1 Deciding Primality is in P M. Agrawal, N. Kayal, N. Saxena Presentation by Adi Akavia

11

Deciding Primality is in PDeciding Primality is in P

M. Agrawal, N. Kayal, N. SaxenaM. Agrawal, N. Kayal, N. Saxena

Presentation by Adi AkaviaPresentation by Adi Akavia

22

BackgroundBackground Sieve of Eratosthenes 240BC -Sieve of Eratosthenes 240BC -(n)(n) Fermat’s Little TheoremFermat’s Little Theorem (17 (17thth century): century):

p is prime, ap is prime, a0 0 (mod p)(mod p) a ap-1p-11 1 (mod p)(mod p)(The converse does not hold – Carmichael numbers)(The converse does not hold – Carmichael numbers) Polynomial-time algorithms:Polynomial-time algorithms:

[Miller 76] deterministic, assuming [Miller 76] deterministic, assuming Extended Extended Riemann HypothesisRiemann Hypothesis..

[Solovay, Strassen 77; Rabin 80] unconditional, [Solovay, Strassen 77; Rabin 80] unconditional, but but randomizedrandomized. .

[Goldwasser, Kilian 86] randomized [Goldwasser, Kilian 86] randomized produces produces certificate for primalitycertificate for primality! (for almost all numbers)! (for almost all numbers)

[Atkin 86; Adelman Huang 92] primality [Atkin 86; Adelman Huang 92] primality certificate for certificate for allall numbers. numbers.

[Adelman, Pomerance, Rumely 83] [Adelman, Pomerance, Rumely 83] deterministic (log n)deterministic (log n)O(log log log n)O(log log log n)-time.-time.

44

This PaperThis Paper

unconditional, deterministic, polynomialunconditional, deterministic, polynomial

DefDef ( (Sophie-Germain primesSophie-Germain primes): ): primes primes (p-1)/2(p-1)/2 s.t. s.t. pp is also prime. is also prime.

DefDef: : rr is “ is “almost Sophie-Germainalmost Sophie-Germain“ “ (ASG) (ASG) if: if: rr is is primeprime,, r-1r-1 has a large prime factor has a large prime factor q = q = (r(r2/32/3) )

ToolsTools: : simple algebrasimple algebra High density High density conjectureconjecture for for

primes primes p p s.t. s.t. (p-1)/2(p-1)/2 is Sophie-Germain is Sophie-Germain High density Thm for primes High density Thm for primes pp that are that are

‘almost Sophie-Germain’. [Fou85, BH96]‘almost Sophie-Germain’. [Fou85, BH96]

55

Basic IdeaBasic Idea FactFact: For : For anyany aa s.t s.t (a,n)(a,n)=1=1::

nn is prime is prime (x-a) (x-a)nnxxnn-a -a (mod n)(mod n)

nn is composite is composite (x-a) (x-a)nnxxnn-a -a (mod n)(mod n)

Naive algoNaive algo: Pick an : Pick an arbitraryarbitrary aa, , check if check if (x-a)(x-a)nnxxnn-a (mod n)-a (mod n)

ProblemProblem: time complexity - : time complexity - (n)(n)..

ProofProof: Develop : Develop (x-a)(x-a)nn using Newton-binomial. using Newton-binomial. Assume Assume nn is prime, then is prime, then Assume Assume nn is composite, then let is composite, then let q|nq|n, let , let qqkk||n||n, then, then

andand , hence , hence xxqq has non zero coefficient has non zero coefficient (mod (mod nn).).

n

0 i n, 0 mod.ni

n

0 i n, 0 mod.ni

kn

q |q

kn

q |q 1, qnaq 1, qnaq

66

Basic IdeaBasic Idea IdeaIdea: Pick an : Pick an arbitraryarbitrary aa, and some , and some

polynomial polynomial xxrr-1-1, with , with r = poly log nr = poly log n, , check if check if (x-a)(x-a)nnxxnn-a (mod -a (mod xxrr-1-1, n), n) time complexity – time complexity – poly(r)poly(r) nn is prime is prime (x-a) (x-a)nnxxnn-a -a (mod x(mod xrr-1, n)-1, n)

nn is composite is composite ???????? (x-a) (x-a)nnxxnn-a -a (mod x(mod xrr-1, -1, n)n)

Not true for some (few) values of Not true for some (few) values of a,ra,r !!

