Embed Size (px)
Citation preview
Primes in PPrimes in P
Deterministic polynomial-time algorithm of Agrawal, Kayal and Saxena
Presented by Vladimir Braverman
HistoryHistory
Sieve of Eratosthenes 240BC Randomized, polynomial-time algorithm of
Miller-Rabin, 1980 (practically used)Adleman, Pomerance and Rumeley (APR) a
deterministic algorithm, an almost polynomial time NloglogN , 1983
Agrawal, Kayal and Saxena, deterministic, polinomial-time algorithm 2002
ImpactImpact
Data securityNumber TheoryTheory of algorithms Doesn’t have a practical value yet
The HeroesThe Heroes
Neeraj Kayal and Nitin Saxena are PhD students (22 years old).
Indian Institute of Technology, Kanpur
Agrawal was recently awarded the Clay Research Award, one of the coveted honors in mathematical research.
Polynomial identity ideaAlgorithms in Number Theory
Number TheoryGroup Theory Finite Fields
Primes in P
ContentContent
Background – Algorithms in number theory – Rings– Number Theory
Basic idea: Polynomial identity Algorithm
– Pseudo code– Correctness– Running time
Algorithms in number theoryAlgorithms in number theory
Lemma 1– 0 < a,b < n– ab can be calculated in O( log3 (n))– Maximal integer less than b/a can be calculated
in O(log2 (n))– a mod b can be calculated in O(log2 (n))– Gcd(a,b) can be calculated in O(log3 (n))
AlgebraAlgebra A ring is a set together with addition and
multiplication 1. Additive associativity: 2. Additive commutativity: 3. Additive identity. 4. Additive inverse 5. Multiplicative associativity: 6. Left and right distributivity:
A ring is therefore an Abelian group under addition and a semigroup under multiplication.
Algebra (cont)Algebra (cont) A polynomial f is defined to be a formal
expression of the form
where the coefficients a0, ... , an are elements of some ring R and X is considered to be a formal symbol.
Two polynomials are considered to be equal if and only if the sequences of their coefficients are equal.
Algebra (end)Algebra (end) Polynomials with coefficients in R can be added
by simply adding corresponding coefficients and multiplied using the distributive low and the rules X a = a X for all elements a of the ring R Xk Xl = Xk+l for all natural numbers k and l.
The set of all polynomials with coefficients in the ring R forms itself a ring, the ring of polynomials over R, which is denoted by R[X].
Algorithms in number theory Algorithms in number theory (cont)(cont)
Lemma 2Let 1 < a,b, r and n = max(a,r). Than ab mod r can
be calculated in O( log2 (n) + log(b) log2(r))
Lemma 3Let 1< a,r < n. The r coefficients of
(x-a)n mod (xr-1) in Zn[x] can be computed in
O(r2 log3 (n)) time.
Algorithms in number theory Algorithms in number theory (cont)(cont)
Lemma 4Let n > 2 be an integer. There is an algorithm that decides
in O(√n log2 (n)) whether n is prime. Algorithm:– r:=2; s:=4 (s = r2)– While s <= n– Do If n mod r = 0 return NO
Else r:=r+1; s:=2r-1 Endif
– EndWhile– Return Yes
Algorithms in number theory Algorithms in number theory (cont)(cont)
Lemma 4 (cont)– The correctness follows from the fact that n is
not prime iff there is an integer r <= √n that divides n.
– The while-loop makes at most √n iterations each one taking (log2 n) time.
Algorithms in number theory Algorithms in number theory (end)(end)
Lemma 5Let n > 2 be an integer. There is an algorithm that
computes the largest prime factor of n in
O(√n log2 (n)).
Lemma 6Let n > 2 be an integer. There is an algorithm that
decides in O(log4 (n) log (log (n)) ) whether there exist integers a,b such that n = ab.
Number theoryNumber theory
Lemma 7If p is prime number than for any i < p
(pi) = 0 mod p
Proof
(pi) = p(p-1)…(p-i+1) / i!
Since gcd(p, i!) = 1 the lemma is proved
Number theory(cont)Number theory(cont)
Lemma 8If p is prime number than for any a,ap = a mod pProof (induction)
a = 1a -> a+1
(a+1)p = (pi) ai
(a+1)p = ap+1 = a+1 mod p
Polynomial identityPolynomial identity
Theorem 1Let a, n be integers– If n is a prime number, then (x-a)n = xn-a in
the ring Zn[x]
– If gcd(a, n) =1 and n is not a prime number, then (x-a)n <> xn-a in the ring Zn[x]
Proof of Theorem 1Proof of Theorem 1
(x-a)n = (ni) xi(-a)n-I.
