Date post: | 02-Jan-2016 |
Category: |
Documents |
Upload: | philip-kidd |
View: | 21 times |
Download: | 0 times |
11
Deciding Primality is in PDeciding Primality is in P
M. Agrawal, N. Kayal, N. M. Agrawal, N. Kayal, N. SaxenaSaxena
Speaker: Adi AkaviaSpeaker: Adi Akavia
22
BackgroundBackground Sieve of Eratosthenes 240BC -Sieve of Eratosthenes 240BC -(n)(n) Fermat’s Little TheoremFermat’s Little Theorem (17 (17thth century): century):
p is prime, ap is prime, a0 0 (mod p)(mod p) a ap-1p-11 1 (mod p)(mod p)(The converse does not hold – Carmichael numbers)(The converse does not hold – Carmichael numbers) Polynomial-time algorithms:Polynomial-time algorithms:
[Miller 76] deterministic, assuming [Miller 76] deterministic, assuming Extended Extended Riemann HypothesisRiemann Hypothesis..
[Solovay, Strassen 77; Rabin 80] unconditional, [Solovay, Strassen 77; Rabin 80] unconditional, but but randomizedrandomized. .
[Goldwasser, Kilian 86] randomized [Goldwasser, Kilian 86] randomized produces produces certificate for primalitycertificate for primality! (for almost all numbers)! (for almost all numbers)
[Adelman Huang 92] primality certificate for [Adelman Huang 92] primality certificate for allall numbers.numbers.
[Adelman, Pomerance, Rumely 83] [Adelman, Pomerance, Rumely 83] deterministic (log n)deterministic (log n)O(log log log n)O(log log log n)-time.-time.
33
This PaperThis Paper
unconditional, deterministic, polynomialunconditional, deterministic, polynomial
DefDef: : rr is is specialspecial with respect to with respect to n n if: if:
1.1. rr is is primeprime,,
2.2. r-1r-1 has a large prime factor has a large prime factor q = q = (r(r2/32/3) ) , , and and
3.3. q|Oq|Orr(n)(n).. ToolsTools: :
simple algebrasimple algebra High density Thm for numbers with High density Thm for numbers with
properties (1) and (2). [Fou85, BH96]properties (1) and (2). [Fou85, BH96]
DefDef: : orderorder nn mod mod rr, denoted , denoted OOrr(n)(n), is , is the smallest power the smallest power tt s.t. s.t. nntt 1 (mod 1 (mod r)r).h.h
44
Basic IdeaBasic Idea FactFact: For : For anyany aa s.t s.t (a,n)(a,n)=1=1::
nn is prime is prime (x-a) (x-a)nnxxnn-a -a (mod n)(mod n)
nn is composite is composite (x-a) (x-a)nnxxnn-a -a (mod n)(mod n)
Naive algoNaive algo: Pick an : Pick an arbitraryarbitrary aa, , check if check if (x-a)(x-a)nnxxnn-a (mod n)-a (mod n)
ProblemProblem: time complexity - : time complexity - (n)(n)..
ProofProof: Develop : Develop (x-a)(x-a)nn using Newton-binomial. using Newton-binomial. Assume Assume nn is prime, then is prime, then Assume Assume nn is composite, then let is composite, then let q|nq|n, let , let qqkk||n||n, then, then
andand , hence , hence xxqq has non zero coefficient has non zero coefficient (mod (mod nn).).
n
0 i n, 0 mod.ni
n0 i n, 0 mod.n
i
kn
q |q
kn
q |q
1, qnaq 1, qnaq
55
Basic IdeaBasic Idea IdeaIdea: Pick an : Pick an arbitraryarbitrary aa, and some , and some
polynomial polynomial xxrr-1-1, with , with r = poly log nr = poly log n, , check if check if (x-a)(x-a)nnxxnn-a (mod -a (mod xxrr-1-1, n), n) time complexity – time complexity – poly(r)poly(r) nn is prime is prime (x-a) (x-a)nnxxnn-a -a (mod x(mod xrr-1, n)-1, n)
nn is composite is composite ???????? (x-a) (x-a)nnxxnn-a -a (mod x(mod xrr-1, -1, n)n)
Not true for some (few) values of Not true for some (few) values of a,ra,r !!
66
Improved IdeaImproved Idea Improved IdeaImproved Idea: Pick : Pick manymany ((poly log npoly log n))
aa’s, ’s, check for check for all of themall of them if: if:
(x-a)(x-a)nnxxnn-a -a (mod x(mod xrr-1, n)-1, n)
Accept if equality holds for all Accept if equality holds for all aa’s’s
77
Some Algebra RemindersSome Algebra Reminders
DefDef:: F Fpp ( (pp is prime) denotes the finite field of is prime) denotes the finite field of pp elements elements {0,1,…,p-1}{0,1,…,p-1}. .