77

Improved IdeaImproved Idea Improved IdeaImproved Idea: Pick : Pick manymany ((poly log npoly log n))

aa’s, ’s, check for check for all of themall of them if: if:

(x-a)(x-a)nnxxnn-a -a (mod x(mod xrr-1, n)-1, n)

Accept if equality holds for all Accept if equality holds for all aa’s’s

88

Algebraic Background – Algebraic Background – Extension FieldExtension Field

DefDef: Consider fields : Consider fields FF, , EE. . EE is an is an extension extension of of FF, if , if FF is a is a subfieldsubfield of of EE. .

DefDef: : Galois fieldGalois field GF(pGF(pkk) ) ((pp prime) prime) is the is the uniqueunique (up to isomorphism) finite (up to isomorphism) finite field containing field containing ppkk elements. elements. (The cardinality of any finite fields is a prime-(The cardinality of any finite fields is a prime-power.)power.)

DefDef: A polynomial : A polynomial f(x)f(x) is called is called irreducibleirreducible in in GF(p)GF(p) if it does not if it does not factor over factor over GF(p)GF(p)

99

Multiplicative GroupMultiplicative Group

DefDef: : GFGF**(p(pkk)) is the multiplicative is the multiplicative group of the Galois Field group of the Galois Field GF(pGF(pkk)), , that is, that is, GFGF**(p(pkk) = GF(p) = GF(pkk)\{0})\{0}..

ThmThm:: GF GF**(p(pkk)) is cyclic, is cyclic, thus it has a generator thus it has a generator gg::

i k * kg x | 0 i p GF p i k * kg x | 0 i p GF p

1010

Constructing Galois FieldsConstructing Galois Fields

DefDef:: F Fpp denotes a finite field of denotes a finite field of pp elements (elements (pp is prime). is prime).

DefDef: Let : Let f(x)f(x) be a be a kk-degree polynomial.-degree polynomial.

DefDef: Let : Let FFpp[x]/f(x) [x]/f(x) be the set of be the set of k-1k-1-degree polynomials over -degree polynomials over FFpp, with , with addition and multiplication modulo addition and multiplication modulo f(x)f(x)..

ThmThm: If : If f(x)f(x) is irreducible over is irreducible over GF(p)GF(p), , then then GF(pGF(pkk))FFpp[x]/f(x)[x]/f(x)..

1111

FFpp[x]/f(x)[x]/f(x) - Example - Example

Let the irreducible polynomial Let the irreducible polynomial f(x)f(x) be: be:

Represent polynomials as vectors Represent polynomials as vectors ((k-1k-1 degree polynomial degree polynomial vector of vector of kk coefficient) coefficient)::

AdditionAddition::

1)( 234 xxxxxf 1)( 234 xxxxxf

)1(

)1(23

34

xxx

xxx

)1(

)1(23

34

xxx

xxx

)1,1,1,1,1(1)( 234 xxxxxf )1,1,1,1,1(1)( 234 xxxxxf

)0,0,1,0,1(

________

)1,1,1,1,0(

)1,1,0,1,1(

)0,0,1,0,1(

________

)1,1,1,1,0(

)1,1,0,1,1(

1212

FFpp[x]/f(x)[x]/f(x) - Example - Example

MultiplicationMultiplication:: First, multiply ‘First, multiply ‘modmod pp’:’:

Next, apply Next, apply ’mod’mod f(x)f(x)’:’:

)1(

)1(3

34

xx

xxx

)1(

)1(3

34

xx

xxx

11110101

_________

___11011

__00000

_11011

11011

_________

)1,1,0,1,0(

)1,1,0,1,1(

11110101

_________

___11011

__00000

_11011

11011

_________

)1,1,0,1,0(

)1,1,0,1,1(

3 2x x 1 3 2x x 1

124567 xxxxx 124567 xxxxx

1

mod

1

234

24567

xxxx

xxxxx

1

mod

1

234

24567

xxxx

xxxxx

1313

The The AlgorithmAlgorithmInput: integer Input: integer nn

1.1. Find Find r r O(log O(log66n)n), s.t. , s.t. rr is is specialspecial,,

2.2. Let Let l = 2rl = 2r1/21/2log nlog n. .

3.3. For For t=2,…,lt=2,…,l, if , if t|nt|n output output COMPOSITECOMPOSITE

4.4. If If nn is ( is (prime) power --prime) power -- n=pn=pkk, for , for k>1k>1output output COMPOSITECOMPOSITE . .

5.5. For For a =1,…,la =1,…,l, if , if (x-a)(x-a)nn x xnn-a (mod x-a (mod xrr-1, n)-1, n), ,

output output COMPOSITECOMPOSITE . .

6.6. Otherwise: output Otherwise: output PRIMEPRIME..

DefDef: : rr is is specialspecial if: if: rr is Almost Sophie-Germain, and is Almost Sophie-Germain, and q|Oq|Orr(n) (n) (where (where qq is the large prime factor of the large prime factor of r-1r-1).).

1414

Proof’s StructureProof’s Structure

SawSaw: primality test.: primality test.

We next showWe next show:: Special Special r r O(log O(log66n)n) exists. exists. For such For such rr: if : if nn is composite is composite

s.t. s.t. nn passes steps (3) and (4), then passes steps (3) and (4), then aa[1..l] s.t. (x-a)[1..l] s.t. (x-a)nn xxnn-a -a (mod x(mod xrr-1, -1, n)n)(hence, returns COMPOSITE at step (5))(hence, returns COMPOSITE at step (5))

1.1. Find Find r r O(log O(log66n)n), s.t. , s.t. rr is is specialspecial, ,



4.4. If If nn is a is a prime powerprime power, i.e. , i.e. n=pn=pkk, for some prime , for some prime pp, , output output COMPOSITECOMPOSITE . .

5.5. For For a =1,…,la =1,…,l, if , if (x-a)(x-a)nn xxnn-a (mod x-a (mod xrr-1, n)-1, n), output , output COMPOSITECOMPOSITE . .

6.6. Otherwise output Otherwise output PRIMEPRIME..

1515

Finding Suitable rFinding Suitable rElaborating on step (1):Elaborating on step (1):

1.1. while while r < c logr < c log66nn1.1. if if rr is prime is prime2.2. let let qq be the largest be the largest

prime factor of prime factor of r-1r-13.3. if (if (qq4r4r1/21/2log nlog n) and () and (nn(r-1)/q (r-1)/q 1 (mod r) 1 (mod r)))

break;break;4.4. rrr+1r+1

ComplexityComplexity: : O(logO(log66n)n) iterations, each taking: iterations, each taking: O(rO(r1/21/2 poly log r) poly log r), hence total , hence total poly log npoly log n..

•when ‘break’ is when ‘break’ is reached: reached: rr is prime, is prime, qq is large, and is large, and q|Oq|Orr(n)(n)







1717

LemmaLemma: Special : Special r r O(log O(log66n)n) exists.exists.

ProofProof:: let let ,,=O(log=O(log66n)n), consider the interval , consider the interval [[....]].. ASG numbers are dense in ASG numbers are dense in [[....]]

there are only few primes there are only few primes rr[[....] ] s.t s.t OOrr(n) < (n) < 1/31/3..

Hence, by Hence, by counting argumentcounting argument, exists a , exists a ASG ASG rr[[....] ] s.t.s.t. O Orr(n) > (n) > 1/31/3..

Moreover, Moreover, OOrr(n) > (n) > 1/31/3 q | O q | Orr(n)(n)..

Therefore, exists a Therefore, exists a special rspecial r[[....]]..

