Theory and Practice of Algorithmsthomas/TPA/SLIDES/tap-lect06.pdf · 2019. 4. 19. · Lecture 6: Testing Primality is in P1 1Source: M. Agrawal, N. Kayal and N. Saxena, PRIMES is

Introduction The Algorithm, Complexity End

Theory and Practice of Algorithms

Thomas Zeugmann

Hokkaido UniversityLaboratory for Algorithmics

https://www-alg.ist.hokudai.ac.jp/∼thomas/TPA/

Lecture 6: Testing Primality is in P1

1Source: M. Agrawal, N. Kayal and N. Saxena, PRIMES is in P,Annals of Mathematics, 160 (2004), 781–793.

Theory and Practice of Algorithms c©Thomas Zeugmann


Introduction I

QuestionWhy do we need to know this result?

“This algorithm is beautiful”Carl Pomerance

“It’s the best result I’ve heard in over ten years”Shafi Goldwasser

“New Method Said to Solve Key Problem in Math”said the headline of a story in the New York Times, August 8,2002.

Within the first ten days the website dedicated to the firstpreprint had over two million hits and and three hundred thousanddownloads of the preprint.



Introduction I








Introduction I








Introduction IIWhile it is often quite hard to understand a major breakthroughin mathematics (e.g., Andrew Wiles’ proof Fermat’s lasttheorem), the result by Agrawal, Kayal and Saxena isunderstandable by “Everyman.”The authors motivated their research (in the preprint) byquoting Gauß (Disquisitiones Arithmeticae, article 329, 1801)

The problem of distinguishing prime numbers fromcomposite numbers and of resolving the latter into theirprime factors is known to be one of the most important anduseful in arithmetic. It has engaged the industry andwisdom of ancient and modern geometers to such an extentthat it would be superfluous to discuss the problem atlength. . . . Further, the dignity of the science itself seems torequire that every possible means be explored for thesolution of a problem so elegant and so celebrated.



Introduction IIWhile it is often quite hard to understand a major breakthroughin mathematics (e.g., Andrew Wiles’ proof Fermat’s lasttheorem), the result by Agrawal, Kayal and Saxena isunderstandable by “Everyman.”The authors motivated their research (in the preprint) byquoting Gauß (Disquisitiones Arithmeticae, article 329, 1801)

The problem of distinguishing prime numbers fromcomposite numbers and of resolving the latter into theirprime factors is known to be one of the most important anduseful in arithmetic. It has engaged the industry andwisdom of ancient and modern geometers to such an extentthat it would be superfluous to discuss the problem atlength. . . . Further, the dignity of the science itself seems torequire that every possible means be explored for thesolution of a problem so elegant and so celebrated.



Motivation III

Ancient Chinese and Greek mathematicians already studiedtesting primality. The sieve of Eratosthenes (≈ 240 BC) is stilltaught in school.

But using this method to prove that a number n is primerequires computation time O(n), i.e., it is exponential in thelength of n (which is dlog ne.)

This is a subtle point. Quoting Gauß again:

Nevertheless we must confess that all methods that havebeen proposed thus far are either restricted to very specialcases or are so laborious and prolix that . . . these methods donot apply at all to larger numbers.



Motivation III







Motivation III







Motivation IV

QuestionWhat was the state of the art before August 2002?

Fermat’s little theorem tells us that for every prime n andall a ∈ Z∗

n we have

an ≡ a mod n .

Unfortunately, the converse is not true.But Miller (1976) used this property to obtain a deterministicpolynomial time algorithm for testing primality provided theExtended Riemann Hypothesis is true. Unfortunately, we donot know whether or not it is true.

Rabin (1980) modified Miller’s result and showedthat PRIMES ∈ co-RP.



Motivation IV



n we have

an ≡ a mod n .





Motivation IV



n we have

an ≡ a mod n .





Motivation V

Using quadratic residues, Solovay and Strassen (1977) obtainedanother algorithm proving PRIMES ∈ co-RP.

Adleman, Pomerance and Rumely (1983) gave a deterministicalgorithm for testing primality having a running time of(log n)O(log log log n) which uses much more theory and anextension of Fermat’s little theorem to integers in cyclotomicfields.

Goldwasser and Kilian (1986) obtained a randomized algorithmthat is based on elliptic curves showing PRIMES ∈ RP.

