240 likes | 376 Views
Deciding Primality is in P. M. Agrawal, N. Kayal, N. Saxena Presentation by Adi Akavia. Background. Sieve of Eratosthenes 240BC - (n) Fermat’s Little Theorem (17 th century): p is prime, a0 (mod p) a p-1 1 (mod p) (The converse does not hold – Carmichael numbers)
E N D
Deciding Primality is in P M. Agrawal, N. Kayal, N. SaxenaPresentation by Adi Akavia
Background • Sieve of Eratosthenes 240BC -(n) • Fermat’s Little Theorem (17th century): p is prime, a0 (mod p) ap-11 (mod p) (The converse does not hold – Carmichael numbers) • Polynomial-time algorithms: • [Miller 76] deterministic, assuming Extended Riemann Hypothesis. • [Solovay, Strassen 77; Rabin 80] unconditional, but randomized. • [Goldwasser, Kilian 86] randomized produces certificate for primality! (for almost all numbers) • [Atkin 86; Adelman Huang 92] primality certificate for all numbers. • [Adelman, Pomerance, Rumely 83] deterministic (log n)O(log log log n)-time.
This Paper unconditional, deterministic, polynomial • Def (Sophie-Germain primes): primes (p-1)/2 s.t. p is also prime. • Def: r is “almost Sophie-Germain“ (ASG) if: • r is prime, • r-1 has a large prime factor q = (r2/3) • Tools: • simple algebra • High density conjecture for primes p s.t. (p-1)/2 is Sophie-Germain • High density Thm for primes p that are ‘almost Sophie-Germain’. [Fou85, BH96]
Proof: Develop (x-a)n using Newton-binomial. • Assume n is prime, then • Assume n is composite, then let q|n, let qk||n, then and , hence xq has non zero coefficient (mod n). Basic Idea • Fact: For anya s.t (a,n)=1: • n is prime (x-a)nxn-a (mod n) • n is composite (x-a)nxn-a (mod n) • Naive algo: Pick an arbitrarya, check if (x-a)nxn-a (mod n) • Problem: time complexity - (n).
Basic Idea • Idea: Pick an arbitrarya, and some polynomial xr-1, with r = poly log n, check if (x-a)nxn-a (mod xr-1, n) • time complexity – poly(r) • n is prime (x-a)nxn-a (mod xr-1, n) • n is composite ???? (x-a)nxn-a (mod xr-1, n) Not true for some (few) values of a,r !
Improved Idea • Improved Idea: Pick many(poly log n)a’s, check for all of them if: (x-a)nxn-a (mod xr-1, n)Accept if equality holds for all a’s
Algebraic Background – Extension Field Def: Consider fields F, E. E is an extension of F, if F is a subfield of E. Def: Galois fieldGF(pk) (p prime)is the unique (up to isomorphism) finite field containing pk elements. (The cardinality of any finite fields is a prime-power.) Def: A polynomial f(x) is called irreducible in GF(p) if it does not factor over GF(p)
Multiplicative Group Def: GF*(pk) is the multiplicative group of the Galois Field GF(pk), that is, GF*(pk) = GF(pk)\{0}. Thm: GF*(pk) is cyclic, thus it has a generator g:
Constructing Galois Fields Def: Fp denotes a finite field of p elements (p is prime). Def: Let f(x) be a k-degree polynomial. Def: Let Fp[x]/f(x) be the set of k-1-degree polynomials over Fp, with addition and multiplication modulo f(x). Thm: If f(x) is irreducible over GF(p), then GF(pk)Fp[x]/f(x).
Fp[x]/f(x) - Example Let the irreducible polynomial f(x) be: Represent polynomials as vectors (k-1 degree polynomial vector of k coefficient): Addition:
Fp[x]/f(x) - Example Multiplication: • First, multiply ‘modp’: • Next, apply ’modf(x)’:
Def: r is specialif: • r is Almost Sophie-Germain, and • q|Or(n)(where q is the large prime factor of r-1). The Algorithm Input: integer n • Find r O(log6n), s.t. r is special, • Let l = 2r1/2log n. • For t=2,…,l, if t|n output COMPOSITE • If n is (prime) power --n=pk, for k>1 output COMPOSITE . • For a =1,…,l, if (x-a)n xn-a (mod xr-1, n), output COMPOSITE . • Otherwise: output PRIME.