#ASG#ASG[[....]] #ASG #ASG[1..[1..] - #primes] - #primes[1..[1..]] = = (log(log66n / loglog n)n / loglog n)(using density of ASG numbers, and upper bound on density of (using density of ASG numbers, and upper bound on density of

primes)primes)

OOrr(n) < (n) < 1/31/3 r | r | =(n-1)(n=(n-1)(n22-1)...(n^-1)...(n^1/31/3-1)-1)..However, However, has no more than has no more than 2/32/3log n log n prime divisorsprime divisors

assumeassume q q doesn’t divide O Orr(n)(n), then , then nn(r-1)/q(r-1)/q 1 1, therefore , therefore OOrr(n)(n)(r-(r-1)/q1)/q. However. However (r-1)/q(r-1)/q < 1/31/3 -- a contradiction.-- a contradiction.

1818

Correctness Proof Correctness Proof

LemmaLemma: : nn is composite is composite step (5) returns step (5) returns ‘composite’. ‘composite’. That is, That is,

If If nn is composite, and is composite, and n n has no factor has no factor t t l l, and, and nn is not a prime-power is not a prime-power

then then aa[1..l] s.t. (x-a)[1..l] s.t. (x-a)nn xxnn-a -a (mod x(mod xrr-1, -1, nn))







1919

ProofProof

Let Let pp be a prime factor of be a prime factor of nn, and , and let let h(x)h(x) be an irreducible factor of be an irreducible factor of xxrr-1-1, ,

It suffices to show inequality It suffices to show inequality ((mod h(x),mod h(x), pp) ) instead of (instead of (mod xmod xrr-1,-1, nn), i.e.), i.e. aa[1..l] [1..l] s.t. s.t. (x-a)(x-a)nn xxnn-a (-a (mod h(x), mod h(x), pp))

Choose Choose p p and and h(x)h(x) s.t. s.t. q|Oq|Orr(p)(p), and, and deg(h(x)) = Odeg(h(x)) = Orr(p)(p)

Such Such pp exists: exists: Let Let n=pn=p11pp22…p…pkk, then, thenOOrr(n) = lcm{Or(p(n) = lcm{Or(pii)})}..Therefore: Therefore: q|Oq|Orr(n)(n) i q|Oi q|Orr(p(pii)) (as (as qq is prime) is prime)

Such Such hh exists: by previous exists: by previous claim.claim.

2020

ProofProof

Assume by contradiction that Assume by contradiction that nn is is composite, and passes all the tests, composite, and passes all the tests, i.e.i.e. n n has no small factor, andhas no small factor, and nn is not a prime-power, and is not a prime-power, and aa[1..l][1..l] (x-a)(x-a)nn x xnn-a (mod h(x), p)-a (mod h(x), p), ,

2121

ProofProof

Consider the group generated by Consider the group generated by {(x-a)}{(x-a)}aa[1..l][1..l] (mod h(x), p)(mod h(x), p), i.e., i.e.

Note: Note: f(x)f(x)G, f(x)G, f(x)nn f(x f(xnn)) Let Let I = I = {{ m m || ffG, f(x)G, f(x)mm f(x f(xmm) ) }.}. LemmaLemma: : II is is multiplicativemultiplicative, i.e. , i.e. u,vu,vII uv uvII.. ProofProof: : xxrr-1|x-1|xvrvr-1-1, therefore, therefore

hencehence

aia p

1 a l

G (x a) | i 0 F [x]/ h(x)

ai

a p1 a l

G (x a) | i 0 F [x]/ h(x)

( ) ( ) mod. - 1,

( ) ( ) mod. - 1,

rv u vu v

v u vu r

g x g x x p

g x g x x p

( ) ( ) mod. - 1,

( ) ( ) mod. - 1,

rv u vu v

v u vu r

g x g x x p

g x g x x p )()()()( vuuvuvvu xgxgxgxg )()()()( vuuvuvvu xgxgxgxg

2222

Proof - Proof - nnII I I is largeis large PropProp: : (i,j)(i,j)(i’,j’) n(i’,j’) niippjj n ni’i’ppjj (since (since n n p pkk)) LemmaLemma: : , if , if u,vu,vII s.t. s.t. (i,j)(i,j)(i’,j’) (i’,j’)

uuiivvjjuui’i’vvj’j’, , then then |I||I| [u [uvv] > ] > 22..