Adleman and Huang (1992) showed PRIMES ∈ ZPP but theiralgorithm is very difficult to understand.

After Adleman and Huang (1992) there was no progress for 10years.



Motivation V








Motivation V








Motivation V








Preparations I

Theorem 5.6 is the starting point for the AKS-algorithm; i.e., wealready know the following:

Let n ∈N, n > 2, and a ∈N+ be such that gcd(n, a) = 1. Thenwe have

n is prime if and only if (X + a)n ≡ (Xn + a) mod n . (1)

This characterization directly yields a primality test. Let n beany odd number. Then one chooses any a < n withgcd(n, a) = 1. Clearly, if we have chosen an a < n such thatgcd(n, a) , 1, then we know that n is not prime. Next, we haveto check whether or not all coefficients of (X + a)n takenmodulo n do vanish except the coefficients of Xn and of an. Ifthis is the case, then n is prime; otherwise it is not.



Preparations I

Theorem 5.6 is the starting point for the AKS-algorithm; i.e., wealready know the following:

Let n ∈N, n > 2, and a ∈N+ be such that gcd(n, a) = 1. Thenwe have

n is prime if and only if (X + a)n ≡ (Xn + a) mod n . (1)

This characterization directly yields a primality test. Let n beany odd number. Then one chooses any a < n withgcd(n, a) = 1. Clearly, if we have chosen an a < n such thatgcd(n, a) , 1, then we know that n is not prime. Next, we haveto check whether or not all coefficients of (X + a)n takenmodulo n do vanish except the coefficients of Xn and of an. Ifthis is the case, then n is prime; otherwise it is not.



Preparations II

However, this means that we have to check n + 1 many termsand thus the running time is not polynomial in log n. It is evenworse than checking all odd possible factors less than

√n.

So, at least one more idea is needed, and here it comes:

One does not look at the excessively large polynomial power(X + a)n but instead at its remainder after division by Xr − 1.If r stays logarithmic in n then this very much smallerremainder can be directly calculated in polynomial time withsuitable algorithms.That is, instead of testing the equivalence

(X + a)n ≡ (Xn + a) mod n

directly, they figured out that it suffices to check

(X + a)n mod (n, Xr − 1) and (Xn + a) mod (n, Xr − 1) ,

where Xr − 1 is a suitably chosen polynomial.



Preparations II


√n.


One does not look at the excessively large polynomial power(X + a)n but instead at its remainder after division by Xr − 1.If r stays logarithmic in n then this very much smallerremainder can be directly calculated in polynomial time withsuitable algorithms.

That is, instead of testing the equivalence




where Xr − 1 is a suitably chosen polynomial.



Preparations II


√n.


One does not look at the excessively large polynomial power(X + a)n but instead at its remainder after division by Xr − 1.If r stays logarithmic in n then this very much smallerremainder can be directly calculated in polynomial time withsuitable algorithms.That is, instead of testing the equivalence




where Xr − 1 is a suitably chosen polynomial.Theory and Practice of Algorithms c©Thomas Zeugmann


Preparations III

Here by q(X) ≡ p(X) mod (n, Xr − 1) we denote the equalityof the remainders of q(X) and p(X) when divided by Xr − 1 andthe coefficients taken modulo n.

Suitably chosen means that the degree r can be kept smallenough. So the coefficients are still calculated modulo n but thepolynomials Xs are taken modulo (Xr − 1). For example,Xr ≡ 1 mod (Xr − 1) and thus Xs ≡ Xs mod r mod (Xr − 1).

If n is prime, then the check


is clearly satisfied. What about the opposite direction?

So, should we fix a and variable r or should we try to fix r andlet a vary?



Preparations III









Preparations III









Preparations III









Preparations IV

In their bachelor project, Kayal and Saxena tried to fix a = 1.They also could show that it then suffices to restrict r tor = 2, . . . , 4 log2 n provided the Extended Riemann Hypothesisis true.

The breakthrough came in the summer after their bachelorproject, when they tried to vary a, too.

It turned out that one has to perform the check for severalvalues of a. If all these tests are fulfilled then either n is a primeor a prime power. But the case that n is a power of some numbercan be handled easily.



