primes is in p manindra agrawal nus singapore / iit kanpur
TRANSCRIPT
![Page 1: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/1.jpg)
PRIMES is in P
Manindra AgrawalNUS Singapore / IIT Kanpur
![Page 2: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/2.jpg)
The Problem
Given number n, test if it is prime efficiently.
Efficiently = in time a polynomial in number of digits
= (log n)c for some constant c
![Page 3: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/3.jpg)
The Trial Division Method
Try dividing by all numbers up to n1/2.
– takes exponential time: (n1/2).– Also produces a factor of n when it is
composite.
![Page 4: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/4.jpg)
A Possible Approach
Find a characterization of prime numbers that is efficiently verifiable
• Many characterizations of primes have been obtained over centuries.
• But none were provably efficient until recently.
![Page 5: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/5.jpg)
Wilson’s Characterization (18th century)
n is prime iff
(n-1)! = -1 (mod n)
• Requires O(n) operations
![Page 6: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/6.jpg)
Fermat’s Little Theorem (17th century)n is prime
implies for any a:
an = a (mod n).
It is easy to check:Compute a2, square it to a4, square it to a8, …Needs only O(log n) multiplications.
![Page 7: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/7.jpg)
An Efficient but Wrong Characterization
n is prime iff
for 0 < a < 4 log2n: an = a (mod n)
– Requires only O(log3n) multiplications and divisions.
– Fails on Carmichael numbers, e.g., 561 = 3 * 11 * 17.
![Page 8: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/8.jpg)
Lucas’ Characterization (1891)
n is prime iff
for every prime divisor q of n-1: there is an 1 < a < n such that
an-1 = 1 (mod n) and gcd(a(n-1)/q – 1, n) = 1
– Based on FLT– It is inefficient: requires factorization of n-1
![Page 9: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/9.jpg)
An NP coNP Algorithm
• A trivial algorithm shows that the set is in coNP: given a factor of n it is easy to verify that n is composite.
• [Pratt, 1974] Lucas’ characterization yields an NP algorithm: guess a prime factorization of n-1; recursively verify its correctness; and guess an a with required properties.
![Page 10: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/10.jpg)
Miller’s (unproven) Characterization (1975)
n = 1 + 2t * s is odd prime iff
for 0 < a < 4 log2n: either as = 1 (mod n)
or a2k*s = -1 (mod n) for some 0 ≤ k < t
![Page 11: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/11.jpg)
Yields an Efficient Algorithm
• Based on FLT• Yields an efficient algorithm:
O(log4n) steps• It is correct assuming Generalized
Riemann Hypothesis
![Page 12: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/12.jpg)
coRP Algorithms
• [1974] Solovay-Strassen gave the first unconditional but randomized polynomial time algorithm.– This algorithm might give a wrong
answer with a small probability when n is composite.
• [1975] Rabin modified Miller’s characterization to obtain another algorithm with similar properties.
![Page 13: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/13.jpg)
An Almost Efficient Characterization
• [1983] Adleman, Pomerance, and Rumely gave a (rather complicated) characterization that yields a deterministic algorithm running in time (log n)c log log log n.
![Page 14: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/14.jpg)
An Efficient Chracterization
[2002] A., Kayal, Saxena gave the
first deterministically verifiable efficient characterization.
![Page 15: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/15.jpg)
Proof:
If n is prime then all coefficients are divisible by n.
If n is composite then at least one is not.
Starting Point: A Polynomial based Characterization
n is prime iff
(X + 1)n = Xn + 1 (mod n)
jn
j
nn Xj
nXX
1
1
1)1(
![Page 16: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/16.jpg)
• A generalization of FLT to polynomials.
• Simple and elegant.• Inefficient: although requires only
O(log n) polynomial multiplications, intermediate polynomials are of large degree.
![Page 17: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/17.jpg)
A Way to Reduce Space
• Test the equation modulo Xr - 1 for a small r.
• Or, more generally, test if(X + a)n = Xn + a (mod n, Xr - 1)
For a few a’s and a few small r’s.
![Page 18: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/18.jpg)
It Almost Works
n is prime iff
for any r such that Or(n) > 4 log2n:
n has no divisor smaller than min(n,r) and
for every a, 1 ≤ a ≤ 2 √r log n:(X + a)n = Xn + a (mod n, Xr – 1)
Or(n) = smallest k with nk = 1 (mod r).
![Page 19: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/19.jpg)
The Algorithm
Input n.1. Find the smallest number r such that
Or(n) > 4 (log n)2.2. If any number < r divides n, output
PRIME/COMPOSITE appropriately.3. For every a 2r log n:
– If (X+a)n Xn + a (mod n, Xr – 1) then output COMPOSITE.