CorollaryCorollary: : , , nnII |I||I| [u [uvv] > ] > 22. . ProofProof: : ppII..

However, However, LemmaLemma::

CorollaryCorollary: : nnII |I||I| [|G|] > r [|G|] > r. .

((+1)+1)22 different pairs different pairs (i,j)(i,j), each give a distinct value , each give a distinct value

rnG 2

Consider all polynomials of Consider all polynomials of degree bound degree bound <d<d..There are all distinct in There are all distinct in FFpp[x]/h(x)[x]/h(x). Therefore . Therefore

l

dlG

1

l

dlG

1

2323

Irreducible Factors of Irreducible Factors of (x(xrr-1)/(x-1)-1)/(x-1)

DefDef: Let : Let h(x)h(x) denote any irreducible denote any irreducible factor of factor of (x(xrr-1)/(x-1)-1)/(x-1), and , and d = deg(h(x))d = deg(h(x))

ClaimClaim: : h(x)h(x), , d=Od=Orr(p)(p) ProofProof: Denote : Denote k=Ok=Orr(p)(p). Note . Note FFpp[x]/h(x) [x]/h(x) is of size is of size ppdd, ,

therefore therefore FFpp[x]/h(x)*[x]/h(x)* is cyclic of order is cyclic of order ppdd-1-1.. k|dk|d: xxrr1 (mod h(x))1 (mod h(x)), hence , hence OOh(x)h(x)(x)(x) is is rr, therefore , therefore

r|pr|pdd-1-1, i.e., , i.e., ppdd 1 (mod r)1 (mod r), and hence , and hence k|dk|d (recall (recall d=Od=Orr(p)(p)).).

d|kd|k: let gg be a generator, then be a generator, then hencehence ppdd-1 |-1 | ppkk-1-1. and therefore therefore d|kd|k..

kp 1g x 1

kp 1g x 1

Recall, if Recall, if rr is is specialspecial with respect to with respect to nn, then , then r-1r-1 has a has a large prime factor large prime factor qq, s.t. , s.t. q|Oq|Orr(n)(n)..

Choose Choose p p s.t. s.t. q|Oq|Orr(p)(p) ( (exists). Then ). Then dd is large. is large.

2424

Proof – Proof – II is small is small LemmaLemma: Let: Let m1, m2m1, m2 I I, then, then

m1 m1 m2 (mod |G|) m2 (mod |G|) m1 m1 m2 (mod m2 (mod r)r)

LemmaLemma((II is small): is small): |I| |I| [|G|] [|G|] r r ProofProof: :

Each two elements in Each two elements in |I| |I| [|G|] [|G|] are are different mod different mod |G||G|..

Therefore they are different mod Therefore they are different mod rr.. Hence Hence |I| |I| [|G|] [|G|] r r. .

ContradictionContradiction! !

ProofProof: Let : Let g(x) g(x) be a generator of be a generator of GG. Let . Let m2=m1+krm2=m1+kr..

(*) (*) m1m1m2 (mod r)m2 (mod r), then , then xxm1m1xxm2m2 (mod h(x)) (mod h(x)) (as (as xxrr 1 (mod 1 (mod h(x))h(x))))

kr

m

kr

krmmmkrmm

xg

xg

xg

xgxgxgxgxgxg

2111

(*)12

)),(..(mod1 pxhxg kr

)..(mod0 Gkr

2525

The EndThe End

2626

Proof - G is large, Cont.Proof - G is large, Cont.

Hence, Hence,

PropProp: : d d 2l 2l

ProofProof: Recall : Recall d=Od=Orr(p)(p) and and q|Oq|Orr(p)(p), , hence hence d d q q 2l 2l (recall (recall qq4r4r1/21/2log nlog n, , l=2rl=2r1/21/2log nlog n))

HenceHence

l d 1G S

l

l d 1G S

l

rl nG 22 rl nG 22

This is the reason This is the reason for seeking a for seeking a large large qq s.t. s.t. q|q|OOrr(n)(n)

Documents

1 Deciding Primality is in P M. Agrawal, N. Kayal, N. Saxena Presentation by Adi Akavia