Find r O(log6n), s.t. r is special, • Let l = 2r1/2log n. • For t=2,…,l, if t|n output COMPOSITE • If n is a prime power, i.e. n=pk, for some prime p, output COMPOSITE . • For a =1,…,l, if (x-a)n xn-a (mod xr-1, n), output COMPOSITE . • Otherwise output PRIME. Proof’s Structure Saw: primality test. We next show: • Special r O(log6n) exists. • For such r: if n is composite s.t. n passes steps (3) and (4), then a[1..l] s.t. (x-a)n xn-a (mod xr-1, n)(hence, returns COMPOSITE at step (5))
Find r O(log6n), s.t. r is special, • Let l = 2r1/2log n. • For t=2,…,l, if t|n output COMPOSITE • If n is a prime power, i.e. n=pk, for some prime p, output COMPOSITE . • For a =1,…,l, if (x-a)n xn-a (mod xr-1, n), output COMPOSITE . • Otherwise output PRIME. Finding Suitable r Elaborating on step (1): • while r < c log6n • if r is prime • let q be the largest prime factor of r-1 • if (q4r1/2log n) and (n(r-1)/q 1 (mod r)) break; • rr+1 Complexity: O(log6n) iterations, each taking: O(r1/2 poly log r), hence total poly log n. • when ‘break’ is reached: r is prime, q is large, and q|Or(n)
Lemma: Special r O(log6n) exists. Proof: • let ,=O(log6n), consider the interval [..]. • ASG numbers are dense in [..] • there are only few primes r[..] s.t Or(n) < 1/3. • Hence, by counting argument, exists a ASG r[..] s.t. Or(n) > 1/3. • Moreover, Or(n) > 1/3 q | Or(n). • Therefore, exists a special r[..]. #ASG[..] #ASG[1..] - #primes[1..] = (log6n / loglog n) (using density of ASG numbers, and upper bound on density of primes) Or(n) < 1/3 r | =(n-1)(n2-1)...(n^1/3-1).However, has no more than 2/3log n prime divisors assumeq doesn’t divide Or(n), then n(r-1)/q 1, therefore Or(n)(r-1)/q. However(r-1)/q<1/3-- a contradiction.
Find r O(log6n), s.t. r is special, • Let l = 2r1/2log n. • For t=2,…,l, if t|n output COMPOSITE • If n is a prime power, i.e. n=pk, for some prime p, output COMPOSITE . • For a =1,…,l, if (x-a)n xn-a (mod xr-1, n), output COMPOSITE . • Otherwise output PRIME. Correctness Proof Lemma: n is composite step (5) returns ‘composite’. That is, • If n is composite, and • n has no factor t l, and • n is not a prime-power • then a[1..l] s.t. (x-a)n xn-a (mod xr-1, n)
Proof • Let p be a prime factor of n, and let h(x) be an irreducible factor of xr-1, • It suffices to show inequality (mod h(x),p) instead of (mod xr-1,n), i.e.a[1..l] s.t. (x-a)n xn-a (mod h(x), p) • Choose p and h(x) s.t. • q|Or(p), and • deg(h(x)) = Or(p) Such p exists: Let n=p1p2…pk, thenOr(n) = lcm{Or(pi)}.Therefore: q|Or(n)i q|Or(pi) (as q is prime) Such h exists: by previous claim.
Proof • Assume by contradiction that n is composite, and passes all the tests, i.e. • n has no small factor, and • n is not a prime-power, and • a[1..l](x-a)n xn-a (mod h(x), p),
Proof • Consider the group generated by {(x-a)}a[1..l](mod h(x), p), i.e. • Note: f(x)G, f(x)n f(xn) • Let I = { m | fG, f(x)m f(xm) }. • Lemma: Iis multiplicative, i.e. u,vI uvI. • Proof: xr-1|xvr-1, therefore hence
Consider all polynomials of degree bound <d. There are all distinct in Fp[x]/h(x). Therefore Proof - nI I is large • Prop: (i,j)(i’,j’) nipj ni’pj (since n pk) • Lemma: , if u,vI s.t. (i,j)(i’,j’) uivjui’vj’, then |I| [uv] > 2. • Corollary: , nI |I| [uv] > 2. Proof: pI. • However, Lemma: • Corollary: nI |I| [|G|] > r. (+1)2different pairs (i,j), each give a distinct value
Irreducible Factors of (xr-1)/(x-1) • Def: Let h(x) denote any irreducible factor of (xr-1)/(x-1), and d = deg(h(x)) • Claim: h(x), d=Or(p) • Proof: Denote k=Or(p). Note Fp[x]/h(x) is of size pd, therefore Fp[x]/h(x)* is cyclic of order pd-1. • k|d: xr1 (mod h(x)), hence Oh(x)(x) is r, therefore r|pd-1, i.e., pd1 (mod r), and hence k|d (recall d=Or(p)). • d|k: let g be a generator, then hencepd-1 |pk-1. and therefore d|k. Recall, if r is specialwith respect to n, then r-1 has a large prime factor q, s.t. q|Or(n). Choose p s.t. q|Or(p) (exists). Then d is large.
Proof: Let g(x) be a generator of G. Let m2=m1+kr. (*) m1m2 (mod r), then xm1xm2 (mod h(x)) (as xr 1 (mod h(x))) Proof – I is small • Lemma: Letm1, m2 I, thenm1 m2 (mod |G|) m1 m2 (mod r) • Lemma(I is small): |I| [|G|] r • Proof: • Each two elements in |I| [|G|] are different mod |G|. • Therefore they are different mod r. • Hence |I| [|G|] r. • Contradiction!
Proof - G is large, Cont. This is the reason for seeking a large q s.t. q|Or(n) Hence, Prop: d 2l Proof: Recall d=Or(p) and q|Or(p), hence d q 2l(recall q4r1/2log n, l=2r1/2log n) Hence