Preparations IV






Preparations IV






Algorithm AKSInput: Odd integer n > 1

1 if (n is of the form ab, b > 1) output COMPOSITE;2 r := 2;3 while ( r < n ) {4 if ( gcd(n, r) , 1 ) output COMPOSITE;5 if ( r is prime ) then6 let q be the largest prime factor of r − 1;7 if ( q > 4

√r log n )

8 and ( nr−1q . 1 mod r ) then

9 break;10 r := r + 1;11 }12 for a = 1 to b2

√r log nc do

13 if ( (X + a)n . (Xn + a) mod (n, Xr − 1) ) then14 output COMPOSITE;15 output PRIME;



Analyzing the Running Time IIt remains to show the correctness of the Algorithm AKS andto analyze its running time. We start with the running time(measured in arithmentic operations over integers having atmost 2 log n many bits).In Lecture 5 we presented the Procedure EXP. This algorithm iseasily modified to compute (X + a)n mod (n, Xr − 1) withinO(log n) multiplications of polynomials having degree atmost r and coefficients from Zn.

Let us go through the algorithm. In Line 1, one has to checkwhether or not n = ab. The possible b’s can be boundedby 2 6 b 6 log n. For each such b the following computation isperformed: If an a < n is given, one checks by using EXPif ab < n or ab = n or ab > n. So we can use binary search in{1, . . . , n} to look for an a such that ab = n. This search needsO(log n) exponentiations and thus O

((log n)2

)arithmetic

operations. Thus, Line 1 needs time O((log n)3

).



Analyzing the Running Time IIt remains to show the correctness of the Algorithm AKS andto analyze its running time. We start with the running time(measured in arithmentic operations over integers having atmost 2 log n many bits).In Lecture 5 we presented the Procedure EXP. This algorithm iseasily modified to compute (X + a)n mod (n, Xr − 1) withinO(log n) multiplications of polynomials having degree atmost r and coefficients from Zn.Let us go through the algorithm. In Line 1, one has to checkwhether or not n = ab. The possible b’s can be boundedby 2 6 b 6 log n. For each such b the following computation isperformed: If an a < n is given, one checks by using EXPif ab < n or ab = n or ab > n. So we can use binary search in{1, . . . , n} to look for an a such that ab = n. This search needsO(log n) exponentiations and thus O

((log n)2

)arithmetic

operations. Thus, Line 1 needs time O((log n)3

).



Analyzing the Running Time II

We need the following lemma:

Lemma 6.1

Let p be a prime, let a ∈ Z∗p, and let d = ord(a). Then we have

(1) d divides p − 1.(2) If q is a prime such that q|(p − 1) but q2 does not divide p − 1,

then for s = p−1q we have

q|d if and only if as . 1 mod p .

Proof. Assertion (1) is a direct consequence of Corollary 1.1.

To show (2), we first note that p − 1 = qs, where s ∈N+, andthat q does not divide s. Next, assume d|s. Then we can writes = ed, where e ∈N+, and thus as ≡

(ad

)e ≡ 1 mod p.



Analyzing the Running Time II

We need the following lemma:

Lemma 6.1

Let p be a prime, let a ∈ Z∗p, and let d = ord(a). Then we have

(1) d divides p − 1.(2) If q is a prime such that q|(p − 1) but q2 does not divide p − 1,

then for s = p−1q we have

q|d if and only if as . 1 mod p .

Proof. Assertion (1) is a direct consequence of Corollary 1.1.

To show (2), we first note that p − 1 = qs, where s ∈N+, andthat q does not divide s. Next, assume d|s. Then we can writes = ed, where e ∈N+, and thus as ≡

(ad

)e ≡ 1 mod p.



Proof continued

Conversely, if as ≡ 1 mod p, then we must have s > d.Suppose that s = ed + `, where 0 < ` < d. Then we directlyobtain as ≡

(ad

)ea` ≡ a` . 1 mod p, a contradiction. Hence,

we have d|s. Summarizing, we have

as ≡ 1 mod p if and only if d|s .

Finally, if q would divide d, then we could conclude q|s, too,since d|s. But this is impossible, since we know that q does notdivide s. Hence, we arrive at q does not divide d if and onlyif d|s if and only if as ≡ 1 mod p. This proves Assertion (2),and we are done.



Analyzing the Running Time III

If n is given, a prime r < n is said to be n-good if r does notdivide n and if the biggest prime divisor q of r − 1 satisfies

(i) q > 4√

r log n, and

(ii) nr−1q . 1 mod r.