DefDef: : FFpp[x] [x] denotes the ring of polynomials over denotes the ring of polynomials over FFpp..
DefDef: Let : Let f(x)f(x) be a be a kk-degree polynomial.-degree polynomial.
DefDef: : FFpp[x]/f(x) [x]/f(x) denotes the set of denotes the set of k-1k-1-degree polynomials over -degree polynomials over FFpp, with , with addition and multiplication modulo addition and multiplication modulo f(x)f(x)..
ThmThm: If : If f(x)f(x) is irreducible over is irreducible over FFpp, then , then FFpp[x]/f(x) [x]/f(x) the unique field with the unique field with ppk k elements.elements.
88
FFpp[x]/f(x)[x]/f(x) - Addition - Addition Let the polynomial Let the polynomial f(x)f(x) over over FF22 be: be:
Represent polynomials as vectors Represent polynomials as vectors ((k-1k-1 degree polynomial degree polynomial vector of vector of kk coefficient) coefficient)::
AdditionAddition::
3f (x) x 1 3f (x) x 1
2
(x 1)
(x 1)
2
(x 1)
(x 1)
3x 1 (1,0,0,1) 3x 1 (1,0,0,1)
(0,1,1)
(1,0,1)
______
(1,1,0)
(0,1,1)
(1,0,1)
______
(1,1,0)
99
FFpp[x]/f(x)[x]/f(x) - Multiplication - Multiplication
MultiplicationMultiplication:: First, multiply ‘First, multiply ‘modmod pp’:’:
Next, apply Next, apply ’mod’mod f(x)f(x)’:’:
(0,1,1)
(1,0,1)
_____
011
000..
011.....
_____
1111
(0,1,1)
(1,0,1)
_____
011
000..
011.....
_____
1111
2x x2x x
3 2x x x 1 3 2x x x 1
3 2
3
x x x 1
mod
x 1
3 2
3
x x x 1
mod
x 1
2
(x 1)
(x 1)
2
(x 1)
(x 1)
1010
FFpp[x]/f(x)[x]/f(x) - mod f(x) - mod f(x) Example:Example:
In general for f(x) = xIn general for f(x) = xrr-1:-1:
7 3 4 3 4
4 3
x mod.x 1 x x 1 x
x x x 1 x x
7 3 4 3 4
4 3
x mod.x 1 x x 1 x
x x x 1 x x
7 6 5 4 3 27 6 5 3 2 1 04c x c x c x c x c x c x c x c 1 7 6 5 4 3 27 6 5 3 2 1 04c x c x c x c x c x c x c x c 1
22 1 0c' x c' x c' 1 22 1 0c' x c' x c' 1
i j
j i. mod.r
c' c
i jj i. mod.r
c' c
1111
Irreducible Factors of Irreducible Factors of (x(xrr-1)/(x-1)-1)/(x-1)
FactFact: : Consider the polynomial Consider the polynomial (x(xrr-1)/(x--1)/(x-1)1) over over FFpp. . All its irreducible factors are of All its irreducible factors are of degree degree d = deg(h(x))d = deg(h(x))
1212
The AlgorithmThe Algorithm
Input: integer Input: integer nn1.1. Find Find r r O(log O(log66n)n), s.t. , s.t. rr is is specialspecial,,2.2. Let Let l = 2rl = 2r1/21/2log nlog n. . 3.3. Small divisors testSmall divisors test::
For For t=2,…,lt=2,…,l, if , if t|nt|n output output COMPOSITECOMPOSITE
4.4. Power testPower test: : If If nn is a is a power --power -- n=pn=pkk, for , for k>1k>1
output output COMPOSITECOMPOSITE . .5.5. Polynomials testPolynomials test::
For For a =1,…,la =1,…,l, if , if (x-a)(x-a)nn x xnn-a (mod x-a (mod xrr-1, n)-1, n), ,
output output COMPOSITECOMPOSITE . .6.6. Otherwise: output Otherwise: output PRIMEPRIME..
1313
SawSaw: algorithm: algorithm
Yet to be seenYet to be seen:: Special Special r r O(log O(log66n)n) exists (later) exists (later) If If nn is composite then one of the is composite then one of the
tests returns COMPOSITE.tests returns COMPOSITE.
