 5.For a = 1,…,l, if (x-a) n x n -a (mod x r -1, n), output COMPOSITE. 6.Otherwise output PRIME.
18
For Proof Purpose – Use p and h(x) Let p be a prime factor of n, and let h(x) be an irreducible factor of x r -1, Suffices to show inequality (mod h(x), p) instead of:(mod x r -1, n), i.e. a [1..l] s.t. (x-a) n x n -a (mod h(x), p) Choose p and h(x) s.t. –q|O r (p), and –deg(h(x)) = O r (p) Let p be a prime factor of n, and let h(x) be an irreducible factor of x r -1, Suffices to show inequality (mod h(x), p) instead of:(mod x r -1, n), i.e. a [1..l] s.t. (x-a) n x n -a (mod h(x), p) Choose p and h(x) s.t. –q|O r (p), and –deg(h(x)) = O r (p) Such p exists: q|O r (n)and O r (n) | lcm{O r (p i )}, where n=p 1 p 2 …p k. Such p exists: q|O r (n) and O r (n) | lcm{O r (p i )}, where n=p 1 p 2 …p k. Such h(x) exists: by previous fact.
19
Proof Assume by contradiction that n is composite, and passes all the tests, i.e. –n has no small factor, and –n is not a (prime) power, and – a [1..l] (x-a) n x n -a (mod h(x), p), For any f(x), which is a multiple of polynomials (x-a) (where a [1..l]), f(x) n =f(x n ). –Example: f(x)=(x-a 1 )(x-a 2 ) [(x-a 1 )(x-a 2 )] n = (x n -a 1 ) (x n -a 2 ) Assume by contradiction that n is composite, and passes all the tests, i.e. –n has no small factor, and –n is not a (prime) power, and – a [1..l] (x-a) n x n -a (mod h(x), p), For any f(x), which is a multiple of polynomials (x-a) (where a [1..l]), f(x) n =f(x n ). –Example: f(x)=(x-a 1 )(x-a 2 ) [(x-a 1 )(x-a 2 )] n = (x n -a 1 ) (x n -a 2 )
20
Variation on Polynomials test Therefore, consider the group generated by {(x-a)} a [1..l] : Prop: n passes the polynomials test f(x) G, f(x) n f(x n ) Proof: Recall, the polynomials test was: a=1,…,l, check if (x-a) n x n -a (mod x r -1, n), and by def of G. Therefore, consider the group generated by {(x-a)} a [1..l] : Prop: n passes the polynomials test f(x) G, f(x) n f(x n ) Proof: Recall, the polynomials test was: a=1,…,l, check if (x-a) n x n -a (mod x r -1, n), and by def of G. 1.Find small special r 2.Small divisors test – composite 3.Power test – composite 4.Polynomials test – composite 5.Otherwise - PRIME. if f(x) G, f(x) n f(x n )
21
Defining I Are there other integers m s.t. f(x) G, f(x) m f(x m ) ? Yes! For example: p, 1. Any others? Let I = { m | f G, f(x) m f(x m ) }. What’s Ahead: –We first prove that I [|G|] is small. –However, we show that if n is composite which passes all the tests then I [|G|] must be large. –Thus obtaining a contradiction. Are there other integers m s.t. f(x) G, f(x) m f(x m ) ? Yes! For example: p, 1. Any others? Let I = { m | f G, f(x) m f(x m ) }. What’s Ahead: –We first prove that I [|G|] is small. –However, we show that if n is composite which passes all the tests then I [|G|] must be large. –Thus obtaining a contradiction.
22
I [|G|] is small Lemma: Let m1, m2 I, then m1 m2 (mod |G|) m1 m2 (mod r) Proof: Let g(x) be a generator of G. Let m2=m1+kr. (*) m1 m2 (mod r), then x m1 x m2 (mod h(x)) (as x r 1 (mod h(x))) Therefore: Lemma: Let m1, m2 I, then m1 m2 (mod |G|) m1 m2 (mod r) Proof: Let g(x) be a generator of G. Let m2=m1+kr. (*) m1 m2 (mod r), then x m1 x m2 (mod h(x)) (as x r 1 (mod h(x))) Therefore:
23
I [|G|] is small Lemma: Let m1, m2 I, then m1 m2 (mod |G|) m1 m2 (mod r) Proof: Let g(x) be a generator of G. Let m2=m1+kr. (*) m1 m2 (mod r), then x m1 x m2 (mod h(x)) (as x r 1 (mod h(x))) Therefore: Lemma: Let m1, m2 I, then m1 m2 (mod |G|) m1 m2 (mod r) Proof: Let g(x) be a generator of G. Let m2=m1+kr. (*) m1 m2 (mod r), then x m1 x m2 (mod h(x)) (as x r 1 (mod h(x))) Therefore:
24
I [|G|] is large First note that |G| is large. Lemma: Proof: Let d=deg(h(x)). Consider all polynomials in G of degree<d. They are all distinct in F p [x]/h(x). Therefore First note that |G| is large. Lemma: Proof: Let d=deg(h(x)). Consider all polynomials in G of degree<d. They are all distinct in F p [x]/h(x). Therefore dis big: q|O r (p)=d d is big: q|O r (p)=d.