Note that the fulfillment of Condition (ii) means that q is adivisor of the order d of n in Z∗

r (cf. Lemma 6.1). This means inparticular that q 6 d. Together with Condition (i) this yields alower bound for d.

Next, the loop in lines 3 through 11 checks for r = 2, 3, . . .

whether or not gcd(n, r) , 1 (in this case n is not prime) andthen if r is n-good.Clearly, one has to prove that this loop stops early.





(i) q > 4√

r log n, and










(i) q > 4√

r log n, and








Analyzing the Running Time IV

How many times this loop is executed does depend on

ρ(n) =df min {r | gcd(n, r) , 1 or r is n-good or r = n} .

As we shall see below, the time needed to compute ρ(n)

is ρ(n) = O((log n)6

). Here, we estimate the running time in

dependence on ρ(n). The gcd computation is done by using theAlgorithm ECL from Lecture 2. Thus, for one r we need timeO(log n) (divisions) and thus the overall time is O(ρ(n) log n).

For checking primality of r in line 5 one maintains a prime tableby the sieve of Eratosthenes up to 2dlog re. This needs timeO(ρ(n) log log(ρ(n))).



Analyzing the Running Time IV

How many times this loop is executed does depend on

ρ(n) =df min {r | gcd(n, r) , 1 or r is n-good or r = n} .

As we shall see below, the time needed to compute ρ(n)

is ρ(n) = O((log n)6

). Here, we estimate the running time in

dependence on ρ(n). The gcd computation is done by using theAlgorithm ECL from Lecture 2. Thus, for one r we need timeO(log n) (divisions) and thus the overall time is O(ρ(n) log n).

For checking primality of r in line 5 one maintains a prime tableby the sieve of Eratosthenes up to 2dlog re. This needs timeO(ρ(n) log log(ρ(n))).



Analyzing the Running Time V

Using the same table, one can check in Line 6 if the greatestprime factor q of r − 1 satisfies q > 4

√r log n. For doing this,

we have to check all prime factors q ′ of r − 1 with q ′ <√

r.This clearly requires one division per possible prime factor.Thus the overall time needed here is O((ρ(n))3/2).

In Line 8, we apply EXP. The time needed here is O(ρ(n) log n).Thus, the overall time needed for executing the loop in lines 3through 11 is O((ρ(n))3/2 + ρ(n) log n).

For the previously computed r, in lines 12, 13, 14 for each a,1 6 a 6 2

√r log n, one computes (X + a)n mod (n, Xr − 1)

and compares it with Xn + a ≡ Xn mod r + a mod (n, Xr − 1).Since a multiplication of polynomials with coefficients from Zn

of degree less than r takes (in naïve implementation) timeO(r2), the time for one step of fast exponentiationis O

((ρ(n))2 log n

).













((ρ(n))2 log n

).













((ρ(n))2 log n

).



Analyzing the Running Time VI

Thus, the time needed to execute lines 12, 13, 14 for all a is

O( √

ρ(n) log n · (ρ(n))2 log n)

= O((ρ(n))5/2(log n)2

).

So the running time of Algorithm AKS is O((log n)k) for someconstant k provided we can show that ρ(n) = O

((log n)6

).

For doing this, we need some more knowledge from numbertheory. First we define for all real numbers x > 0,

π(x) =df |{p | p 6 x, p is prime}| .

Then, the famous prime number theorem is telling us thefollowing:



Analyzing the Running Time VI

Thus, the time needed to execute lines 12, 13, 14 for all a is

O( √

ρ(n) log n · (ρ(n))2 log n)

= O((ρ(n))5/2(log n)2

).

So the running time of Algorithm AKS is O((log n)k) for someconstant k provided we can show that ρ(n) = O

((log n)6

).

For doing this, we need some more knowledge from numbertheory. First we define for all real numbers x > 0,

π(x) =df |{p | p 6 x, p is prime}| .

Then, the famous prime number theorem is telling us thefollowing:



Analyzing the Running Time VII

Theorem 6.1 (Prime Number Theorem)

The following assertion holds: limx→∞ π(x)

x/ ln x = 1.

The proof of the prime number theorem is beyond the scope ofthis course. Actually, for our purposes we only need a weakerversion of the prime number theorem which is also much easierto prove (cf., e.g., T. M. Apostol, Introduction to AnalyticNumber Theory, Springer, 1997).

