PRI MES is in P Manindra Agrawal Neeraj Kayal Nit in Saxena Dept - - PowerPoint PPT Presentation

PRI MES is in P

Manindra Agrawal Neeraj Kayal Nit in Saxena Dept of CSE, I I T Kanpur

The Problem

• Given number n, t est if it is prime

ef f icient ly. Ef f icient ly = in t ime a polynomial in number of digit s = (log n)c f or some const ant c PRI MES = set of all prime numbers

The Trial Division Met hod

Try dividing by all numbers up t o n1/ 2.

– Already known since ~230 BC (Sieve of Erat ost henes) – t akes exponent ial t ime: Ω(n1/ 2). – Also produces a f act or of n when it is composit e.

Fermat ’s Lit t le Theorem

if n is prime t hen f or any a: an = a (mod n).

• I t is easy t o check:

– Comput e a2, squar e it t o a4, square it t o a8, … – Needs only O(log n) mult iplicat ions.

A Pot ent ial Test

• For a “f ew” a’s t est if an = a (mod n);
• if yes, out put PRI ME else out put

COMPOSI TE.

– This f ails! – For n = 561 = 3 * 11 * 17, all a’s sat isf y t he equat ion!!

PRI MES in NP ∩ coNP

• A t rivial algorit hm shows t hat t he

problem is in coNP: guess a f act or of n and verif y it .

• I n 1974, Vaughan Prat t designed an

NP algorit hm f or t est ing primalit y.

PRI MES in P (condit ionally)

• I n 1973, Miller designed a t est based
• n Fermat ’s Lit t le Theorem:

– I t was ef f icient : O(log4 n) st eps – I t was correct assuming Ext ended Riemann Hypot hesis.

PRI MES in coRP

• Soon af t er, Rabin modif ied Miller’s

algorit hm t o obt ain an uncondit ional but randomized polynomial t ime algorit hm.

– This algorit hm might give a wrong answer wit h a small probabilit y when n is composit e.

• Solovay-St rassen gave anot her

algorit hm wit h similar propert ies.

PRI MES in P (almost )

• I n 1983, Adleman, Pomerance, and

Rumely gave a det erminist ic algorit hm running in t ime (log n)c log log log n.

PRI MES in RP

• I n 1986, Goldwasser and Kilian gave a

randomized algorit hm t hat

– works almost always in polynomial t ime – errs only on primes.

• I n 1992, Adleman and Huang improved

t his t o an algorit hm t hat is always polynomial t ime.

Our Cont ribut ion

We provide t he f irst det erminist ic and uncondit ional polynomial-t ime algorit hm f or primalit y t est ing.

Main I dea

• Generalize Fermat ’s Lit t le Theorem:

– Ring Zn do not seem t o have nice st ruct ure t o exploit . – So ext end t he ring t o a larger ring in t he hope f or more st ruct ure.

• Consider polynomials modulo n and

Xr – 1, or t he ring Zn[X]/ (Xr-1).

Generalized FLT

I f n is prime t hen f or any a: (X + a)n = Xn + a (mod n, Xr-1).

• Pot ent ial t est : f or a “small” r and a

“f ew” a’s, t est t he above equat ion.

I t Works (Almost )!

• We prove:

I f (X + a)n = Xn + a (mod n, Xr-1) f or every 0 < a <2 √r log n and f or suit ably chosen “small” r t hen n is a prime power

The Algorit hm

• I nput n.
• 1. Out put COMPOSI TE if n = mk, k >

1.

• 2. Find t he smallest number r such t hat

Or(n) > 4 (log n)2.

• 3. I f any number <

r divides n, out put PRI ME/ COMPOSI TE appropriat ely.

• 4. For ever y a ≤ 2 √r log n:

– I f (X+a)n ≠ Xn + a (mod n, Xr – 1) t hen out put COMPOSI TE.

• 5. Out put PRI ME.

Or(n) = order of n modulo r.

Correct ness

• I f t he algorit hm out put s COMPOSI TE, n

must be composit e:

– COMPOSI TE in st ep 1 ⇒ n = mk, k > 1. – COMPOSI TE in st ep 3 ⇒ a number < r divides n. – COMPOSI TE in st ep 4 ⇒ (X+a)n ≠ Xn + a (mod n, Xr-1) f or some a.

• I f t he algorit hm out put s PRI ME in st ep 3,

n is a prime number < r.

When Algorit hm Out put s PRI ME in St ep 5

• Then (X+a)n = Xn + a (mod n, Xr-1) f or

0 < a ≤ 2 √r log n.

• Let prime p | n.
• Clearly, (X+a)n = Xn + a (mod p, Xr-1)

t oo f or 0 < a ≤ 2 √r log n.

• And of course, (X+a)p = Xp + a (mod p,

Xr-1) (according t o generalized FLT)

I nt rospect ive Numbers

• We call any number m such t hat g(X)m

= g(Xm) (mod p, Xr-1) an int rospect ive number f or g(X).