4. Output PRIME.
![Page 20: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/20.jpg)
Correctness: Non-trivial Part
Assume:
• r is given such that Or(n) > 4(log n)2.
• Smallest prime dividing n is at least min(n,r).
• (X+a)n = Xn + a (mod n, Xr-1) for 0 < a 2r log n.
![Page 21: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/21.jpg)
• Fix a prime p dividing n with p r and Or(p) > 1.
• Clearly, (X+a)n = Xn + a (mod p, Xr-1) too for 0 < a 2r log n.
• And of course, (X+a)p = Xp + a (mod p, Xr-1) (according to previous prime characterization)
![Page 22: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/22.jpg)
Introspective Numbers
• We call any number m such that g(X)m = g(Xm) (mod p, Xr-1) an introspective number for g(X).
• So, p and n are introspective numbers for X+a for 0 < a 2r log n.
![Page 23: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/23.jpg)
Introspective Numbers Are Closed Under *
Lemma: If s and t are introspective for g(X), so is s * t.
Proof:g(X)st = g(Xs)t (mod p, Xr – 1),
and
g(Xs)t = g(Xst) (mod p, Xsr – 1)
= g(Xst) (mod p, Xr – 1).
![Page 24: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/24.jpg)
So There Are Lots of Them
• Let I = { ni * pj | i, j 0}.
• Every m in I is introspective for X+a for 0 < a 2r log n.
![Page 25: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/25.jpg)
Introspective Numbers Are Also For Products
Lemma: If m is introspective for both g(X) and h(X), then it is also for g(X) * h(X).
Proof:(g(X) * h(X))m = g(X)m * h(X)m
= g(Xm) * h(Xm) (mod p, Xr-1)
![Page 26: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/26.jpg)
So Introspective Numbers Are For Lots of
Polynomials
• Let Q = { a=1, 2r logn (X + a)ea | ea
0}.
• Every m in I is introspective for every g(X) in Q.
![Page 27: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/27.jpg)
Finite Fields Facts
• Let h(X) be an irreducible divisor of rth cyclotomic polynomial Cr(X) in the ring Fp[X]:
– Cr(X) divides Xr-1.
– Polynomials modulo p and h(X) form a field, say F.
– Xi Xj in F for 0 i j < r.
![Page 28: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/28.jpg)
Moving to Field F
• Since h(X) divides Xr-1, equations for introspective numbers continue to hold in F.
• We now argue over F.
![Page 29: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/29.jpg)
Two Sets in Field F
• Let G = { Xm | m I }.– Every element of G is an rth root of
unity.– t = |G| Or(n) > 4 log2n.
• Let H = { g(X) (mod p, h(X)) | g(X) Q }.– H is a multiplicative group in F.
![Page 30: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/30.jpg)
H is large …
• Let Qt be set of all polynomials in Q of degree < t.
Lemma: There are > n2t distinct polynomials in Qt:– Consider all products of X+a’s of degee < t.– There are > > n2t of these
(since r > t and t > 2 log n).
1log2
1log2
nr
nrt
nt
nt
log2
log4
![Page 31: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/31.jpg)
… because Qt injects into F
• Let f(X), g(X) in Qt with f(X) g(X).
• Suppose f(X) = g(X) in F. Then:• For every Xm in G, f(Xm) = f(X)m = g(X)m =
g(Xm) in F.• So polynomial P(z) = f(z) – g(z) has |G| =
t roots in F.• Contradiction, since P(z) 0 and degree
of P(z) is < t.
![Page 32: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/32.jpg)
… implies that I has few small numbers
• Let m1, m2, …, mk be numbers in I n2t.
• Suppose k > t.
• Then, there exist mi and mj, mi > mj, such that
Xmi = Xmj (in F)
I: set of introspective numbers F = Fp[X]/(h(X)), h(X) | Xr-1
Q: set of introspective polynomials G = XI H = Q (mod h(X))
![Page 33: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/33.jpg)
• Let g(X) be any element of H. • Then:
g(X)mi = g(Xmi) = g(Xmj) = g(X)mj (in F)
• Therefore, g(X) is a root of the polynomial P(z) = zmi – zmj in the field F.
I: set of introspective numbers F = Fp[X]/(h(X)), h(X) | Xr-1
Q: set of introspective polynomials G = XI H = Q (mod h(X))
![Page 34: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/34.jpg)
• Since H has more than n2t elements in F, P(Y) has more than n2t roots in F.
• Contradiction, since P(z) 0 and degree of P(z) = mi n2t.