1.1. Find Find r r O(log O(log66n)n), s.t. , s.t. rr is is specialspecial, ,
2.2. Let Let l = 2rl = 2r1/21/2log nlog n. .
3.3. If exists a small ( If exists a small ( < l+1< l+1) divisor, ) divisor, output output COMPOSITECOMPOSITE
4.4. If If nn is a is a power, power, output output COMPOSITECOMPOSITE . .
5.5. For For a = 1,…,la = 1,…,l, if , if (x-a)(x-a)nn x xnn-a -a (mod x(mod xrr-1, n)-1, n), ,
output output COMPOSITECOMPOSITE . .
6.6. Otherwise output Otherwise output PRIMEPRIME..
1414
Correctness Proof Correctness Proof
LemmaLemma: : nn is composite is composite algo returns ‘composite’. algo returns ‘composite’. That is, That is,
If If nn is composite, and is composite, and n n has no divisor has no divisor t t l l, and, and nn is not a (prime) power is not a (prime) power
then then aa[1..l] s.t. (x-a)[1..l] s.t. (x-a)nn xxnn-a -a (mod x(mod xrr-1, n)-1, n)
1.1. Find Find r r O(log O(log66n)n), s.t. , s.t. rr is is specialspecial, ,
2.2. Let Let l = 2rl = 2r1/21/2log nlog n. .
3.3. If exists a small ( If exists a small ( < l+1< l+1) ) divisor, divisor,
output output COMPOSITECOMPOSITE
4.4. If If nn is a is a power, power, output output
COMPOSITECOMPOSITE . .
5.5. For For a = 1,…,la = 1,…,l, if , if (x-a)(x-a)nn xxnn-a -a (mod x(mod xrr-1, n)-1, n), ,
output output COMPOSITECOMPOSITE . .
6.6. Otherwise output Otherwise output PRIMEPRIME..
1515
In the Proof - Using In the Proof - Using pp and and h(x)h(x)
Let Let pp be a prime factor of be a prime factor of nn, and , and let let h(x)h(x) be an irreducible factor of be an irreducible factor of xxrr-1-1, ,
Suffices to show inequality Suffices to show inequality ((mod h(x), mod h(x), pp) ) instead of:instead of: ((mod xmod xrr-1, -1, nn), ), i.e. i.e. aa[1..l] [1..l] s.t. s.t. (x-a)(x-a)nn xxnn-a (-a (mod h(x), pmod h(x), p))
Choose Choose p p and and h(x)h(x) s.t. s.t. q|Oq|Orr(p)(p), and, and deg(h(x)) = Odeg(h(x)) = Orr(p)(p)
Such Such pp exists: exists: q|Oq|Orr(n)(n) and and OOrr(n) = lcm{Or(p(n) = lcm{Or(pii)})}, where , where n=pn=p11pp22…p…pkk..
Such Such h(x)h(x) exists: by previous fact. exists: by previous fact.
1616
ProofProof
Assume by contradiction that Assume by contradiction that nn is is composite, and passes all the tests, composite, and passes all the tests, i.e.i.e. n n has no small factor, andhas no small factor, and nn is not a prime-power, and is not a prime-power, and aa[1..l][1..l] (x-a)(x-a)nn x xnn-a (mod h(x), p)-a (mod h(x), p), ,
For any For any f(x)f(x), which is a multiple of , which is a multiple of polynomials polynomials (x-a)(x-a) (where (where aa[1..l][1..l]),),
f(x)f(x)nn=f(x=f(xnn)).. Example: Example: [(x-a[(x-a11)(x-a)(x-a22)])]nn = (x = (xnn-a-a11)) (x(xnn-a-a22))
1717
ProofProof Therefore, consider the group generated by Therefore, consider the group generated by
{(x-a)}{(x-a)}aa[1..l][1..l]::
Are there other integers Are there other integers mm s.t. s.t. f(x)f(x)G, f(x)G, f(x)mm f(x f(xmm) ) ??
Yes! For example: Yes! For example: pp. . Any others?Any others? Let Let I = I = {{ m m || ffG, f(x)G, f(x)mm f(x f(xmm) ) }.}. LemmaLemma: : II is is multiplicativemultiplicative, i.e. , i.e. u,vu,vII uv uvII.. Hence, in particular Hence, in particular {n{niippjj : 0 ≤ i,j ≤ r : 0 ≤ i,j ≤ r1/21/2} } I I.. Therefore, Therefore,
aia p
1 a l
G (x a) | i 0 F [x]/ h(x)
ai
a p1 a l
G (x a) | i 0 F [x]/ h(x)
2 rI n r 2 rI n r
1818
Proof – Proof – II[|G|][|G|] is large is large LemmaLemma:: ProofProof: :
Consider all polynomials of degree Consider all polynomials of degree < d< d..They are all distinct in They are all distinct in FFpp[x]/h(x)[x]/h(x). . ThereforeTherefore
Hence,Hence,
However, we next show that However, we next show that
2 rG n 2 rG n
l
dlG
1
l
dlG
1
I G r I G r
I G r I G r
dd is big: is big: q|q|OOrr(p)=d(p)=d.