• So, 1, p and n are int rospect ive

numbers f or X+a f or 0 < a ≤ 2 √r log n.

I nt rospect ive Numbers Are Closed Under *

Lemma: I f s and t are int rospect ive f or g(X), so is s * t . Proof : g(X)st = g(Xs)t (mod p, Xr – 1), and

g(Xs)t = g(Xst) (mod p, Xsr – 1)

= g(Xst) (mod p, Xr – 1).

So There Are Lot s of Them!

• Let I = { ni * pj | i, j ≥ 0}.
• Every m in I is int rospect ive f or X+a

f or 0 < a ≤ 2 √r log n.

I nt rospect ive Numbers Are Also For Product s

Lemma: I f m is int rospect ive f or bot h g(X) and h(X), t hen it is also f or g(X) * h(X). Proof : (g(X) * h(X))m = g(X)m * h(X)m = g(Xm) * h(Xm) (mod p, Xr-1)

So I nt rospect ive Numbers Are For Lot s of Product s!

• Let Q = { ∏a=1, 2√r logn (X + a)ea | ea ≥ 0}.
• Every m in I is int rospect ive f or

every g(X) in Q!

• So t here are lot s of int rospect ive

numbers f or lot s of polynomials.

More Specif ically …

• Let t = Or(n,p) ≥ Or(n) >

4 (log n)2.

• There ar e >

t int rospect ive numbers in I , wit h each such number ≤ n2√t:

– Consider all numbers ni * pj f or 0 ≤ i,j ≤ √t .

• There ar e >n2√t polynomials in Q of degree

< t :

– Consider all dist inct product s of subset s of X+a and use t he f act t hat t > 4 (log n)2.

That is I mpossible!

• We can prove t hat it is not possible…
• So eit her:

There are > t int rospect ive numbers in I , wit h each such number ≤ n2√t

Two of t hese numbers are equal

• Or:

There are >n2√t polynomials in Q of degree < t

Two of t hese polynomials are equal

• But t wo dif f erent polynomials can not

be equal.

• So ni * pj = nk * pl f or some i, j , k, and

l.

• This implies n = pa f or some a.

Finit e Fields Fact s

• Let h(X) be an irreducible divisor of

r t h cyclot omic polynomial Q r(X) in t he Fp[X]:

– Qr(X) divides Xr-1. – Polynomials modulo p and h(X) f orm a f ield, say F. – Xi ≠ Xj in F f or 0 ≤ i ≠ j < r.

A Fundament al Propert y of Fields

• For any f ield F and any polynomial

P(Y) of degree k over F, P(Y) has at most k root s in F.

Moving t o Field F

• Since h(X) divides Xr-1, equat ions f or

int rospect ive numbers cont inue t o hold in F.

• We now argue over F.

Q has a large image in F

• Q has more t han n2√t polynomials of

degree < t .

• All t hese polynomials are dist inct in F:

– Let f (X) and g(X) be t wo such polys. – I f f (X) = g(X) in t he f ield F t hen

• For every m in I , f (Xm) = f (X)m = g(X)m =

g(Xm) in F.

• So polynomial P(Y) = f (Y) – g(Y) has t root s.
• Cont radict ion since degree of P(Y) is <

t .

I mpossibilit y Proof

• There must be i, j , k, l such t hat

ni * pj (= s) = nk * pl (= s’) (mod r)

– Because Or(n,p) = t and t here are > t such product s.

• Let g(X) be any polynomial in Q.
• Then modulo (p, Xr-1):

g(X)s = g(Xs)

[since s is int rospect ive]

= g(Xs’)

[since s = s’ (mod r)]

= g(X)s’ [since s’ is int rospect ive]

I mpossibilit y Proof Cont d.

• Theref ore, g(X) is a root of t he

polynomial P(Y) = Ys – Ys’ in t he f ield F.

• Since s ≠ s’, it will have at most

max{s,s’} ≤ n2√t root s in F.

• Cont radict ion since Q has more t han

n2√t polynomials in t he f ield F.

The Choice of r

• We need r such t hat Or(n) >

4 (log n)2.

• Any r such t hat Or(n) ≤ 4 (log n)2 must

divide

∏k=1, 4 log2n (nk-1) < n16 log4n = 216 log5n.

• LCM of f ir st m numbers is at least 2m (f or

m > 7).

• Theref ore, t here must exist an r t hat we

desire ≤ 16 (log n)5 + 1.

Remarks

• Our algorit hm is impract ical – it s

running t ime is O~(log10.5n) provably and O~(log6n) heurist ically.

• To make it pract ical, one needs t o

bring t he exponent down t o 4 or less.

• As of now, best known running t ime is

O~(log6n).

Furt her I mprovement ?

• Conj ect ure: I f n2 ≠ 1 (mod r) and (X-

1)n = Xn –1 (mod n, Xr – 1) t hen n must be a prime power.

• Yields a O~(log3n) t ime algorit hm.