Presentation is loading. Please wait.

Presentation is loading. Please wait.

Prabhas Chongstitvatana 1 Primality Testing Is a given odd integer prime or composite ? No known algorithm can solve this problem with certainty in a reasonable.

Published byAnnis Powers Modified over 9 years ago

Similar presentations

Presentation on theme: "Prabhas Chongstitvatana 1 Primality Testing Is a given odd integer prime or composite ? No known algorithm can solve this problem with certainty in a reasonable."— Presentation transcript:

1 Prabhas Chongstitvatana 1 Primality Testing Is a given odd integer prime or composite ? No known algorithm can solve this problem with certainty in a reasonable time when the number has more than a few hundred decimal digits.

2 Prabhas Chongstitvatana 2 1640 Fermat’s Little theorem Let n be prime then a n-1 mod n = 1; Is n prime? Contrapositive : if n and a are integers if a n-1 mod n != 1 then n is NOT prime. Fermat hypothesises that is prime for all n. F 0 =3, F 1 =5, F 2 =17,... F 4 =65537, F 5 =4,294,967,297

3 Prabhas Chongstitvatana 3 About one century later Euler factored F 5 = 641 x 6,700,417 can be proof easily by By expo squaring 32 times F 5 -1 = 2 32

4 Prabhas Chongstitvatana 4 Fermat(n) a = uniform(1..n-1) if expomod(a, n-1, n) = 1 then return true else return false If FALSE n is definitely composite but no clue to how to factor it. Factorization is much harder than primality testing.

5 Prabhas Chongstitvatana 5 P-correct The algorithm return a correct answer with probability at least p on every instance. Error probability when k successive calls each return the wrong answer is at most (1- p) k

6 Prabhas Chongstitvatana 6 What if Fermat() return TRUE ? Need the converse of Fermat theorem a n-1 mod n != 1 when n is composite a: 1.. n-1 This is not the case 1 n-1 mod n = 1 for all n >= 2 and (n-1) n-1 mod n = 1 for all odd n >= 3

7 Prabhas Chongstitvatana 7 False witness 4 14 mod 15 = 1 ; 15 is composite This is called “false witness”. Fermat() a:2..n-2, fails on false witness False witness is few. Fermat test on odd composite number smaller than 1000 is less than 3.3% (even smaller for larger number)

8 Prabhas Chongstitvatana 8 BUT There are composite numbers that admit a significant proportion of false witness. 561 admits 318 false witness! For any del > 0 there are infinitely many composites for which Fermat test discovers with probability less than del. In other words, Fermat test is not p-correct for any p > 0. Cannot reduce error probability by repeating call to Fermat().

9 Prabhas Chongstitvatana 9 Modified Fermat test n is odd integer > 4 s, t integer which n-1 = 2 s t t is odd note : s > 0 since n-1 is even. Let B(n) a set of integers define by iff a: 2.. n-2 a t mod n = 1 or i:0..s such that mod n = n-1

10 Prabhas Chongstitvatana 10 Given n is odd a:2..n-2 call on Btest(a,n) return TRUE for a in B(n).

11 Prabhas Chongstitvatana 11 Btest(a,n) s = 0; t = n-1 repeat s = s+1; t = t div 2 until t mod 2 = 1 x = expomod(a, t, n) if x =1 or x = n-1 then return TRUE for i = 1 to s-1 do x = x 2 mod n if x = n-1 then return TRUE return FALSE

12 Prabhas Chongstitvatana 12 Example 158 in B(289) set s = 5, t = 9, n-1 = 288 = 2 5 x 9 a t mod n = 158 9 mod 289 = 131 successive square x mod n up to s-1 times a 2t mod n = 131 2 mod 289 = 110 a 4t mod n = 110 2 mod 289 = 251 a 8t mod n = 251 2 mod 289 = 288

13 Prabhas Chongstitvatana 13 Extension to Fermat test : a in B(n) a: 2.. n-2 when n is prime Strong false witness : n is a strong pseudo prime to the base a. a is strong false witness of primality test for n, n > 4, when n is odd composite and a in B(n) 158 is a strong false witness of 289. 289=17 2 Strong false witness is much rarer than false witness.

14 Prabhas Chongstitvatana 14 Every odd composite integer 5.. 10 13 fails to be a strong pseudo prime to at least on of the bases 2, 3, 5, 7, 61. Five calls on Btest() are sufficient to decide deterministically on the primality of any integer up to 10 13 MillerRabin(n) // n > 4 is odd a = uniform(2.. n-2) return Btest(a,n)

15 Prabhas Chongstitvatana 15 Btest() always return true when n is prime, n > 4, a: 2.. n-2, and return false with prob. > 3/4 when n is a composite odd. MillerRabin() is Monte Carlo algorithm 3/4- correct for primality testing. MillerRabin() has at most prob 1/4 of hitting a strong false witness. Call k times the prob of hitting strong false witness consecutively for k times is 4 -k. k = 10, the error will be less than one in a million.