1919
Proof – Proof – II[|G|][|G|] is small is small LemmaLemma: Let: Let m1, m2m1, m2 I I, then, then
m1 m1 m2 (mod |G|) m2 (mod |G|) m1 m1 m2 (mod r) m2 (mod r) ProofProof: Let : Let g(x) g(x) be a generator of be a generator of GG. .
Let Let m2=m1+krm2=m1+kr..
(*) (*) m1m1m2 (mod r)m2 (mod r), then , then xxm1m1xxm2m2 (mod (mod h(x)) h(x)) (as (as xxrr 1 (mod h(x)) 1 (mod h(x))))
ContradictionContradiction! !
kr m2(*) m1 m1m2 m1 kr m1kr kr
g x g xg x g x g x g x g x
g x g x
kr m2(*) m1 m1m2 m1 kr m1kr kr
g x g xg x g x g x g x g x
g x g x
krg x 1.(mod.h(x),p) krg x 1.(mod.h(x),p)
kr 0. mod. G kr 0. mod. G
2020
Proof SummaryProof Summary We saw that We saw that II[|G|][|G|] is small is small
(unconditionally, using properties of (unconditionally, using properties of xxrr-1-1),), However, if However, if nn is is
compositecomposite and and not a prime powernot a prime power, , then then passing the polynomials testpassing the polynomials test ( (i.e.i.e. nnII) implies that ) implies that II[|G|][|G|] is large. is large.(using properties of the special (using properties of the special rr and of and of xxrr--11))
Therefore, the polynomials test must Therefore, the polynomials test must return ‘composite’.return ‘composite’.
2121
Back to Special NumbersBack to Special Numbers RecallRecall: : rr is is specialspecial with respect to with respect to n n if: if:
1.1. rr is is primeprime,,
2.2. r-1r-1 has a large prime factor has a large prime factor q = q = (r(r2/32/3) ) , and , and
3.3. q|Oq|Orr(n)(n)..
We next show that Special We next show that Special r r O(logO(log66n)n) exists. exists.
2222
1.1. Find Find r r O(log O(log66n)n), s.t. , s.t. rr is is specialspecial, ,
2.2. Let Let l = 2rl = 2r1/21/2log nlog n. .
3.3. If exists a small ( If exists a small ( < l+1< l+1) ) divisor, divisor,
output output COMPOSITECOMPOSITE
4.4. If If nn is a is a power, power, output output COMPOSITECOMPOSITE . .
5.5. For For a = 1,…,la = 1,…,l, if , if (x-a)(x-a)nn x xnn-a -a (mod x(mod xrr-1, n)-1, n), ,
output output COMPOSITECOMPOSITE . .
6.6. Otherwise output Otherwise output PRIMEPRIME..
Finding Special rFinding Special rElaborating on step (1):Elaborating on step (1):
1.1. while while r < c logr < c log66nn1.1. if if rr is prime is prime2.2. let let qq be the largest be the largest
prime factor of prime factor of r-1r-13.3. if (if (qq4r4r1/21/2log nlog n) and () and (nn(r-1)/q (r-1)/q 1 (mod r) 1 (mod r)))
break;break;4.4. rrr+1r+1
ComplexityComplexity: : O(logO(log66n)n) iterations, each taking: iterations, each taking: O(rO(r1/21/2 poly log r) poly log r), hence total , hence total poly log npoly log n..
•when ‘break’ is when ‘break’ is reached: reached: rr is prime, is prime, qq is large, and is large, and q|Oq|Orr(n)(n)
2323
Special Special r r O(log O(log66n)n) existsexists
Consider interval Consider interval [[....]], , ,,=O(log=O(log66n)n).. Numbers with properties (1) and (2) are Numbers with properties (1) and (2) are
dense in dense in [[....]] immediate from density bounds for numbers with these immediate from density bounds for numbers with these
properties and for primes.properties and for primes.