25
I [|G|] is large – cont. Recall: –p, 1 I and –n passes the polynomials test n I Lemma: I is multiplicative, i.e. u,v I uv I. Hence, in particular {n i p j : 0 ≤ i,j ≤ r 1/2 } I. Therefore, Hence (since) A contradiction! Recall: –p, 1 I and –n passes the polynomials test n I Lemma: I is multiplicative, i.e. u,v I uv I. Hence, in particular {n i p j : 0 ≤ i,j ≤ r 1/2 } I. Therefore, Hence (since) A contradiction!
26
Proof Summary We saw that I [|G|] is small (unconditionally, using properties of x r -1), However, if n is composite, has no small divisors, and it is not a prime power, then passing the polynomials test (i.e. n I) implies that I [|G|] is large. (using properties of the special r and of x r - 1) Therefore, the polynomials test must return ‘composite’. We saw that I [|G|] is small (unconditionally, using properties of x r -1), However, if n is composite, has no small divisors, and it is not a prime power, then passing the polynomials test (i.e. n I) implies that I [|G|] is large. (using properties of the special r and of x r - 1) Therefore, the polynomials test must return ‘composite’.
27
Back to Special Numbers Recall: r is special with respect to n if: 1.r is prime, 2.r-1 has a large prime factor q = (r 2/3 ) 3.q|O r (n). Recall: r is special with respect to n if: 1.r is prime, 2.r-1 has a large prime factor q = (r 2/3 ) 3.q|O r (n).
28
1.Find r O(log 6 n), s.t. r is special, 2.Let l = 2r 1/2 log n. 3.If exists a small ( < l+1) divisor, output COMPOSITE 4.If n is a power, output COMPOSITE. 5.For a = 1,…,l, if (x-a) n x n -a (mod x r -1, n), output COMPOSITE. 6.Otherwise output PRIME. Finding Special r Elaborating on step (1): 1.while r < c log 6 n 1.if r is prime 2.let q be the largest prime factor of r-1 3.if (q 4r 1/2 log n) and (n (r-1)/q 1 (mod r)) break; 4.r r+1 Complexity: O(log 6 n) iterations, each taking: O(r 1/2 poly log r), hence total poly log n. Elaborating on step (1): 1.while r < c log 6 n 1.if r is prime 2.let q be the largest prime factor of r-1 3.if (q 4r 1/2 log n) and (n (r-1)/q 1 (mod r)) break; 4.r r+1 Complexity: O(log 6 n) iterations, each taking: O(r 1/2 poly log r), hence total poly log n. when ‘break’ is reached: r is prime, q is large, and q|O r (n)when ‘break’ is reached: r is prime, q is large, and q|O r (n)
29
Special r O(log 6 n) exists Consider interval [ .. ], , =O(log 6 n). Numbers with properties (1) and (2) are dense in [ .. ] –immediate from density bounds for numbers with these properties and for primes. For many primes r [ .. ], property (3) holds. –For many r’s O r (n) > 1/3 : O r (n) < 1/3 r | =(n-1)(n 2 -1)...(n^ 1/3 -1). However, has no more than 2/3 log n prime divisors. –Moreover, O r (n) > 1/3 q | O r (n): if q doesn’t divide O r (n), then n (r-1)/q 1, therefore O r (n) (r-1)/q. However (r-1)/q < 1/3 -- a contradiction. (here we utilize again the fact that q is large). Hence, by counting argument, exists a special r [ .. ]. Consider interval [ .. ], , =O(log 6 n). Numbers with properties (1) and (2) are dense in [ .. ] –immediate from density bounds for numbers with these properties and for primes. For many primes r [ .. ], property (3) holds. –For many r’s O r (n) > 1/3 : O r (n) < 1/3 r | =(n-1)(n 2 -1)...(n^ 1/3 -1). However, has no more than 2/3 log n prime divisors. –Moreover, O r (n) > 1/3 q | O r (n): if q doesn’t divide O r (n), then n (r-1)/q 1, therefore O r (n) (r-1)/q. However (r-1)/q < 1/3 -- a contradiction. (here we utilize again the fact that q is large). Hence, by counting argument, exists a special r [ .. ]. Recall: r is special with respect to n if: 1. r is prime, 2. q = (r 2/3 ) prime factorr-1, 2. q = (r 2/3 ) prime factor of r-1, 3. q|O r (n).
30
The End
31
Proof - G is large, Cont. Hence, Prop: d 2l Proof: Recall d=O r (p) and q|O r (p), hence d q 2l (recall q 4r 1/2 log n, l=2r 1/2 log n) Hence Hence, Prop: d 2l Proof: Recall d=O r (p) and q|O r (p), hence d q 2l (recall q 4r 1/2 log n, l=2r 1/2 log n) Hence This is the reason for seeking a large q s.t. q|O r (n)
32
Proof Lemma: I is multiplicative, i.e. u,v I uv I. Proof: x r -1|x vr -1, therefore hence Lemma: I is multiplicative, i.e. u,v I uv I. Proof: x r -1|x vr -1, therefore hence
33
Title
34
Slide Title
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.