1 / 7

Primality Testing

Primality Testing. How easy is it to find large primes? primes are reasonably dense, so finding a large prime should not be too time consuming the prime distribution function (n) gives the number of primes <= n.

wendellk
Download Presentation

Primality Testing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Primality Testing • How easy is it to find large primes? • primes are reasonably dense, so finding a large prime should not be too time consuming • the prime distribution function (n) gives the number of primes <= n • For n = 109, (n) = 50,847,478 and n/ln n = 48,254,942 which is less than 6% error • the probability a random integer n is prime is 1/ln n • for a hundred digit number, approximately 115 odd numbers would need to be chosen to find a prime

  2. Pseudoprimality testing • The old fashioned test • divide by primes up to the n; actually will find factorization which is a hard problem • for b binary bits n= (2b/2) so not practical for large n • Pseudoprimality testing • Fermat’s theorem says if n is prime, then it satisfies this equation for all a in Zn+; the converse is almost true, so if we let a = 2 and the equation is not true, then n is composite, otherwise we guess it is a prime

  3. Pseudoprime Algorithm • How often does this algorithm make a mistake? • For a 50 digit number, less than 1 in 1,000,000 error • For a 100 digit number, less than one in 1013 • Would using other values for a help? • Unfortunately, there are some numbers (Carmichael numbers) that satisfy our equation for all values of a • the first three Carmichael numbers are 561, 1105, 1729 • there are 255 Carmichael numbers < 1,000,000,000

  4. Miller-Rabin Primality Testing • Improvements • it tries several randomly chosen bases, not just one • it notices if a nontrivial square root of 1, mod n, is discovered; if so the number is composite

  5. Analysis of Witness • We use a modified modular-exponentiation algorithm • Recall the basic test is an-1 1, mod n, so line 1 is the binary representation of n-1 • Lines 3-9 compute d = an-1 mod n • Lines 6-7 check for a nontrivial square root and, if found, return true that the number is composite • Lines 10-12 return true if d  1 (same as composite in pseudoprime), otherwise it returns false • If Witness outputs true, the n was definitely a composite number

  6. Miller-Rabin Algorithm • s is the number of witnesses to be chosen randomly • If any witness is found, n must be composite • this even can detect Carmichael numbers • if n = 561 and a is chosen to be 7, a nontrivial square root of 1 is discovered and n is reported to be composite • For a b-bit number, Miller-Rabin requires O(s b) arithmetic operations and O(sb3) bit operations

  7. Error rate for Miller-Rabin • Choice of s • if s is 50, then the probability of an error is “infinitesimally small” • smaller values of s are good enough for most applications

More Related