For many primes For many primes rr[[....]], property (3) holds. , property (3) holds. For many For many rr’s ’s OOrr(n) > (n) > 1/31/3: :
OOrr(n) < (n) < 1/31/3 r | r | =(n-1)(n=(n-1)(n22-1)...(n^-1)...(n^1/31/3-1)-1). However, . However, has has no more than no more than 2/32/3log n log n prime divisors.prime divisors.
Moreover, Moreover, OOrr(n) > (n) > 1/31/3 q | O q | Orr(n)(n): : ifif q q doesn’t divide O Orr(n)(n), then , then nn(r-1)/q(r-1)/q 1 1, therefore , therefore OOrr(n) (n) (r-1)/q(r-1)/q. However. However (r-1)/q(r-1)/q < 1/31/3 -- a contradiction. -- a contradiction. (here we utilize again the fact that (here we utilize again the fact that qq is large) is large)..
Hence, by Hence, by counting argumentcounting argument, exists a , exists a special special rr[[....]]..
RecallRecall: : rr is is specialspecial with with respect to respect to n n if: if: 1.1. rr is is primeprime,,2.2. q = q = (r(r2/32/3) )
prime factorprime factor of r-1r-1, ,
3.3. q|Or(n)q|Or(n). .
2525
Proof - G is large, Cont.Proof - G is large, Cont.
Hence, Hence,
PropProp: : d d 2l 2l
ProofProof: Recall : Recall d=Od=Orr(p)(p) and and q|Oq|Orr(p)(p), , hence hence d d q q 2l 2l (recall (recall qq4r4r1/21/2log nlog n, , l=2rl=2r1/21/2log nlog n))
HenceHence
l d 1G S
l
l d 1G S
l
rl nG 22 rl nG 22
This is the reason This is the reason for seeking a for seeking a large large qq s.t. s.t. q|q|OOrr(n)(n)
2727
Algebraic Background – Algebraic Background – Extension FieldExtension Field
DefDef: Consider fields : Consider fields FF, , EE. . EE is an is an extension extension of of FF, if , if FF is a is a subfieldsubfield of of EE. .
DefDef: : Galois fieldGalois field GF(pGF(pkk) ) ((pp prime) prime) is the is the uniqueunique (up to isomorphism) finite (up to isomorphism) finite field containing field containing ppkk elements. elements. (The cardinality of any finite fields is a prime-(The cardinality of any finite fields is a prime-power.)power.)
DefDef: A polynomial : A polynomial f(x)f(x) is called is called irreducibleirreducible in in GF(p)GF(p) if it does not if it does not factor over factor over GF(p)GF(p)
2828
Multiplicative GroupMultiplicative Group
DefDef: : GFGF**(p(pkk)) is the multiplicative is the multiplicative group of the Galois Field group of the Galois Field GF(pGF(pkk)), , that is, that is, GFGF**(p(pkk) = GF(p) = GF(pkk)\{0})\{0}..
ThmThm:: GF GF**(p(pkk)) is cyclic, is cyclic, thus it has a generator thus it has a generator gg::
i k * kg x | 0 i p GF p i k * kg x | 0 i p GF p
2929
FFpp[x]/f(x)[x]/f(x) - Example - Example
Let the irreducible polynomial Let the irreducible polynomial f(x)f(x) be: be:
Represent polynomials as vectors Represent polynomials as vectors ((k-1k-1 degree polynomial degree polynomial vector of vector of kk coefficient) coefficient)::
AdditionAddition::
1)( 234 xxxxxf 1)( 234 xxxxxf
)1(
)1(23
34
xxx
xxx
)1(
)1(23
34
xxx
xxx
)1,1,1,1,1(1)( 234 xxxxxf )1,1,1,1,1(1)( 234 xxxxxf
)0,0,1,0,1(
________
)1,1,1,1,0(
)1,1,0,1,1(
)0,0,1,0,1(
________
)1,1,1,1,0(
)1,1,0,1,1(
3030
FFpp[x]/f(x)[x]/f(x) - Example - Example
MultiplicationMultiplication:: First, multiply ‘First, multiply ‘modmod pp’:’:
Next, apply Next, apply ’mod’mod f(x)f(x)’:’:
)1(
)1(3
34
xx
xxx
)1(
)1(3
34
xx
xxx
11110101
_________
___11011
__00000
_11011
11011
_________
)1,1,0,1,0(
)1,1,0,1,1(
11110101
_________
___11011
__00000
_11011
11011
_________
)1,1,0,1,0(
)1,1,0,1,1(
3 2x x 1 3 2x x 1
124567 xxxxx 124567 xxxxx
1
mod
1
234
24567
xxxx
xxxxx
1
mod
1
234
24567
xxxx
xxxxx