1. Prime case– If n is prime, (n
i) = 0 mod n, according to Lemma 7– Therefore (x-a)n = xn – an = xn – a mod n,
according to Lemma 8
2. n is not a prime and gcd(n,a) = 1q – prime factor of n, qk | n, k – maximalgcd (a,q) = 1 and gcd (an-q, qk) = 1
Proof of Theorem 1(Cont)Proof of Theorem 1(Cont)Lemma: qk doesn’t divide (n
q) Proof: (by contradiction) Suppose, (n
q) = b qk. Than, n(n-1)…(n-q+1)/q! = b qk.
n = (q-1)! b qk+1 /(n-1)…(n-q+1). For each 0 < j < q , q doesn’t
divide (n-j). Indeed, since q | n and (n-j) = 0 mod q we have j = 0 mod q.
Therefore, (q-1)! b /(n-1)…(n-q+1) is an integer and qk+1 | n that contradicts with maximal property of k
Proof of Theorem 1(Cont)Proof of Theorem 1(Cont)
(x-a)p The coefficient of xp is (nq)(-1)n-qan-q
If it is divisible by n, than (nq)an-q = bn
Hence, (nq)an-q/qk = bn / qk
Right-hand side is integer and
gcd(an-q,qk) = 1 Therefore qk | (n
q) that contradicts Lemma
We proved that (x-a)n <> xn-a in the ring Zn[x]
Improved polynomial identityImproved polynomial identity
Theorem 2 Let n be an integer and let q, r be prime numbers and
1. gcd (m,n) = 1 for all m < r
2. q divides r-1
3. q ≥ 2√r log(n) + 2
4. n(r-1)/q ≠ 1 mod r
5. (x-a)a = (xn-a) mod (xr-1) in Zn[x] for
a < 2√r log(n) + 1
Then n is a power of prime number.
Lemma 9 There exist constants 0 < c1 < c2 such that for any
large n, there exists a prime number r
1. c1 log6(n) < r < c2 log6(n)
2. r-1 has a prime factor q, q ≥ 2√r log(n) + 2
3. n(r-1)/q ≠ 1 mod r
Algorithm Prime(n)Algorithm Prime(n)
r := 2; found := false; While r < n and found = false Do if gcd(r,n) ≠ 1 then return NO
– If r is a prime and r > 2– Then q := largest prime factor of r-1
If q ≥ 2√r log(n) + 2 and n(r-1)/q ≠ 1 mod r Then found = true Endif
– Endif– If found = false then r++ endif
Endwhile
Algorithm Prime(n) (Cont)Algorithm Prime(n) (Cont)
For a:= 1 to 2√r log(n) + 1 Do if (x-a)a ≠ (xn-a) mod (xr-1) in Zn[x]
– Then return NO– Endif
Endfor If n = ab for some integers a,b ≥ 2 Then return NO Else return YES Endif
Correctness of the algorithm Correctness of the algorithm (Sketch of the proof )(Sketch of the proof )
If n is prime, Algorithm doesn’t return NO during While loop,
since gcd(n,r) = 1 By Theorem 1, (x-a)a ≠ (xn-a) mod (xr-1) in Zn[x]
Thus, the algorithm doesn’t return NO during For loop
N is not in the form ab, therefore YES is returned
If n is not a prime, then, according to Theorem 2, the algorithm returns NO
Running time Running time (Sketch of the proof )(Sketch of the proof )
While loop
Action Time Reason
gcd O(log3(n)) Lemma 1
r is prime O(√r log2(r)) Lemma 4
largest prime factor of r-1 O(√r log2(r)) Lemma 5
n(r-1)/q mod r O(log2(n) + log3(r)) Lemma 2
One while-loop iteration O(log2(n) + (√r log2(r))
Number of while iterations O(log6(n)) Lemma 9
While-loop O( log9(n) log2(log(n)) ) r=O(log6(n))
Running time(Cont)Running time(Cont)
For loop
Testing if n is perfect power – O(log4(n) log(log(n))) , by Lemma 6
Action Time Reason
Coefficient of (x-a)n mod (xr-1) in Zn[x]
Note that the same time for
(xn -a)
O(r2 log3 (n)) Lemma 3
For-loop O(log19(n)) r=O(log6(n)), Lemma 9
ReferencesReferencesAgrawal, Kayal and Saxena. Primes in PM. Smid. Primality testing in polynomial
timeF. Bornemann. PRIMES Is in P: A
breakthrough for “Everyman”
ENDEND