I: set of introspective numbers F = Fp[X]/(h(X)), h(X) | Xr-1
Q: set of introspective polynomials G = XI H = Q (mod h(X))
![Page 35: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/35.jpg)
t = Or(n,p) F = Fp[X]/(h(X)), h(X) | Xr-1
I: set of introspective numbers Qlow: polynomials of deg < t
… so n must be a prime power!
• Consider numbers na * pb with 0 a, b t.
• Each such number is n2t (“small”).• So there are t (“few”) such numbers.• This gives a, b, c, d with
(a,b) (c,d) and na * pb = nc * pd
• Therefore, n = pe for some e > 0.
I: set of introspective numbers F = Fp[X]/(h(X)), h(X) | Xr-1
Q: set of introspective polynomials G = XI H = Q (mod h(X))
![Page 36: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/36.jpg)
This forces n to be prime
Lemma [Hendrik Lenstra Jr.,1983]: If an = a (mod n) for 1 ≤ a ≤ 4 log2n then n is square-free.
Since (X+a)n = Xn + a (mod n, Xr-1) for 0 < a 2r log
n, we have
an = a (mod n) for 0 < a 4 log2n,(as r > 4 log2n). So n must be square-free.
![Page 37: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/37.jpg)
The Choice of r
• We need r such that Or(n) > 4 (log n)2.• Any r such that Or(n) 4 (log n)2 must
dividek=1, 4 log2n
(nk-1) < n16 log4n = 216 log5n.
• By Chebyshev’s prime density estimates the lcm of first m numbers is at least 2m (for m > 7).
• Therefore, there must exist an r that we desire 16 (log n)5 + 1.
![Page 38: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/38.jpg)
Time Complexity
• Step 3 dominates running time.– It needs to verify O(r log n)
equations.– Each equation needs O~(r log2n) time
to verify.
• So time complexity is O~(r1.5 log3n) = O~(log10.5n).
![Page 39: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/39.jpg)
•Using a result of Fouvry, one can show that r = O(log3n) is enough.
•The result shows that primes r such that r-1 has a large prime divisor have high density.
•This brings time complexity down to O~(log7.5n).
![Page 40: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/40.jpg)
A Cleaner Characterization
• The characterization is a bit messy.• Three different conditions need to hold:
– r needs to be such that Or(n) > 4 (log n)2 – No prime divisor of n is smaller than min(n,r)– For every a, 1 ≤ a ≤ √r log n:
(X + a)n = Xn + a (mod n, Xr – 1)
• Can these be combined into a single equation?
![Page 41: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/41.jpg)
Yes!
Use the equation
(X + 1)n = Xn + 1 (mod n, Q(X))
for appropriate small dgree Q(X).
![Page 42: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/42.jpg)
Eliminating Condition on r
Try for all r ≤ 16 log5n!
![Page 43: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/43.jpg)
Eliminating Small Divisors
Lemma: If (X + 1)n = Xn + 1 (mod n, Xr) then n has no divisor less then min(n,r).
Proof: If prime p < min(n,r) divides n, then (X + 1)n = 1 + n/p Xp + … (mod n, Xr) 1 (mod n, Xr).
![Page 44: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/44.jpg)
Eliminating Multiple Equations
Lemma: (X + 1)n = Xn + 1 (mod n, Q(X-a)) for 0 < a ≤ B iff(X + a)n = Xn + a (mod n, Q(X)) for 1 < a ≤ B+1.
Proof: Assume for B-1. Then:(X + 1)n = Xn + 1 (mod n, Q(X-B)) iff(X+B+1)n = (X+B)n + 1 (mod n, Q(X)) iff(X+B+1)n = Xn + B + 1 (mod n, Q(X))
![Page 45: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/45.jpg)
Putting These Together …
n is primeiff
(X + 1)n = Xn + 1 (mod n, Q(X))where
• Degree of Q(X) is O(log27/2n).
n
r
nr
a
rn aXXXQ5
5log16
1
log2
1
log16 )1)((*)(
![Page 46: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/46.jpg)
Further work
• [Lenstra-Pomerance,2003]: r = O(log2n) is enough with a different polynomial of degree r than Xr-1.– This improves time complexity to O~(log6n).
• [Berrizbeitia-Bernstein,2003]: Randomized primality proving algorithm with time complexity O~(log4n).
![Page 47: PRIMES is in P Manindra Agrawal NUS Singapore / IIT Kanpur](https://reader030.vdocuments.net/reader030/viewer/2022032607/56649ed55503460f94be5c3f/html5/thumbnails/47.jpg)
Further Improvement?
• Conjecture: n is prime
iff n is not a prime power,
n 1 (mod r) for some prime r > log n,and (X-1)n = Xn –1 (mod n, Xr – 1)
• Yields a O~(log3n) time algorithm.