Theorem 6.2

For all x > 2 we have

x

6 log x6 π(x) 6

8x

log x.



Analyzing the Running Time VII

Theorem 6.1 (Prime Number Theorem)

The following assertion holds: limx→∞ π(x)

x/ ln x = 1.

The proof of the prime number theorem is beyond the scope ofthis course. Actually, for our purposes we only need a weakerversion of the prime number theorem which is also much easierto prove (cf., e.g., T. M. Apostol, Introduction to AnalyticNumber Theory, Springer, 1997).

Theorem 6.2

For all x > 2 we have

x

6 log x6 π(x) 6

8x

log x.



Analyzing the Running Time VIII

Among all prime numbers r 6 x, in particular we are interestedin those for which r − 1 has a large prime factor. We write P(a)

to denote the largest prime dividing a. Furthermore, we define

π∗∗(x) =df

∣∣∣{r | r is prime, r 6 x, P(r − 1) > x2/3}∣∣∣ .

Then, the following theorem holds:

Theorem 6.3 (Fouvry’s Theorem)

There is a constant c > 0 and a real number x0 > 0 such that forall x > x0 we have π∗∗(x) > c · x

log x .

Proof. We refer toÉ. F, Théorème de Brun-Titchmarsch: application authéorème de Fermat.Inventiones mathematicae 79 (1985), 383 – 407.



Analyzing the Running Time VIII

Among all prime numbers r 6 x, in particular we are interestedin those for which r − 1 has a large prime factor. We write P(a)

to denote the largest prime dividing a. Furthermore, we define

π∗∗(x) =df

∣∣∣{r | r is prime, r 6 x, P(r − 1) > x2/3}∣∣∣ .

Then, the following theorem holds:

Theorem 6.3 (Fouvry’s Theorem)

There is a constant c > 0 and a real number x0 > 0 such that forall x > x0 we have π∗∗(x) > c · x

log x .

Proof. We refer toÉ. F, Théorème de Brun-Titchmarsch: application authéorème de Fermat.Inventiones mathematicae 79 (1985), 383 – 407.



Analyzing the Running Time IX

So, for a constant fraction of all primes r 6 x wehave P(r − 1) > x2/3. Now, we are ready to prove the followinglemma:

Lemma 6.2

There exists an n0 such that for all n > n0 there is a prime r

satisfying(1) r 6 4096 · (log n)6

(2) either r divides n or r is n-good.

Proof. We set y =df 4096 · (log n)6 and consider the product

Π =df

y1/3∏j=1

(nj − 1) .



Analyzing the Running Time IX

So, for a constant fraction of all primes r 6 x wehave P(r − 1) > x2/3. Now, we are ready to prove the followinglemma:

Lemma 6.2

There exists an n0 such that for all n > n0 there is a prime r

satisfying(1) r 6 4096 · (log n)6

(2) either r divides n or r is n-good.

Proof. We set y =df 4096 · (log n)6 and consider the product

Π =df

y1/3∏j=1

(nj − 1) .



Analyzing the Running Time X

Since Π <(ny1/3

)y1/3

= ny2/3and since every prime is greater

than or equal to 2 we can estimate the number N of factors inthe prime factorization of Π as follows:

N < log(ny2/3

)= y2/3 log n = 256 · (log n)5 .

Therefore, by Theorem 6.3 there exists a c > 0 and an n0 suchthat for all n > n0 we have

256 · (log n)5 < c · 4096 · (log n)6

log(4096 · (log n)6)

= c · 4096 · (log n)6

12 + 6 log log n

6 π∗∗(4096 · (log n)6) .



Analyzing the Running Time X

Since Π <(ny1/3

)y1/3

= ny2/3and since every prime is greater

than or equal to 2 we can estimate the number N of factors inthe prime factorization of Π as follows:

N < log(ny2/3

)= y2/3 log n = 256 · (log n)5 .

Therefore, by Theorem 6.3 there exists a c > 0 and an n0 suchthat for all n > n0 we have

256 · (log n)5 < c · 4096 · (log n)6

log(4096 · (log n)6)

= c · 4096 · (log n)6

12 + 6 log log n

6 π∗∗(4096 · (log n)6) .



Analyzing the Running Time XI

Consequently, for all n > n0 there is a prime r such that r < y

and P(r − 1) > y2/3 and r 6 | Π. This prime obviously fulfillsAssertion (1).