16 Prabhas Chongstitvatana 16 Analysis of running time of MillerRabin() Btest(a,n) s = 0; t = n-1 repeat s = s+1; t = t div 2 until t mod 2 = 1 x = expomod(a, t, n) if x =1 or x = n-1 then return TRUE for i = 1 to s-1 do x = x 2 mod n if x = n-1 then return TRUE return FALSE 4 -k < e 2 2k >= 1/e k = ceil(1/2 lg 1/e) O(log t) Squaring O(log n) times each takes O(log 3 n ) Tn in O(log 3 n lg 1/e)

Download ppt "Prabhas Chongstitvatana 1 Primality Testing Is a given odd integer prime or composite ? No known algorithm can solve this problem with certainty in a reasonable."

Similar presentations

Presented by Alex Atkins.  An integer p >= 2 is a prime if its only positive integer divisors are 1 and p.  Euclid proved that there are infinitely.

Presented by Alex Atkins.  An integer p >= 2 is a prime if its only positive integer divisors are 1 and p.  Euclid proved that there are infinitely.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Primality Testing) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Primality Testing) Prof. Dr. Th. Ottmann.
Cryptography and Network Security

Cryptography and Network Security
Chapter 8 – Introduction to Number Theory. Prime Numbers prime numbers only have divisors of 1 and self –they cannot be written as a product of other.

Chapter 8 – Introduction to Number Theory. Prime Numbers prime numbers only have divisors of 1 and self –they cannot be written as a product of other.
Computability and Complexity

Computability and Complexity
Chapter 8 Introduction to Number Theory. Prime Numbers prime numbers only have divisors of 1 and self –they cannot be written as a product of other numbers.

Chapter 8 Introduction to Number Theory. Prime Numbers prime numbers only have divisors of 1 and self –they cannot be written as a product of other numbers.
Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)

Primality Testing Patrick Lee 12 July 2003 (updated on 13 July 2003)
Announcements: 1. Congrats on reaching the halfway point once again! 2. DES graded soon 3. Short “pop” quiz on Ch 3. (Thursday at earliest) 4. Reminder:

Announcements: 1. Congrats on reaching the halfway point once again! 2. DES graded soon 3. Short “pop” quiz on Ch 3. (Thursday at earliest) 4. Reminder:
Chapter 8 More Number Theory. Prime Numbers Prime numbers only have divisors of 1 and itself They cannot be written as a product of other numbers Prime.

Chapter 8 More Number Theory. Prime Numbers Prime numbers only have divisors of 1 and itself They cannot be written as a product of other numbers Prime.
Introduction to Modern Cryptography Lecture 6 1. Testing Primitive elements in Z p 2. Primality Testing. 3. Integer Multiplication & Factoring as a One.

Introduction to Modern Cryptography Lecture 6 1. Testing Primitive elements in Z p 2. Primality Testing. 3. Integer Multiplication & Factoring as a One.
COM 5336 Cryptography Lecture 7a Primality Testing

COM 5336 Cryptography Lecture 7a Primality Testing
מבוא מורחב 1 Lecture 4 Material in the textbook on Pages 44-46, 50-53 of 2nd Edition Sections 1.2.4 and 1.2.6 + Hanoy towers.

מבוא מורחב 1 Lecture 4 Material in the textbook on Pages 44-46, of 2nd Edition Sections and Hanoy towers.
Randomized Algorithms Fundamentals of Algorithmics.

Randomized Algorithms Fundamentals of Algorithmics.
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
Announcements: 1. Pass in Homework 5 now. 2. Term project groups and topics due by Friday 1.Can use discussion forum to find teammates 3. HW6 posted, due.

Announcements: 1. Pass in Homework 5 now. 2. Term project groups and topics due by Friday 1.Can use discussion forum to find teammates 3. HW6 posted, due.
1 Fingerprint 2 Verifying set equality Verifying set equality v String Matching – Rabin-Karp Algorithm.

1 Fingerprint 2 Verifying set equality Verifying set equality v String Matching – Rabin-Karp Algorithm.
Elementary Number Theory and Methods of Proof. Basic Definitions An integer n is an even number if there exists an integer k such that n = 2k. An integer.

Elementary Number Theory and Methods of Proof. Basic Definitions An integer n is an even number if there exists an integer k such that n = 2k. An integer.
Prof. Bart Selman Module Probability --- Part e)

Prof. Bart Selman Module Probability --- Part e)
Announcements: HW3 updated. Due next Thursday HW3 updated. Due next Thursday Written quiz tomorrow on chapters 1-2 (next slide) Written quiz tomorrow on.

Announcements: HW3 updated. Due next Thursday HW3 updated. Due next Thursday Written quiz tomorrow on chapters 1-2 (next slide) Written quiz tomorrow on.
Chapter 8 – Introduction to Number Theory Prime Numbers  prime numbers only have divisors of 1 and self they cannot be written as a product of other numbers.

Chapter 8 – Introduction to Number Theory Prime Numbers  prime numbers only have divisors of 1 and self they cannot be written as a product of other numbers.

Similar presentations

Ads by Google