Now, if r|n we are done. It remains to show that r is n-goodprovided it does not divide n. By construction,

P(r − 1) > y2/3 = y1/2 · y1/6 > r1/2 · y1/6

=√

r(4096 · (log n)6)1/6

= 4√

r log n .

This shows (i) of the definition of n-goodness.

Since r 6 | Π we directly get r 6 | (nj − 1) for all 1 6 j 6 y1/3.Thus, we have nj . 1 mod r for all these j.







P(r − 1) > y2/3 = y1/2 · y1/6 > r1/2 · y1/6

=√

r(4096 · (log n)6)1/6

= 4√

r log n .









P(r − 1) > y2/3 = y1/2 · y1/6 > r1/2 · y1/6

=√

r(4096 · (log n)6)1/6

= 4√

r log n .





Analyzing the Running Time XII

Hence, it suffices to show that

r − 1

q∈

{1, . . . , y1/3

}.

This can be seen as follows:

r − 1

q<

r

q6

y

y2/3= y1/3 ,

and the lemma is proved.

Thus, we have shown that the Algorithm AKS is leaving itswhile-loop always with an r = O

((log n)6

).



Analyzing the Running Time XII

Hence, it suffices to show that

r − 1

q∈

{1, . . . , y1/3

}.

This can be seen as follows:

r − 1

q<

r

q6

y

y2/3= y1/3 ,

and the lemma is proved.

Thus, we have shown that the Algorithm AKS is leaving itswhile-loop always with an r = O

((log n)6

).



Analyzing the Running Time XIII

Putting this all together, we have the following theorem:

Theorem 6.4

The running time of Algorithm AKS is O((log n)17

).

Remarks. The bound O((log n)17

)can be improved. Hendrik

Lenstra and Carl Pomerance showed that the running timeis O((log n)6), where O(t(n)) ignores further factors which arepolylogarithmic in t(n).

As we have seen, in order to achieve a polynomial running timeit is necessary that r is bounded by a polynomial in log n. Thisleads to the requirement that there are infinitely many primes r

such that r − 1 has a prime factor q > r1/2+δ.





Theorem 6.4


).










Theorem 6.4


).








Analyzing the Running Time XIV

The latter requirement is a problem well-studied in analyticnumber theory.

Clearly, the best result would be obtained for odd primes q forwhich also 2q + 1 is a prime (Sophie Germain primes). Forexample, 23 is a Sophie Germain prime, since 47 is also prime.

Sophie Germain studied these prime numbers whileinvestigating Fermat’s last theorem in 1823. Since then, onetried to prove that there are infinitely many Sophie Germainprimes. However, this conjecture is still open.

The largest known Sophie Germain prime is48047305725× 2172403 − 1

(found in January 2007 by David Underbakke).



















Analyzing the Running Time XV

Fortunately enough, Adleman and Heath-Brown had studiedpairs of primes (q, r) (ten years before Andrew Wiles’ finalproof of Fermat’s last theorem) which turned out to be veryimportant for the AKS-algorithm.

They required that∣∣∣{r 6 x | q, r prime, q|(r − 1), q > x1/2+δ}∣∣∣ > cδ ·

x

ln x

is valid for some δ > 1/6.

Étienne Fouvry (1985, 1996) obtained δ = 0.1683 > 1/6 which isstill the best bound known. The papers by Adleman andHeath-Brown and by Fouvry use deep methods from analyticnumber theory that expand on the large sieve of Bombieri (whoreceived 1974 the Fields Medal for it).Clearly, we still have to prove the correctness. This will be donein Lecture 7.






x

ln x








x

ln x


Étienne Fouvry (1985, 1996) obtained δ = 0.1683 > 1/6 which isstill the best bound known. The papers by Adleman andHeath-Brown and by Fouvry use deep methods from analyticnumber theory that expand on the large sieve of Bombieri (whoreceived 1974 the Fields Medal for it).

Clearly, we still have to prove the correctness. This will be donein Lecture 7.






x

ln x





Thank you!



Nitin Saxena, Neeraj Kayal, and Manindra Agrawal


Documents

Theory and Practice of Algorithmsthomas/TPA/SLIDES/tap-lect06.pdf · 2019. 4. 19. · Lecture 6: Testing Primality is in P1 1Source: M. Agrawal, N. Kayal and N. Saxena, PRIMES is